Archief - Spyware

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
n

noreeeee

Legacy Member
Ik weet dat er een sticky overbestaat
en die heb ik helemaal gelezen maar bon
mijn vraag is of eigenlijk I NEED HELP :help: is
Ik heb spybot search en destroy geinstalleerd en gebruikt
net zoals adaware die heb ik dus ook geinstalleerd en gebruikt
adaware vindt iets van een 430 problemen " kritieke gevallen" die ik allemaal verwijder. Spybot vindt iets van een 60 problemen die ik verwijder.
Ik verander mijn startpagina en start internet teerug op. Alles goed en wel ik sluit mijn pc af en, ineens komt er hardcore teen sex op met nog duizende andere spyware-popup gevallen. Wat moet ik doen plz mijn vader vindt het niet echt grappig :eek: Verwijs me alstublief niet door naar de sticky die heb ik al 20 keer gelezen
n

noreeeee

Legacy Member
Logfile of HijackThis v1.97.7
Scan saved at 16:49:23, on 13/11/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\JAVAHD.EXE
C:\WINDOWS\APIOG32.EXE
C:\WINDOWS\SYSTEM\SDKWK.EXE
C:\WINDOWS\SYSNI32.EXE
C:\WINDOWS\SYSTEM\CRSC32.EXE
C:\WINDOWS\SYSTEM\JAVADQ32.EXE
C:\WINDOWS\IPMD.EXE
C:\WINDOWS\SYSTEM\IEYQ32.EXE
C:\WINDOWS\NTRB.EXE
C:\WINDOWS\SDKSK.EXE
C:\WINDOWS\SYSPJ.EXE
C:\WINDOWS\SYSTEM\SDKGU.EXE
C:\WINDOWS\SYSTEM\IPFN.EXE
C:\WINDOWS\SYSTEM\D3TD.EXE
C:\WINDOWS\IESD32.EXE
C:\WINDOWS\MSAG32.EXE
C:\WINDOWS\D3PY32.EXE
C:\WINDOWS\SYSTEM\SYSJX32.EXE
C:\WINDOWS\SYSWE.EXE
C:\WINDOWS\SYSTEM\NETPQ.EXE
C:\WINDOWS\SYSTEM\NTHW32.EXE
C:\WINDOWS\SYSTEM\SDKBF32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\ADDOE32.EXE
C:\WINDOWS\SYSTEM\JAVABV.EXE
C:\WINDOWS\APIUC32.EXE
C:\WINDOWS\SYSTEM\WINWY.EXE
C:\WINDOWS\IPQU32.EXE
C:\WINDOWS\SYSTEM\APPLP32.EXE
C:\WINDOWS\SYSTEM\APPGY32.EXE
C:\WINDOWS\SYSTEM\APPRG.EXE
C:\WINDOWS\SYSTEM\D3AN32.EXE
C:\WINDOWS\NETBE.EXE
C:\WINDOWS\SYSTEM\D3UY32.EXE
C:\WINDOWS\SYSTEM\APPFV.EXE
C:\WINDOWS\WINMR.EXE
C:\WINDOWS\SYSTEM\CRMV.EXE
C:\WINDOWS\SYSTEM\CROM32.EXE
C:\WINDOWS\SDKNP32.EXE
C:\WINDOWS\IPPV32.EXE
C:\WINDOWS\APIPV32.EXE
C:\WINDOWS\SYSTEM\JAVAMM.EXE
C:\WINDOWS\APIBQ32.EXE
C:\WINDOWS\SYSTEM\IEEN.EXE
C:\WINDOWS\SYSTEM\CRTX32.EXE
C:\WINDOWS\WINET.EXE
C:\WINDOWS\SYSTEM\ADDLT.EXE
C:\WINDOWS\NETKJ.EXE
C:\WINDOWS\APPYH.EXE
C:\WINDOWS\ADDYD.EXE
C:\WINDOWS\MFCDB.EXE
C:\WINDOWS\D3BL32.EXE
C:\WINDOWS\SYSTEM\IPBU32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\NORMAN\WIN95\CLAW95.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\TWINK64.EXE
C:\WINDOWS\SYSTEM\TTXJRCT.EXE
C:\WINDOWS\SYSTEM\SYSOR.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSNI32.EXE
