[WZL] - HijackThis - Op Wijfzonderlijf.be

NAVIGATIE

RUBRIEKEN

• FAQ / Help
• Wat mag niet?
• WZL Wedstrijden
• WZL Chat
• WZL Toolbar
• WZL Statistieken
• WZL leden
• WZL shop
• E-cards

RSS

• Fun-feed
• Babe-feed
• Stud-feed

Een groot aantal pokerrooms geven de mogelijkheid om poker te spelen op internet en geld te storten via het veilige iDeal betaalsysteem.

Overzicht » Computer » Software » HijackThis

- 1 - 2 -

r0x0rb0x0r wzl-lid Sinds 29/1/2005 T: 2 R: 20	27/6/2005 - 23:42u \| Quote
	Wishmaster zoude gij plz ff nr mijnen hijackthis wille kijke want dr is vanalles mis Thx al op voorhand Logfile of HijackThis v1.99.1 Scan saved at 23:35:24, on 27/06/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\Ati2evxx.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\Program Files\TGTSoft\StyleXP\StyleXPService.exe I:\Program Files\Common Files\STOPzilla!\SZServer.exe I:\WINDOWS\system32\spoolsv.exe I:\WINDOWS\system32\Ati2evxx.exe I:\WINDOWS\Explorer.EXE I:\WINDOWS\system32\wscntfy.exe I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe I:\WINDOWS\SOUNDMAN.EXE I:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe I:\WINDOWS\system32\RunDll32.exe I:\Program Files\Messenger Plus! 3\MsgPlus.exe I:\Program Files\Microsoft IntelliPoint\point32.exe I:\Program Files\Common Files\Real\Update_OB\realsched.exe I:\WINDOWS\system32\ctfmon.exe I:\Program Files\Messenger\msmsgs.exe I:\Program Files\HLSW\hlsw.exe I:\Program Files\MSN Messenger\msnmsgr.exe I:\WINDOWS\system32\rundll32.exe I:\Program Files\Shareaza\Shareaza.exe I:\Program Files\Mozilla Firefox\firefox.exe I:\Program Files\WinRAR\WinRAR.exe I:\DOCUME~1\toon\LOCALS~1\Temp\Rar$EX00.407\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res/I:\DOCUME~1\toon\LOCALS~1\Temp\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res/I:\DOCUME~1\toon\LOCALS~1\Temp\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.be R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {29FC9A8A-6587-42BE-C9C9-BFBA32DB0733} - I:\WINDOWS\system32\xnqnpqfd.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {8A732005-7F9F-AAA9-DCBF-C48B6502C6AC} - I:\WINDOWS\system32\mxsbsdrx.dll O2 - BHO: (no name) - {91FF7F20-44F6-4323-B242-A59AB9C4AA4F} - I:\WINDOWS\system32\coohmla.dll O2 - BHO: (no name) - {9BDE7F0F-4C57-91A2-7DAA-6C7246122B9E} - I:\WINDOWS\system32\quipvpmh.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - I:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - I:\Program Files\STOPzilla!\SZIEBHO.dll O4 - HKLM\..\Run: [ATIPTA] I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] I:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [MessengerPlus3] "I:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [IntelliPoint] "I:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [STOPzilla] I:\Program Files\STOPzilla!\STOPzilla.exe /autostart O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sp] rundll32 I:\DOCUME~1\toon\LOCALS~1\Temp\se.dll,DllInstall O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "I:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [STYLEXP] I:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - Startup: ubisoft register.lnk = I:\Program Files\Ubi Soft\Register\schedule.exe O4 - Startup: WZL Notifier.lnk = I:\Program Files\Wzl Notifier\WZL Notifier.exe O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res/I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing O12 - Plugin for .spop: I:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM) O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {970BF476-3CF2-4572-9EF9-4479E1591DB8} (VacPro.belgio_ver3) - http://www.advnt01.com/dialer/belgio_ver3.CAB O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Filter: text/html - {DB0648A2-E892-4DB9-B6A2-F75F929786F7} - I:\WINDOWS\system32\coohmla.dll O18 - Filter: text/plain - {DB0648A2-E892-4DB9-B6A2-F75F929786F7} - I:\WINDOWS\system32\coohmla.dll O20 - Winlogon Notify: STOPzilla - I:\WINDOWS\SYSTEM32\IS3WLHandler.dll O23 - Service: Ati HotKey Poller - Unknown owner - I:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe O23 - Service: iPod Service (iPodService) - Unknown owner - I:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: uwhiayhbxkpt (MsUpdate6) - Unknown owner - I:\WINDOWS\system32\msupd6.exe O23 - Service: StyleXPService - Unknown owner - I:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: STOPzilla Service (szserver) - Unknown owner - I:\Program Files\Common Files\STOPzilla!\SZServer.exe
WishMaster [mod] 666 Sinds 26/2/2003 T:99 - R:2018	27/6/2005 - 23:58u \| Quote
	Ben geen expert zenne kopieer en plak je log hier De "toolbars" en de "dialer" zou ik al zeker wegdoen
lordfragger [mod], gewoon [mod] Sinds 28/6/2004 T:15 - R:3135	28/6/2005 - 0:13u \| Quote
	En zeker hijackthis in een apparte map zetten, het prog staat nu in de temp map. Als ge dingen verwiderd worden daar back ups van bijgehouden, in een tempmap kunnen die door windows verwijderd worden.
