Archief - De topics van lang geleden

Help. Hoe movieland verwijderen ?

09-01-2006, 18:54 door mgilis, 1 reacties
Heb sinds enkele weken Movieland op mijn PC.
Hieronder volgt de Hijack-log

Logfile of HijackThis v1.99.1
Scan saved at 18:31:58, on 9/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSExplorer.EXE
C:WINDOWSBCMSMMSG.exe
C:WINDOWSSystem32DSentry.exe
C:Program FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesItBillitbill.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesSkypePhoneSkype.exe
C:PROGRA~1P2PNET~1P2PNET~1.EXE
C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe
C:Program FilesKodakKODAK Software Updater7288971
ProgrambackWeb-7288971.exe
C:Program FilesNetwork AssociatesVirusScanAvsynmgr.exe
C:WINDOWSsystem32driversKodakCCS.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSSystem32nvsvc32.exe
C:program filescommon filesSiemensS7IEPGs7oiehsx.exe
C:WINDOWSSystem32ScsiAccess.EXE
C:Program FilesNetwork AssociatesVirusScanVsStat.exe
C:Program FilesNetwork AssociatesVirusScanVshwin32.exe
C:Program FilesNetwork AssociatesVirusScanAvconsol.exe
C:Program FilesCommon FilesNetwork
AssociatesMcShieldMcshield.exe
C:WINDOWSSystem32wuauclt.exe
C:Program FilesInternet Exploreriexplore.exe
C:movieland_oplossingHijackThis1991.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://www.telenet.be
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.nieuwsblad.be/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://www.telenet.be
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL
= http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.telenet.be
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
http://ie.search.msn.com/nl/srchasst/srchasst.htm
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
http://ie.search.msn.com/nl/srchasst/srchcust.htm
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext =
iexplore
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title =
Telenet Internet
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet
Settings,AutoConfigURL = http://pac.telenet.be:8080
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet
Settings,ProxyOverride = localhost
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName
= Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0
ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} -
C:Program FilesMSN AppsST1.03.0000.1005en-xustmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:Program FilesMSN AppsMSN
Toolbar1.02.4000.1001nlmsntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:Program FilesMSN AppsMSN Toolbar1.02.4000.1001nlmsntb.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM..Run: [DVDSentry] C:WINDOWSSystem32DSentry.exe
O4 - HKLM..Run: [AdaptecDirectCD] "C:Program FilesRoxioEasy CD
Creator 5DirectCDDirectCD.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program
FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [MediaPipe P2P Loader] "C:Program
Filesp2pnetworksmpp2pl.exe" /H
O4 - HKLM..Run: [Notification Utility] "C:Program FilesItBillitbill.exe"
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [Skype] "C:Program
FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:Program
FilesCommon FilesAutodesk Sharedacstart16.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:Program
FilesKodakKodak EasyShare softwarebinEasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:Program
FilesKodakKODAK Software Updater7288971ProgrambackWeb-
7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft
OfficeOffice10OSA.EXE
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZRxdm352YYBE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:PROGRA~1MICROS~3Office10EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O16 - DPF: Yahoo! Chess -
http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} -
http://download.movienetworks.com/install/US/altpmtscab.cab
O16 - DPF: {6986A6CF-9D58-11D6-91C2-00E02964E8E3} -
http://www.peterpaulxxx.com/iconos/dialer/pagomast.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf
Class) - http://gamezone.telenet.be/static/ocx/ExentCtl.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall
Besturing) - http://virusscan.zdnet.be/housecall/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio
UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan
Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan
Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-
us/tools/mcfscan/1,5,0,4333/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat
Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:Program
FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:Program
FilesNetwork AssociatesVirusScanAvsynmgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:Program FilesCommon FilesInstallShieldDriver1050
Intel 32IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) -
Eastman Kodak Company - C:WINDOWSsystem32
driversKodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: McShield - Unknown owner - C:Program FilesCommon
FilesNetwork AssociatesMcShieldMcshield.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -
C:Program FilesIntelNCSSyncNetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:WINDOWSSystem32nvsvc32.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG -
C:program filescommon filesSiemensS7IEPGs7oiehsx.exe
O23 - Service: ScsiAccess - Unknown owner - C:WINDOWSSystem32
ScsiAccess.EXE
Reacties (1)
10-01-2006, 16:21 door G-Force
Ik stel voor dat je Microsoft Antispyware Beta download (als je een legale
Windows versie hebt) en je gehele computer afscant. Alles wat je vindt dat
van Movieland afkomstig is, moet je dan verwijderen. Ik zie trouwens in je logbestand de volgende map: C:Program FilesitBillitbill.exe. Deze map moet je verwijderen, want ook bij andere Movieland geïnfecteerden komen we deze map tegen.

Ik zie ook dat je Systeem Register kennelijk is aangetast door Movieland. Maar voordat je daaraan begint, eerst een volledige scan doen met Microsoft AntiSpyware Beta.


Probeer het eens en laat het me dan even weten of het gelukt is.

Succes.
Reageren

Deze posting is gelocked. Reageren is niet meer mogelijk.