C:\WINDOWS\SYSTEM\IEEN.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
C:\WINDOWS\MFCDB.EXE
C:\WINDOWS\MFCDB.EXE
C:\DOWNLOADS\SOFTWARE\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\nzyyu.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nzyyu.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\nzyyu.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\nzyyu.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nzyyu.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\nzyyu.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\nzyyu.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://google.be/
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O2 - BHO: (no name) - {0ABD81BD-F94C-3BFC-5699-13A2D49E5844} - C:\WINDOWS\D3WC.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Cat's Claw] C:\NORMAN\WIN95\Claw95.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [Windows AdControl] C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADCTL.EXE
O4 - HKLM\..\Run: [mdvturuqtdec] C:\WINDOWS\SYSTEM\ttxjrct.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [SYSOR.EXE] C:\WINDOWS\SYSTEM\SYSOR.EXE
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\SYSTEM\Kernel.dll
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [SDKWK.EXE] C:\WINDOWS\SYSTEM\SDKWK.EXE
O4 - HKLM\..\RunServices: [CRSC32.EXE] C:\WINDOWS\SYSTEM\CRSC32.EXE
O4 - HKLM\..\RunServices: [JAVADQ32.EXE] C:\WINDOWS\SYSTEM\JAVADQ32.EXE
O4 - HKLM\..\RunServices: [APIOG32.EXE] C:\WINDOWS\APIOG32.EXE
O4 - HKLM\..\RunServices: [JAVAHD.EXE] C:\WINDOWS\SYSTEM\JAVAHD.EXE
O4 - HKLM\..\RunServices: [SYSNI32.EXE] C:\WINDOWS\SYSNI32.EXE
O4 - HKLM\..\RunServices: [SDKSK.EXE] C:\WINDOWS\SDKSK.EXE
O4 - HKLM\..\RunServices: [IPMD.EXE] C:\WINDOWS\IPMD.EXE
O4 - HKLM\..\RunServices: [SDKGU.EXE] C:\WINDOWS\SYSTEM\SDKGU.EXE
O4 - HKLM\..\RunServices: [IEYQ32.EXE] C:\WINDOWS\SYSTEM\IEYQ32.EXE
O4 - HKLM\..\RunServices: [NTRB.EXE] C:\WINDOWS\NTRB.EXE
O4 - HKLM\..\RunServices: [IPFN.EXE] C:\WINDOWS\SYSTEM\IPFN.EXE
O4 - HKLM\..\RunServices: [SYSPJ.EXE] C:\WINDOWS\SYSPJ.EXE
O4 - HKLM\..\RunServices: [SYSJX32.EXE] C:\WINDOWS\SYSTEM\SYSJX32.EXE
O4 - HKLM\..\RunServices: [IESD32.EXE] C:\WINDOWS\IESD32.EXE
O4 - HKLM\..\RunServices: [D3TD.EXE] C:\WINDOWS\SYSTEM\D3TD.EXE
O4 - HKLM\..\RunServices: [SYSWE.EXE] C:\WINDOWS\SYSWE.EXE
O4 - HKLM\..\RunServices: [MSAG32.EXE] C:\WINDOWS\MSAG32.EXE
O4 - HKLM\..\RunServices: [D3PY32.EXE] C:\WINDOWS\D3PY32.EXE
O4 - HKLM\..\RunServices: [NTHW32.EXE] C:\WINDOWS\SYSTEM\NTHW32.EXE