Darunia wzl-lid Sinds 18/12/2004 T:6 - R:336	5/7/2005 - 17:42u \| Quote
	About:blank-infectie,last van hardnekkige startpagina waar je te pas en te onpas naar geleid wordt? Plaats een nieuwe log tegen zaterdag (ben weekje op reis) en dan help ik je wel voort.
BUZZ wzl-lid Sinds 22/5/2004 T:13 - R:726	5/7/2005 - 21:25u \| Quote
	darunia is de man
r0x0rb0x0r wzl-lid Sinds 29/1/2005 T:2 - R:20	7/7/2005 - 12:15u \| Quote
	Jow, merci da ge mij al wilt helpe, idd last van About:blank-infectie en een hardnekkige startpagina waar ik te pas en te onpas naar geleid wordt. Logfile of HijackThis v1.99.1 Scan saved at 12:12:27, on 7/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\Ati2evxx.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\Program Files\TGTSoft\StyleXP\StyleXPService.exe I:\Program Files\Common Files\STOPzilla!\szserver.exe I:\WINDOWS\system32\spoolsv.exe I:\WINDOWS\system32\Ati2evxx.exe I:\WINDOWS\Explorer.EXE I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe I:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe I:\WINDOWS\system32\RunDll32.exe I:\Program Files\Messenger Plus! 3\MsgPlus.exe I:\Program Files\Microsoft IntelliPoint\point32.exe I:\Program Files\Common Files\Real\Update_OB\realsched.exe I:\Program Files\STOPzilla!\STOPzilla.exe I:\Program Files\iTunes\iTunesHelper.exe I:\WINDOWS\system32\ctfmon.exe I:\Program Files\Messenger\msmsgs.exe I:\WINDOWS\system32\msupd6.exe I:\Documents and Settings\toon\Bureaublad\HijackThis.exe I:\WINDOWS\system32\dwwin.exe I:\Program Files\iPod\bin\iPodService.exe I:\WINDOWS\system32\wscntfy.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.be R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {29FC9A8A-6587-42BE-C9C9-BFBA32DB0733} - I:\WINDOWS\system32\xnqnpqfd.dll O2 - BHO: (no name) - {3B2E942C-1252-4600-9306-97028D2ED4} - I:\WINDOWS\system32\ldlec.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {8A732005-7F9F-AAA9-DCBF-C48B6502C6AC} - I:\WINDOWS\system32\mxsbsdrx.dll O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - I:\Program Files\Accoona\ASearchAssist.dll O2 - BHO: (no name) - {9BDE7F0F-4C57-91A2-7DAA-6C7246122B9E} - I:\WINDOWS\system32\quipvpmh.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - I:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - I:\Program Files\STOPzilla!\SZIEBHO.dll O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - I:\Program Files\Accoona\atoolbar.dll O4 - HKLM\..\Run: [ATIPTA] I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] I:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [MessengerPlus3] "I:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [IntelliPoint] "I:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [STOPzilla] I:\Program Files\STOPzilla!\STOPzilla.exe /autostart O4 - HKLM\..\Run: [iTunesHelper] I:\Program Files\iTunes\iTunesHelper.exe O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "I:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [STYLEXP] I:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res/I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O12 - Plugin for .spop: I:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O20 - Winlogon Notify: STOPzilla - I:\WINDOWS\SYSTEM32\IS3WLHandler.dll O23 - Service: Ati HotKey Poller - Unknown owner - I:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - I:\Program Files\iPod\bin\iPodService.exe O23 - Service: uwhiayhbxkpt (MsUpdate6) - Unknown owner - I:\WINDOWS\system32\msupd6.exe O23 - Service: StyleXPService - Unknown owner - I:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: STOPzilla Service (szserver) - Unknown owner - I:\Program Files\Common Files\STOPzilla!\szserver.exe Laatst aangepast door r0x0rb0x0r op 7/07/2005 12:16:50u (2x aangepast)
Darunia wzl-lid Sinds 18/12/2004 T:6 - R:336	11/7/2005 - 9:36u \| Quote
