:strip_icc():strip_exif()/u/105338/crop5d4032843709c_cropped.jpeg?f=community)
Hallo, een vriend van mij heeft het volgende probleem: Zijn AVG virus scaner geeft de volgende melding " trojan horse dialer.9.n". Met Norton 2004 kan ik ook niks vinden. Met google heb ik ook gezocht op "ntapi32d.exe" en kwam toen op een engels forum terecht. daar hadden ze het over hijack this. Dus even gedownload en gedraait alleen snap ik niet wat ik moet met de log. Dus zou iemand mij kunnen vertellen wat ik moet aan vinken en het virus weg krijg.
alvast bedankt voor de hulp!
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
| Logfile of HijackThis v1.98.2
Scan saved at 23:00:57, on 26-8-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WIND98\SYSTEM\KERNEL32.DLL
C:\WIND98\SYSTEM\MSGSRV32.EXE
C:\WIND98\SYSTEM\MPREXE.EXE
C:\WIND98\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WIND98\SYSTEM\mmtask.tsk
C:\WIND98\EXPLORER.EXE
C:\WIND98\TASKMON.EXE
C:\WIND98\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\NEWS\NEWSUPD.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WIND98\SYSTEM\LINKSTS.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WIND98\SYSTEM\STIMON.EXE
C:\WIND98\SYSTEM\HPZTSB04.EXE
C:\WIND98\LOADQM.EXE
C:\WIND98\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\WIND98\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.0002.1001\NL\MSNAPPAU.EXE
C:\WIND98\SYSTEM\INTL.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\ARES LITE EDITION\ARESLITE.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\ULTIMATEZIP 2.7\UZQKST.EXE
C:\PROGRAM FILES\RABOTWIN\RABOCOMM\RABOSESSIONMON.EXE
C:\WIND98\SYSTEM\DDHELP.EXE
C:\WIND98\SYSTEM\WMIEXE.EXE
C:\WIND98\SYSTEM\PSTORES.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Plus18Point/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSBAR.DLL (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL (file missing)
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WIND98\SYSTEM\IEHelper.dll
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.2001.0001\NL\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\PROGRAM FILES\NAVEXCEL\NAVHELPER\V2.0.4C\NHELPER.DLL (file missing)
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\PROGRAM FILES\NAVEXCEL SEARCH TOOLBAR\NAVEXCELBAR.DLL (file missing)
O2 - BHO: BHO - {06CAD548-14DD-4fa3-9EA9-05F83C18CBD7} - C:\WIND98\SYSTEM\MSPXS32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WIND98\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.2001.0001\NL\MSNTB.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSBAR.DLL (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\PROGRAM FILES\NAVEXCEL SEARCH TOOLBAR\NAVEXCELBAR.DLL (file missing)
O4 - HKLM\..\Run: [ScanRegistry] C:\WIND98\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WIND98\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Linksts] Linksts.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [StillImageMonitor] C:\WIND98\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WIND98\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WIND98\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [Win32 Explorer] C:\WIND98\SYSTEM\explorer32.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.0002.1001\nl\msnappau.exe"
O4 - HKLM\..\Run: [Classes] C:\WIND98\SYSTEM\INTL.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE
O4 - HKCU\..\Run: [Win32 Explorer] C:\WIND98\SYSTEM\explorer32.exe
O4 - HKCU\..\Run: [Shareaza] "C:\PROGRAM FILES\SHAREAZA\SHAREAZA.EXE" -tray
O4 - HKCU\..\Run: [areslite] "C:\PROGRAM FILES\ARES LITE EDITION\ARESLITE.EXE" -h
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2.7\uzqkst.exe
O4 - Startup: Microsoft Office.lnk = C:\WIND98\Application Data\Microsoft\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\misc.exe
O4 - Startup: Rabo Session Monitor.lnk = C:\Program Files\rabotwin\RaboComm\RaboSessionMon.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk046
O15 - Trusted Zone: http://www.the-caravan.tk
O15 - Trusted Zone: http://www.de-timsite.tk
O15 - Trusted Zone: http://www.hollandcasinoeredivisie.nl
O15 - Trusted Zone: http://www.hotmail.com
O15 - Trusted Zone: http://www.marktplaats.nl
O15 - Trusted Zone: www.kpn.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O21 - SSODL: System - {CA160B40-CD36-11D8-8546-0010B5DAB632} - C:\WIND98\system32\system32.dll |
alvast bedankt voor de hulp!
Only the dead have seen the end of war (Plato)
/u/43807/ZwartGat.png?f=community)
) - we verwachten dat je zelf even aan de slag gaat met je Hijackthis logfile en zelf de entries door Google haalt, maar dat alles staat uitgelegd in 
:strip_exif()/u/88115/boegie.gif?f=community)
zo kom ik er wel uit!