Mijn Hijackthis log

Henry · Bericht door **Henry** » za 05 feb 2005, 23:18

Logfile of HijackThis v1.99.0
Scan saved at 22:15:13, on 5-2-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\qwsXP.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\qwsXP.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.startpagina.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.startpagina.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\Google\Googletoolbar2.dll
O2 - BHO: (no name) - {BBF37972-0E17-4ADD-9AE1-0D7C4E223A66} - C:\WINDOWS\System32\qwsXP.dll
O3 - Toolbar: Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Googletoolbar2.dll
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [BlockAds] "C:\Program Files\Tweak-XP Pro 4\AdBlocker.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Google Search - res://c:\program files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\Google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Me ... b31267.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{54E7A473-ED0E-4670-96FE-82675621F0D6}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C9CD5A9-F213-421D-9D5E-2C37706C2FA6}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{B59384C0-7C37-4242-9B70-A712B584D3EF}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{54E7A473-ED0E-4670-96FE-82675621F0D6}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS2\Services\Tcpip\..\{54E7A473-ED0E-4670-96FE-82675621F0D6}: NameServer = 69.50.176.156,195.225.176.31
O18 - Filter: text/html - {14AF87F0-C7A9-4478-85AA-A6011AD9ACD2} - C:\WINDOWS\System32\qwsXP.dll
O18 - Filter: t

Bericht door **MandersOnline** » zo 06 feb 2005, 6:47

[quote]Logfile of HijackThis v1.99.0
Scan saved at 22:15:13, on 5-2-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\qwsXP.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\qwsXP.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.startpagina.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.startpagina.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {BBF37972-0E17-4ADD-9AE1-0D7C4E223A66} - C:\WINDOWS\System32\qwsXP.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Me ... b31267.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab

O18 - Filter: text/html - {14AF87F0-C7A9-4478-85AA-A6011AD9ACD2} - C:\WINDOWS\System32\qwsXP.dll
O18 - Filter: t

Bericht door **MandersOnline** » zo 06 feb 2005, 6:48

nog een ander vraagje, haal je wel de updates binnen aangezien ik zie dat je geen SP2 hrbt geïnstalleerd?

Henry · Bericht door **Henry** » zo 06 feb 2005, 22:19

SP2 werd mij afgeraden door de verkoper van mijn pc? Waarom, omdat het te veel blokte? Dus heb ik nog steeds geen update gedaan.

mvrgr Henry

Henry · Bericht door **Henry** » zo 06 feb 2005, 22:27

Om ff terug teomem op je reactie op mijn eerste bericht: moet ik alles aan vinken wat jij aangeeft , dus ook de regels:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.startpagina.nl

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

want startpagina is mijn huidige sp

mvrgr Henry

Bericht door **MandersOnline** » zo 06 feb 2005, 23:56

Ja klopt dat ding van Nero hoef je niet te starten en die startpagina ik gooi alles er altijd af ook bij mezelf en pas het daarna gewoon weer aan dan weet je zeker dat je alle troep kwijt bent...

Henry · Bericht door **Henry** » ma 07 feb 2005, 0:56

Ik heb gedaan wat je zei, maar ik blijf spyware houden . Dit is mijn log:

Logfile of HijackThis v1.99.0
Scan saved at 23:52:46, on 6-2-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Tweak-XP Pro 4\AdBlocker.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\eMule2\eMule.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\IExpLORE.EXE
D:\Downloads\Apps\S\Hijaacthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.startpagina.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.startpagina.nl
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\Google\Googletoolbar2.dll
O3 - Toolbar: Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Googletoolbar2.dll
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [BlockAds] "C:\Program Files\Tweak-XP Pro 4\AdBlocker.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Google Search - res://c:\program files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\Google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{54E7A473-ED0E-4670-96FE-82675621F0D6}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C9CD5A9-F213-421D-9D5E-2C37706C2FA6}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{B59384C0-7C37-4242-9B70-A712B584D3EF}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{54E7A473-ED0E-4670-96FE-82675621F0D6}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS2\Services\Tcpip\..\{54E7A473-ED0E-4670-96FE-82675621F0D6}: NameServer = 69.50.176.156,195.225.176.31
O18 - Filter: text/html - {BF7D5A50-B2A8-4CA5-B911-2744247A76E8} - C:\WINDOWS\System32\qwsXP.dll
O18 - Filter: t

Bericht door **MandersOnline** » ma 07 feb 2005, 1:00

Volgens mij nog wel iets meer dan alleen die 2 rode.

Heb je al een programma gebruikt om Spyware te verwjderen??

Ik raad je dat wel even aan nu...

Manders Online forum

Mijn Hijackthis log

Mijn Hijackthis log

Re: Mijn Hijackthis log