	Download ccleaner, gebruik het programma nog niet. Download killbox en plaats het op je bureaublad. Eveneens nog niet gebruiken. Beëindig volgende zaken via hijackthis (config > misc tools > open process manager > aanduiden van proces > kill process): I:\Program Files\Common Files\Real\Update_OB\realsched.exe I:\WINDOWS\system32\msupd6.exe Verwijder via Configuratiescherm > Software volgende zaken indien aanwezig: Acoona Ga naar start > uitvoeren. Typ daar services.msc in. Zoek volgend bestand, klik er met rechtermuisknop op en kies voor eigenschappen. Vervolgens kies je voor 'stoppen' en duidt je bij opstarttype 'uitgeschakeld' aan. uwhiayhbxkpt (MsUpdate6) Run hijackthis en vink volgende items aan. Sluit alle openstaande vensters (belangrijk!) en klik op 'fixed checked': R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {29FC9A8A-6587-42BE-C9C9-BFBA32DB0733} - I:\WINDOWS\system32\xnqnpqfd.dll O2 - BHO: (no name) - {3B2E942C-1252-4600-9306-97028D2ED4} - I:\WINDOWS\system32\ldlec.dll (file missing) O2 - BHO: (no name) - {8A732005-7F9F-AAA9-DCBF-C48B6502C6AC} - I:\WINDOWS\system32\mxsbsdrx.dll O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - I:\Program Files\Accoona\ASearchAssist.dll O2 - BHO: (no name) - {9BDE7F0F-4C57-91A2-7DAA-6C7246122B9E} - I:\WINDOWS\system32\quipvpmh.dll O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - I:\Program Files\Accoona\atoolbar.dll O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O23 - Service: uwhiayhbxkpt (MsUpdate6) - Unknown owner - I:\WINDOWS\system32\msupd6.exe Open killbox en vink de optie 'Delete on reboot' aan. Kopieer onderstaande regel. I:\WINDOWS\system32\xnqnpqfd.dll Open 'file' in het killboxmenu bovenaan en kies 'Paste from clipboard'. Doe hetzelfde voor volgende regels: I:\WINDOWS\system32\mxsbsdrx.dll I:\WINDOWS\system32\quipvpmh.dll I:\WINDOWS\system32\msupd6.exe Kijk even of alle regels in het path staan. Anders zoek je ze al bladerend. Klik nu op het witte kruis en laat killbox je pc herstarten. Zorg dat alle verborgen bestanden weergegeven worden en herstart de pc. (verborgen bestanden weergeven) Verwijder indien aanwezig: I:\Program Files\Accoona Open ccleaner en klik op 'opschonen'. Plaats een nieuwe log.
r0x0rb0x0r wzl-lid Sinds 29/1/2005 T:2 - R:20	11/7/2005 - 14:54u \| Quote
	Jow kheb alles proberen volgen, dit is mijne log nu Logfile of HijackThis v1.99.1 Scan saved at 14:52:27, on 11/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\Ati2evxx.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\system32\spoolsv.exe I:\WINDOWS\system32\Ati2evxx.exe I:\WINDOWS\Explorer.EXE I:\Program Files\ATI Technologies\ATI Control Panel\a tiptaxx.exe I:\Program Files\Messenger Plus! 3\MsgPlus.exe I:\Program Files\Microsoft IntelliPoint\point32.exe I:\Program Files\Messenger\msmsgs.exe I:\WINDOWS\system32\wscntfy.exe I:\Program Files\Internet Explorer\iexplore.exe I:\Program Files\Mozilla Firefox\firefox.exe I:\Documents and Settings\toon\Bureaublad\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.be R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {29FC9A8A-6587-42BE-C9C9-BFBA32DB0733} - (no file) O2 - BHO: (no name) - {2C0F27CA-9E8A-C291-F61E-8F218503014E} - I:\DOCUME~1\jan\APPLIC~1\FORKTI~1\Meal Tons.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {8A732005-7F9F-AAA9-DCBF-C48B6502C6AC} - (no file) O2 - BHO: (no name) - {9BDE7F0F-4C57-91A2-7DAA-6C7246122B9E} - (no file) O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - I:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - I:\Program Files\STOPzilla!\SZIEBHO.dll O4 - HKLM\..\Run: [ATIPTA] I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [MessengerPlus3] "I:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [IntelliPoint] "I:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Ante itch stop creative] I:\Documents and Settings\All Users\Application Data\adminthisanteitch\Gram bib.exe O4 - HKCU\..\Run: [MessengerPlus3] "I:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [STYLEXP] I:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res/I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O12 - Plugin for .spop: I:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O20 - Winlogon Notify: STOPzilla - I:\WINDOWS\SYSTEM32\IS3WLHandler.dll O23 - Service: Ati HotKey Poller - Unknown owner - I:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe Merci al da ge mij wilt helpe
Darunia wzl-lid Sinds 18/12/2004 T:6 - R:336	12/7/2005 - 1:23u \| Quote