O4 - HKLM\..\RunServices: [NETPQ.EXE] C:\WINDOWS\SYSTEM\NETPQ.EXE
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE
O4 - HKLM\..\RunServices: [ADDOE32.EXE] C:\WINDOWS\SYSTEM\ADDOE32.EXE
O4 - HKLM\..\RunServices: [WINWY.EXE] C:\WINDOWS\SYSTEM\WINWY.EXE
O4 - HKLM\..\RunServices: [JAVABV.EXE] C:\WINDOWS\SYSTEM\JAVABV.EXE
O4 - HKLM\..\RunServices: [APIUC32.EXE] C:\WINDOWS\APIUC32.EXE
O4 - HKLM\..\RunServices: [APPGY32.EXE] C:\WINDOWS\SYSTEM\APPGY32.EXE
O4 - HKLM\..\RunServices: [IPQU32.EXE] C:\WINDOWS\IPQU32.EXE
O4 - HKLM\..\RunServices: [APPLP32.EXE] C:\WINDOWS\SYSTEM\APPLP32.EXE
O4 - HKLM\..\RunServices: [D3AN32.EXE] C:\WINDOWS\SYSTEM\D3AN32.EXE
O4 - HKLM\..\RunServices: [NETBE.EXE] C:\WINDOWS\NETBE.EXE
O4 - HKLM\..\RunServices: [APPRG.EXE] C:\WINDOWS\SYSTEM\APPRG.EXE
O4 - HKLM\..\RunServices: [D3UY32.EXE] C:\WINDOWS\SYSTEM\D3UY32.EXE
O4 - HKLM\..\RunServices: [APPFV.EXE] C:\WINDOWS\SYSTEM\APPFV.EXE
O4 - HKLM\..\RunServices: [WINMR.EXE] C:\WINDOWS\WINMR.EXE
O4 - HKLM\..\RunServices: [SDKNP32.EXE] C:\WINDOWS\SDKNP32.EXE
O4 - HKLM\..\RunServices: [CRMV.EXE] C:\WINDOWS\SYSTEM\CRMV.EXE
O4 - HKLM\..\RunServices: [IPPV32.EXE] C:\WINDOWS\IPPV32.EXE
O4 - HKLM\..\RunServices: [CROM32.EXE] C:\WINDOWS\SYSTEM\CROM32.EXE
O4 - HKLM\..\RunServices: [APIPV32.EXE] C:\WINDOWS\APIPV32.EXE
O4 - HKLM\..\RunServices: [APIBQ32.EXE] C:\WINDOWS\APIBQ32.EXE
O4 - HKLM\..\RunServices: [JAVAMM.EXE] C:\WINDOWS\SYSTEM\JAVAMM.EXE
O4 - HKLM\..\RunServices: [IEEN.EXE] C:\WINDOWS\SYSTEM\IEEN.EXE
O4 - HKLM\..\RunServices: [CRTX32.EXE] C:\WINDOWS\SYSTEM\CRTX32.EXE
O4 - HKLM\..\RunServices: [WINET.EXE] C:\WINDOWS\WINET.EXE
O4 - HKLM\..\RunServices: [ADDLT.EXE] C:\WINDOWS\SYSTEM\ADDLT.EXE
O4 - HKLM\..\RunServices: [NETKJ.EXE] C:\WINDOWS\NETKJ.EXE
O4 - HKLM\..\RunServices: [APPYH.EXE] C:\WINDOWS\APPYH.EXE
O4 - HKLM\..\RunServices: [MFCDB.EXE] C:\WINDOWS\MFCDB.EXE
O4 - HKLM\..\RunServices: [ADDYD.EXE] C:\WINDOWS\ADDYD.EXE
O4 - HKLM\..\RunServices: [D3BL32.EXE] C:\WINDOWS\D3BL32.EXE
O4 - HKLM\..\RunServices: [IPBU32.EXE] C:\WINDOWS\SYSTEM\IPBU32.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Microsoft Works Agenda-herinneringen.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: SideFind (HKLM)
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38303.294837963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//kjvytjy//lmarumn//sdnezlf//jkrlhq//BE//arct.chm::/painter.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...7ff22322f046:375a82d108ec2e9d584f880889783bc3
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