	Je hebt messengerplus MET sponsors geïnstalleerd, zo krijg je een heleboel spyware binnen. Die moet er dus eerst af. Als je pc clean is kan je msnplus terug installeren maar dan zonder sponsors. Deïnstalleer via configuratiescherm > software: MessengerPlus Fixen met hijackthis (zorg dat alle vensters gesloten zijn behalve hijackthis zelf): R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {29FC9A8A-6587-42BE-C9C9-BFBA32DB0733} - (no file) O2 - BHO: (no name) - {2C0F27CA-9E8A-C291-F61E-8F218503014E} - I:\DOCUME~1\jan\APPLIC~1\FORKTI~1\Meal Tons.exe O2 - BHO: (no name) - {8A732005-7F9F-AAA9-DCBF-C48B6502C6AC} - (no file) O2 - BHO: (no name) - {9BDE7F0F-4C57-91A2-7DAA-6C7246122B9E} - (no file) O4 - HKLM\..\Run: [MessengerPlus3] "I:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Ante itch stop creative] I:\Documents and Settings\All Users\Application Data\adminthisanteitch\Gram bib.exe O4 - HKCU\..\Run: [MessengerPlus3] "I:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart Herstart pc en verwijder volgende zaken: I:\Program Files\messenger plus I:\Program File\c2media I:\Documents and Settings\All Users\Application Data\adminthisanteitch I:\Documents and Settings\jan\Application Data\FORKTI... (naam is langer, maar dit zijn de eerste zes letters) Download dit tooltje en plaats het op je buroblad. Open het batbestandje. Kopieer de inhoud van de log die dit bestandje maakt. Post ook een nieuwe hijackthislog.
r0x0rb0x0r wzl-lid Sinds 29/1/2005 T:2 - R:20	12/7/2005 - 13:47u \| Quote
	Het volume in station I heeft geen naam. Het volumenummer is A89E-76C9 Map van I:\WINDOWS\tasks 11/07/2005 11:47 <DIR> . 11/07/2005 11:47 <DIR> .. 12/07/2005 02:00 258 A2F5C4918A0420.job 12/07/2005 02:00 262 AC384E09903FCD55.job 12/07/2005 02:00 258 ADDB3B9184AC57.job 12/07/2005 02:00 274 B74B60B191C50A69.job 07/09/2001 14:00 65 desktop.ini 12/07/2005 13:35 6 SA.DAT 6 bestand(en) 1.123 bytes Map van I:\Documents and Settings\toon\Bureaublad Da is van die vindjob Logfile of HijackThis v1.99.1 Scan saved at 13:47:00, on 12/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\Ati2evxx.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\system32\spoolsv.exe I:\WINDOWS\system32\Ati2evxx.exe I:\WINDOWS\Explorer.EXE I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe I:\Program Files\Microsoft IntelliPoint\point32.exe I:\Program Files\Common Files\Real\Update_OB\realsched.exe I:\WINDOWS\system32\rundll32.exe I:\Program Files\Messenger\msmsgs.exe I:\WINDOWS\system32\wscntfy.exe I:\Program Files\MSN Messenger\msnmsgr.exe I:\Program Files\Mozilla Firefox\firefox.exe I:\Documents and Settings\toon\Bureaublad\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res/I:\DOCUME~1\toon\LOCALS~1\Temp\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res/I:\DOCUME~1\toon\LOCALS~1\Temp\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.be R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {29FC9A8A-6587-42BE-C9C9-BFBA32DB0733} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {609E9085-98CC-4F81-8DD7-3911759EDEB9} - I:\WINDOWS\system32\mcgafl.dll O2 - BHO: (no name) - {8A732005-7F9F-AAA9-DCBF-C48B6502C6AC} - (no file) O2 - BHO: (no name) - {9BDE7F0F-4C57-91A2-7DAA-6C7246122B9E} - (no file) O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - I:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - I:\Program Files\STOPzilla!\SZIEBHO.dll O4 - HKLM\..\Run: [ATIPTA] I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelliPoint] "I:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sp] rundll32 I:\DOCUME~1\toon\LOCALS~1\Temp\se.dll,DllInstall O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [STYLEXP] I:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res/I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O12 - Plugin for .spop: I:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Filter: text/html - {964C68-204E-439B-AEB9-52F4A414A1EF} - I:\WINDOWS\system32\mcgafl.dll O18 - Filter: text/plain - {964C68-204E-439B-AEB9-52F4A414A1EF} - I:\WINDOWS\system32\mcgafl.dll O20 - Winlogon Notify: STOPzilla - I:\WINDOWS\SYSTEM32\IS3WLHandler.dll O23 - Service: Ati HotKey Poller - Unknown owner - I:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe en mijnen HijackThis
Darunia wzl-lid Sinds 18/12/2004 T:6 - R:336	12/7/2005 - 23:41u \| Quote
	Download dit tooltje en plaats het op je bureaublad. Download dit tooltje en plaats het op je bureaublad. Open een kladblokbestand en kopieer onderstaande code erin: %systemdrive% cd I:\WINDOWS\Tasks attrib -r -s -h A2F5C4918A0420.job del A2F5C4918A0420.job attrib -r -s -h AC384E09903FCD55.job del AC384E09903FCD55.job attrib -r -s -h ADDB3B9184AC57.job del ADDB3B9184AC57.job attrib -r -s -h B74B60B191C50A69.job del B74B60B191C50A69.job Sla het kladblokbestand op als fix.bat, kies dus bij 'opslaan als' voor 'alle bestanden'. Plaats het op je bureaublad. Open dan fix.bat op je bureaublad. Fix vervolgens met hijackthis volgende regels: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res/I:\DOCUME~1\toon\LOCALS~1\Temp\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res/I:\DOCUME~1\toon\LOCALS~1\Temp\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {29FC9A8A-6587-42BE-C9C9-BFBA32DB0733} - (no file) O2 - BHO: (no name) - {609E9085-98CC-4F81-8DD7-3911759EDEB9} - I:\WINDOWS\system32\mcgafl.dll O2 - BHO: (no name) - {8A732005-7F9F-AAA9-DCBF-C48B6502C6AC} - (no file) O2 - BHO: (no name) - {9BDE7F0F-4C57-91A2-7DAA-6C7246122B9E} - (no file) O4 - HKLM\..\Run: [sp] rundll32 I:\DOCUME~1\toon\LOCALS~1\Temp\se.dll,DllInstall O18 - Filter: text/html - {964C68-204E-439B-AEB9-52F4A414A1EF} - I:\WINDOWS\system32\mcgafl.dll O18 - Filter: text/plain - {964C68-204E-439B-AEB9-52F4A414A1EF} - I:\WINDOWS\system32\mcgafl.dll Verwijder met killbox (zoals vorige keer): I:\WINDOWS\system32\mcgafl.dll I:\DOCUMENTS AND SETTINGS\toon\LOCALSETTINGS\Temp\se.dll Dit keer niet heropstarten, op 'NO' klikken dus als men hier achter vraagt. Wel de optie 'delete on reboot' gebruiken. Draai ccleaner nog een keertje. Draai cwshredder (het eerste gedownloade tooltje). Klik op 'fix'. Draai spsehjfix112.exe (het tweede gedownloade tooltje). Klik op 'Start Desinfektion'. Zorg dat alle andere programma's afgesloten zijn en andere vensters gesloten voor je dit doet. Dit tooltje maakt een log aan op het buroblad. Het tooltje laat de pc vanzelf heropstarten (mogelijk doet het terug een scan), anders herstart je zelf. Na herstarten plaats je een nieuwe log, de log van het tooltje en plaats eveneens een nieuwe log van vindjob.bat.
r0x0rb0x0r wzl-lid Sinds 29/1/2005 T:2 - R:20	13/7/2005 - 10:53u \| Quote
	Log v welk tooltje ? Het volume in station I heeft geen naam. Het volumenummer is A89E-76C9 Map van I:\WINDOWS\tasks 13/07/2005 10:35 <DIR> . 13/07/2005 10:35 <DIR> .. 13/07/2005 01:00 258 A2F5C4918A0420.job 13/07/2005 01:00 258 ADDB3B9184AC57.job 07/09/2001 14:00 65 desktop.ini 13/07/2005 10:48 6 SA.DAT 4 bestand(en) 587 bytes Map van I:\Documents and Settings\toon\Bureaublad Logfile of HijackThis v1.99.1 Scan saved at 10:52:00, on 13/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\Ati2evxx.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\system32\spoolsv.exe I:\WINDOWS\system32\Ati2evxx.exe I:\WINDOWS\Explorer.EXE I:\WINDOWS\system32\wscntfy.exe I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe I:\Program Files\Microsoft IntelliPoint\point32.exe I:\Program Files\Common Files\Real\Update_OB\realsched.exe I:\Program Files\Messenger\msmsgs.exe I:\Program Files\Mozilla Firefox\firefox.exe I:\WINDOWS\system32\wuauclt.exe I:\Documents and Settings\toon\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.be R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {29FC9A8A-6587-42BE-C9C9-BFBA32DB0733} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {8A732005-7F9F-AAA9-DCBF-C48B6502C6AC} - (no file) O2 - BHO: (no name) - {9BDE7F0F-4C57-91A2-7DAA-6C7246122B9E} - (no file) O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - I:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - I:\Program Files\STOPzilla!\SZIEBHO.dll O4 - HKLM\..\Run: [ATIPTA] I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelliPoint] "I:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [STYLEXP] I:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res/I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O12 - Plugin for .spop: I:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O20 - Winlogon Notify: STOPzilla - I:\WINDOWS\SYSTEM32\IS3WLHandler.dll O23 - Service: Ati HotKey Poller - Unknown owner - I:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe Hoe wast op vakantie btw ? Laatst aangepast door r0x0rb0x0r op 13/07/2005 10:54:10u (1x aangepast)
Darunia wzl-lid Sinds 18/12/2004 T:6 - R:336	13/7/2005 - 15:39u \| Quote
	De log van 'spsehjfix112.exe'. Kijk eens op je buroblad en post dit. offtopic: vakantie was goed, zaterdag vertrek ik terug. Hopelijk krijgen we pc op tijd proper.
r0x0rb0x0r wzl-lid Sinds 29/1/2005 T:2 - R:20	13/7/2005 - 15:45u \| Quote
	(7/13/05 10:45:46) SPSeHjFix started v1.1.2 (7/13/05 10:45:46) OS: WinXP Service Pack 2 (5.1.2600) (7/13/05 10:45:46) Language: nederlands (7/13/05 10:45:46) Win-Path: I:\WINDOWS (7/13/05 10:45:46) System-Path: I:\WINDOWS\system32 (7/13/05 10:45:46) Temp-Path: I:\DOCUME~1\toon\LOCALS~1\Temp\ (7/13/05 10:45:4 Disinfection started (7/13/05 10:45:4 Bad-Dll(IEP): (not found) (7/13/05 10:45:4 Bad-Dll(IEP) in BHO: (not found) (7/13/05 10:45:4 Searchassistant Uninstaller found: regsvr32 /s /u I:\WINDOWS\system32\mcgafl.dll (7/13/05 10:45:4 Searchassistant Uninstaller - Keys Deleted (7/13/05 10:45:4 UBF: 8 - UBB: 5 - UBR: 6 (7/13/05 10:45:4 FilterKey: HKCR\text/html (deleted) (7/13/05 10:45:4 FilterKey: HKCR\CLSID\{E036309F-BB23-4697-B845-8076F679DFD1} (error while deleting) (7/13/05 10:45:4 FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting) (7/13/05 10:45:4 BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29FC9A8A-6587-42BE-C9C9-BFBA32DB0733} (error while deleting) (7/13/05 10:45:4 BHO-Key: HKCR\CLSID\{29FC9A8A-6587-42BE-C9C9-BFBA32DB0733} (error while deleting) (7/13/05 10:45:4 BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A732005-7F9F-AAA9-DCBF-C48B6502C6AC} (error while deleting) (7/13/05 10:45:4 BHO-Key: HKCR\CLSID\{8A732005-7F9F-AAA9-DCBF-C48B6502C6AC} (error while deleting) (7/13/05 10:45:4 BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9BDE7F0F-4C57-91A2-7DAA-6C7246122B9E} (error while deleting) (7/13/05 10:45:4 BHO-Key: HKCR\CLSID\{9BDE7F0F-4C57-91A2-7DAA-6C7246122B9E} (error while deleting) (7/13/05 10:45:4 UBF: 7 - UBB: 5 - UBR: 6 (7/13/05 10:45:4 Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 I:\DOCUME~1\toon\LOCALS~1\Temp\se.dll,DllInstall (deleted) (7/13/05 10:45:4 Bad IE-pages: deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank (7/13/05 10:45:4 Stealth-String not found (7/13/05 10:45:4 File added to delete: i:\windows\system32\mcgafl.dll (7/13/05 10:45:4 File added to delete: error (7/13/05 10:45:4 File added to delete: i:\docume~1\toon\locals~1\temp\se.dll (7/13/05 10:45:4 Reboot (7/13/05 10:47:21) SPSeHjFix started v1.1.2 (7/13/05 10:47:21) OS: WinXP Service Pack 2 (5.1.2600) (7/13/05 10:47:21) Language: nederlands (7/13/05 10:47:21) Win-Path: I:\WINDOWS (7/13/05 10:47:21) System-Path: I:\WINDOWS\system32 (7/13/05 10:47:21) Temp-Path: I:\DOCUME~1\toon\LOCALS~1\Temp\ (7/13/05 10:47:5 Disinfection started (7/13/05 10:47:5 Bad-Dll(IEP): i:\docume~1\toon\locals~1\temp\se.dll (7/13/05 10:47:5 Searchassistant Uninstaller found: regsvr32 /s /u I:\WINDOWS\system32\mcgafl.dll (7/13/05 10:47:5 Searchassistant Uninstaller - Keys Deleted (7/13/05 10:47:5 UBF: 9 - UBB: 6 - UBR: 6 (7/13/05 10:47:5 FilterKey: HKCR\text/html (deleted) (7/13/05 10:47:5 FilterKey: HKCR\CLSID\{EEE966FD-2A8B-4A99-9C8D-DB1AEDC82F81} (deleted) (7/13/05 10:47:5 FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting) (7/13/05 10:47:5 FilterKey: HKCR\text/plain (deleted) (7/13/05 10:47:5 FilterKey: HKCR\CLSID\{EEE966FD-2A8B-4A99-9C8D-DB1AEDC82F81} (error while deleting) (7/13/05 10:47:5 FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting) (7/13/05 10:47:5 BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F354250E-D3B9-4AC0-B58D-F553D14CA31F} (deleted) (7/13/05 10:47:5 BHO-Key: HKCR\CLSID\{F354250E-D3B9-4AC0-B58D-F553D14CA31F} (deleted) (7/13/05 10:47:5 Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 I:\DOCUME~1\toon\LOCALS~1\Temp\se.dll,DllInstall (deleted) (7/13/05 10:47:5 UBF: 7 - UBB: 5 - UBR: 5 (7/13/05 10:47:5 Bad IE-pages: deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res/i:\docume~1\toon\locals~1\temp\se.dll/sp.html deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res/i:\docume~1\toon\locals~1\temp\se.dll/sp.html deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank (7/13/05 10:47:5 Stealth-String not found (7/13/05 10:47:5 File added to delete: i:\windows\system32\mcgafl.dll (7/13/05 10:47:5 File added to delete: i:\docume~1\toon\locals~1\temp\se.dll (7/13/05 10:47:5 Reboot (7/13/05 10:49:15) SPSeHjFix started v1.1.2 (7/13/05 10:49:15) OS: WinXP Service Pack 2 (5.1.2600) (7/13/05 10:49:15) Language: nederlands (7/13/05 10:49:15) Win-Path: I:\WINDOWS (7/13/05 10:49:15) System-Path: I:\WINDOWS\system32 (7/13/05 10:49:15) Temp-Path: I:\DOCUME~1\toon\LOCALS~1\Temp\ (7/13/05 15:45:39) SPSeHjFix started v1.1.2 (7/13/05 15:45:39) OS: WinXP Service Pack 2 (5.1.2600) (7/13/05 15:45:39) Language: nederlands (7/13/05 15:45:39) Win-Path: I:\WINDOWS (7/13/05 15:45:39) System-Path: I:\WINDOWS\system32 (7/13/05 15:45:39) Temp-Path: I:\DOCUME~1\toon\LOCALS~1\Temp\ (7/13/05 15:45:42) Disinfection started (7/13/05 15:45:42) Bad-Dll(IEP): (not found) (7/13/05 15:45:42) Bad-Dll(IEP) in BHO: (not found) (7/13/05 15:45:42) UBF: 7 - UBB: 5 - UBR: 5 (7/13/05 15:45:42) UBF: 7 - UBB: 5 - UBR: 5 (7/13/05 15:45:42) Bad IE-pages: (none) (7/13/05 15:45:43) Stealth-String not found (7/13/05 15:45:43) Not infected->END
Darunia wzl-lid Sinds 18/12/2004 T:6 - R:336	13/7/2005 - 23:50u \| Quote
	Fixen met hijackthis: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O2 - BHO: (no name) - {29FC9A8A-6587-42BE-C9C9-BFBA32DB0733} - (no file) O2 - BHO: (no name) - {8A732005-7F9F-AAA9-DCBF-C48B6502C6AC} - (no file) O2 - BHO: (no name) - {9BDE7F0F-4C57-91A2-7DAA-6C7246122B9E} - (no file) Herstart pc en post nieuwe log. Nog problemen?
r0x0rb0x0r wzl-lid Sinds 29/1/2005 T:2 - R:20	14/7/2005 - 18:59u \| Quote
	Logfile of HijackThis v1.99.1 Scan saved at 18:55:54, on 14/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\Ati2evxx.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\system32\spoolsv.exe I:\WINDOWS\system32\Ati2evxx.exe I:\WINDOWS\Explorer.EXE I:\WINDOWS\system32\wscntfy.exe I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe I:\Program Files\Microsoft IntelliPoint\point32.exe I:\Program Files\Common Files\Real\Update_OB\realsched.exe I:\WINDOWS\system32\rundll32.exe I:\Program Files\Messenger\msmsgs.exe I:\Documents and Settings\toon\Bureaublad\HijackThis.exe I:\WINDOWS\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res/I:\DOCUME~1\toon\LOCALS~1\Temp\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res/I:\DOCUME~1\toon\LOCALS~1\Temp\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.be O2 - BHO: (no name) - {29FC9A8A-6587-42BE-C9C9-BFBA32DB0733} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {8A732005-7F9F-AAA9-DCBF-C48B6502C6AC} - (no file) O2 - BHO: (no name) - {9BDE7F0F-4C57-91A2-7DAA-6C7246122B9E} - (no file) O2 - BHO: (no name) - {B2D23FDA-3471-481C-9C73-B79ADD125D1C} - I:\WINDOWS\system32\fffkccb.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - I:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - I:\Program Files\STOPzilla!\SZIEBHO.dll O4 - HKLM\..\Run: [ATIPTA] I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelliPoint] "I:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sp] rundll32 I:\DOCUME~1\toon\LOCALS~1\Temp\se.dll,DllInstall O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [STYLEXP] I:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res/I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O12 - Plugin for .spop: I:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Filter: text/html - {C410D986-94FE-43A3-8455-F9800D02567E} - I:\WINDOWS\system32\fffkccb.dll O18 - Filter: text/plain - {C410D986-94FE-43A3-8455-F9800D02567E} - I:\WINDOWS\system32\fffkccb.dll O20 - Winlogon Notify: STOPzilla - I:\WINDOWS\SYSTEM32\IS3WLHandler.dll O23 - Service: Ati HotKey Poller - Unknown owner - I:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe Al veel beter nu, alleen komt er om de 5 min ofzo nog spyware op voor bvb bloemen te kopen ofzo langs internet Bron: © http://members.lycos.nl/bagyva40/images/foto_35.JPG
Darunia wzl-lid Sinds 18/12/2004 T:6 - R:336	15/7/2005 - 2:06u \| Quote
	Je bent er inderdaad nog niet van af. Instructies volgen morgen (normaal gezien).
Darunia wzl-lid Sinds 18/12/2004 T:6 - R:336	15/7/2005 - 10:30u \| Quote
	Herstart in veilige modus (belangrijk!) Fix met hijackthis: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res/I:\DOCUME~1\toon\LOCALS~1\Temp\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res/I:\DOCUME~1\toon\LOCALS~1\Temp\se.dll/sp.html O2 - BHO: (no name) - {29FC9A8A-6587-42BE-C9C9-BFBA32DB0733} - (no file) O2 - BHO: (no name) - {8A732005-7F9F-AAA9-DCBF-C48B6502C6AC} - (no file) O2 - BHO: (no name) - {9BDE7F0F-4C57-91A2-7DAA-6C7246122B9E} - (no file) O2 - BHO: (no name) - {B2D23FDA-3471-481C-9C73-B79ADD125D1C} - I:\WINDOWS\system32\fffkccb.dll O4 - HKLM\..\Run: [sp] rundll32 I:\DOCUME~1\toon\LOCALS~1\Temp\se.dll,DllInstall O18 - Filter: text/html - {C410D986-94FE-43A3-8455-F9800D02567E} - I:\WINDOWS\system32\fffkccb.dll O18 - Filter: text/plain - {C410D986-94FE-43A3-8455-F9800D02567E} - I:\WINDOWS\system32\fffkccb.dll Verwijder dan: I:\WINDOWS\system32\fffkccb.dll I:\DOCUMENTS AND SETTINGS\toon\LOCAL SETTINGS\Temp\se.dll Draai ccleaner. Herstart pc in gewone modus en plaats een nieuwe log.
r0x0rb0x0r wzl-lid Sinds 29/1/2005 T:2 - R:20	16/7/2005 - 13:56u \| Quote
	Hoe startte pc op in veilige modus ? hoop da ge er nog zijt gelukkige vakantie verder
Darunia wzl-lid Sinds 18/12/2004 T:6 - R:336	20/7/2005 - 18:41u \| Quote
	*r0x0rb0x0r schreef:* Hoe startte pc op in veilige modus ? hoop da ge er nog zijt gelukkige vakantie verder (veilige modus)
r0x0rb0x0r wzl-lid Sinds 29/1/2005 T:2 - R:20	30/7/2005 - 11:59u \| Quote
	Bron: © http://members.lycos.nl/bagyva40/images/foto_36.JPG waar is het tabblad boot.ini

- 1 - 2 -