is dit mijn log :unsure:
s

st3ph3n

Legacy Member
* Start de pc op in Windows Veilige Modus (F8 drukken bij het opstarten van Windows)
* Vink volgende items aan in HiJackThis en druk op 'Fix Checked'

Te fixen:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\nzyyu.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nzyyu.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\nzyyu.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\nzyyu.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nzyyu.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\nzyyu.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\nzyyu.dll/sp.html#29126
O2 - BHO: (no name) - {0ABD81BD-F94C-3BFC-5699-13A2D49E5844} - C:\WINDOWS\D3WC.DLL
O4 - HKLM\..\Run: [Cat's Claw] C:\NORMAN\WIN95\Claw95.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [Windows AdControl] C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADCTL.EXE
O4 - HKLM\..\Run: [mdvturuqtdec] C:\WINDOWS\SYSTEM\ttxjrct.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [SYSOR.EXE] C:\WINDOWS\SYSTEM\SYSOR.EXE
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\SYSTEM\Kernel.dll
O4 - HKLM\..\RunServices: [SDKWK.EXE] C:\WINDOWS\SYSTEM\SDKWK.EXE
O4 - HKLM\..\RunServices: [CRSC32.EXE] C:\WINDOWS\SYSTEM\CRSC32.EXE
O4 - HKLM\..\RunServices: [JAVADQ32.EXE] C:\WINDOWS\SYSTEM\JAVADQ32.EXE
O4 - HKLM\..\RunServices: [APIOG32.EXE] C:\WINDOWS\APIOG32.EXE
O4 - HKLM\..\RunServices: [JAVAHD.EXE] C:\WINDOWS\SYSTEM\JAVAHD.EXE
O4 - HKLM\..\RunServices: [SYSNI32.EXE] C:\WINDOWS\SYSNI32.EXE
O4 - HKLM\..\RunServices: [SDKSK.EXE] C:\WINDOWS\SDKSK.EXE
O4 - HKLM\..\RunServices: [IPMD.EXE] C:\WINDOWS\IPMD.EXE
O4 - HKLM\..\RunServices: [SDKGU.EXE] C:\WINDOWS\SYSTEM\SDKGU.EXE
O4 - HKLM\..\RunServices: [IEYQ32.EXE] C:\WINDOWS\SYSTEM\IEYQ32.EXE
O4 - HKLM\..\RunServices: [NTRB.EXE] C:\WINDOWS\NTRB.EXE
O4 - HKLM\..\RunServices: [IPFN.EXE] C:\WINDOWS\SYSTEM\IPFN.EXE
O4 - HKLM\..\RunServices: [SYSPJ.EXE] C:\WINDOWS\SYSPJ.EXE
O4 - HKLM\..\RunServices: [SYSJX32.EXE] C:\WINDOWS\SYSTEM\SYSJX32.EXE
O4 - HKLM\..\RunServices: [IESD32.EXE] C:\WINDOWS\IESD32.EXE
O4 - HKLM\..\RunServices: [D3TD.EXE] C:\WINDOWS\SYSTEM\D3TD.EXE
O4 - HKLM\..\RunServices: [SYSWE.EXE] C:\WINDOWS\SYSWE.EXE
O4 - HKLM\..\RunServices: [MSAG32.EXE] C:\WINDOWS\MSAG32.EXE
O4 - HKLM\..\RunServices: [D3PY32.EXE] C:\WINDOWS\D3PY32.EXE
O4 - HKLM\..\RunServices: [NTHW32.EXE] C:\WINDOWS\SYSTEM\NTHW32.EXE
O4 - HKLM\..\RunServices: [NETPQ.EXE] C:\WINDOWS\SYSTEM\NETPQ.EXE
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE
O4 - HKLM\..\RunServices: [ADDOE32.EXE] C:\WINDOWS\SYSTEM\ADDOE32.EXE
O4 - HKLM\..\RunServices: [WINWY.EXE] C:\WINDOWS\SYSTEM\WINWY.EXE
O4 - HKLM\..\RunServices: [JAVABV.EXE] C:\WINDOWS\SYSTEM\JAVABV.EXE
O4 - HKLM\..\RunServices: [APIUC32.EXE] C:\WINDOWS\APIUC32.EXE
O4 - HKLM\..\RunServices: [APPGY32.EXE] C:\WINDOWS\SYSTEM\APPGY32.EXE
O4 - HKLM\..\RunServices: [IPQU32.EXE] C:\WINDOWS\IPQU32.EXE
O4 - HKLM\..\RunServices: [APPLP32.EXE] C:\WINDOWS\SYSTEM\APPLP32.EXE
O4 - HKLM\..\RunServices: [D3AN32.EXE] C:\WINDOWS\SYSTEM\D3AN32.EXE
O4 - HKLM\..\RunServices: [NETBE.EXE] C:\WINDOWS\NETBE.EXE
O4 - HKLM\..\RunServices: [APPRG.EXE] C:\WINDOWS\SYSTEM\APPRG.EXE
O4 - HKLM\..\RunServices: [D3UY32.EXE] C:\WINDOWS\SYSTEM\D3UY32.EXE
O4 - HKLM\..\RunServices: [APPFV.EXE] C:\WINDOWS\SYSTEM\APPFV.EXE
O4 - HKLM\..\RunServices: [WINMR.EXE] C:\WINDOWS\WINMR.EXE
O4 - HKLM\..\RunServices: [SDKNP32.EXE] C:\WINDOWS\SDKNP32.EXE
O4 - HKLM\..\RunServices: [CRMV.EXE] C:\WINDOWS\SYSTEM\CRMV.EXE
O4 - HKLM\..\RunServices: [IPPV32.EXE] C:\WINDOWS\IPPV32.EXE
O4 - HKLM\..\RunServices: [CROM32.EXE] C:\WINDOWS\SYSTEM\CROM32.EXE
O4 - HKLM\..\RunServices: [APIPV32.EXE] C:\WINDOWS\APIPV32.EXE
O4 - HKLM\..\RunServices: [APIBQ32.EXE] C:\WINDOWS\APIBQ32.EXE
O4 - HKLM\..\RunServices: [JAVAMM.EXE] C:\WINDOWS\SYSTEM\JAVAMM.EXE
O4 - HKLM\..\RunServices: [IEEN.EXE] C:\WINDOWS\SYSTEM\IEEN.EXE
O4 - HKLM\..\RunServices: [CRTX32.EXE] C:\WINDOWS\SYSTEM\CRTX32.EXE
O4 - HKLM\..\RunServices: [WINET.EXE] C:\WINDOWS\WINET.EXE
O4 - HKLM\..\RunServices: [ADDLT.EXE] C:\WINDOWS\SYSTEM\ADDLT.EXE
O4 - HKLM\..\RunServices: [NETKJ.EXE] C:\WINDOWS\NETKJ.EXE
O4 - HKLM\..\RunServices: [APPYH.EXE] C:\WINDOWS\APPYH.EXE
O4 - HKLM\..\RunServices: [MFCDB.EXE] C:\WINDOWS\MFCDB.EXE
O4 - HKLM\..\RunServices: [ADDYD.EXE] C:\WINDOWS\ADDYD.EXE
O4 - HKLM\..\RunServices: [D3BL32.EXE] C:\WINDOWS\D3BL32.EXE
O4 - HKLM\..\RunServices: [IPBU32.EXE] C:\WINDOWS\SYSTEM\IPBU32.EXE
O9 - Extra button: SideFind (HKLM)
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//kjvytjy//l...m::/painter.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...84f880889783bc3
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab

Zorg dat je ze allemaal hebt !

Post daarna (voor de zekerheid) nog een nieuw log.

Steven
n

noreeeee

Legacy Member
Logfile of HijackThis v1.97.7
Scan saved at 18:34:36, on 13/11/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\MFCIM.EXE
C:\WINDOWS\APIOG32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSOR.EXE
C:\WINDOWS\SYSTEM\TWINK64.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\MFCIM.EXE
C:\WINDOWS\MSEA32.EXE
C:\WINDOWS\MSEA32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\DOWNLOADS\SOFTWARE\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\wqlpo.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\wqlpo.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\wqlpo.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\wqlpo.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\wqlpo.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\wqlpo.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\wqlpo.dll/sp.html#29126
O2 - BHO: (no name) - {B6016FA4-6BEE-BC17-E07E-FBE10FBB1708} - C:\WINDOWS\SYSTEM\WINKS.DLL
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [SYSOR.EXE] C:\WINDOWS\SYSTEM\SYSOR.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: folder.htt
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


dit is mijne nieuwe daar heb'k ook al alles terug van verwijderd ma da komt allemaal direct terug :sad:
T

T0rn4do

Legacy Member
Ben je zeker dat je ze verwijdert hebt in veilige modus ? Zo niet: verwijderen in veilige modus
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan