Mededeling

Collapse
No announcement yet.

Mijn logje

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Mijn logje

    Mijn log:

    Logfile of HijackThis v1.98.2
    Scan saved at 20:21:12, on 25-9-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\WINDOWS\mHotkey.exe
    C:\WINDOWS\CNYHKey.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
    C:\WINDOWS\System32\PRISMSTA.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\klduna.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\ewupdater.exe
    C:\windows\redirect7.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\RealPopup\RealPopup.exe
    D:\Shareaza\Shareaza.exe
    C:\WINDOWS\DitExp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Kazaa Lite\kazaalite.kpp
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\NORTON~1\navw32.exe
    C:\Documents and Settings\Joeri\Local Settings\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vi.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.easywebsearch.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.easywebsearch.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.easywebsearch.nl/ie.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 80.69.74.15 auto.search.msn.com
    O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: BHO Class - {C77E900A-FF55-400E-9BAA-E042C8212898} - C:\Program Files\SimpelInternet\Easybar\ToolbarStarter.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Easybar - {9AD55269-A21C-4260-BA7F-866FD09E8A8E} - C:\Program Files\SimpelInternet\Easybar\EasyBarShell.dll (file missing)
    O3 - Toolbar: DotComToolbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - c:\windows\toolbar_nieuw14.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [WatchDogExe] C:\Program Files\Voetbal International\WatchDog.Exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
    O4 - HKLM\..\Run: [qhhhgutdomu] C:\WINDOWS\System32\klduna.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [easywww] C:\windows\easywww2.exe
    O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe
    O4 - HKLM\..\Run: [redirect] C:\windows\redirect7.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [RealPopup] "C:\Program Files\RealPopup\RealPopup.exe" BOOT
    O4 - HKCU\..\Run: [Shareaza] "D:\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O8 - Extra context menu item: &RSDN Search - res://c:\windows\toolbar_nieuw14.dll/GoRSDN.dll.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
    O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} - http://www.advnt01.com/dialer/olanda_ver3.CAB
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {3F2705D0-C9D8-4020-A15C-E495A0050EC6} (Easywebinstaller Control) - http://s7.blingblingcontent.com/toolbarcash/activex/easywebinstaller.ocx
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e48c405/netzip/RdxIE601.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28177.cab

    Hopen dat jullie mij kunnen helpen...
    Labels: Geen
    • Citaat
  • #2
    Hoi Joeri,

    Tuurlijk ga ik je helpen

    1. Ga naar Deze Computer, dubbelklik daar op C. Dubbelklik op Program Files. Klik nu op "Bestand" > "Nieuw" > "Map". Noem deze map HJT of HijackThis. Plaats nu de HijackThis.exe in DIE map. Draai in het vervolg HijackThis vanuit DIE map . Dit in verband met de backups die dit programma maakt

    2. Vink deze aan in HijackThis:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.easywebsearch.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.easywebsearch.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.easywebsearch.nl/ie.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

    O1 - Hosts: 80.69.74.15 auto.search.msn.com

    O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
    O2 - BHO: BHO Class - {C77E900A-FF55-400E-9BAA-E042C8212898} - C:\Program Files\SimpelInternet\Easybar\ToolbarStarter.dll (file missing)

    O3 - Toolbar: Easybar - {9AD55269-A21C-4260-BA7F-866FD09E8A8E} - C:\Program Files\SimpelInternet\Easybar\EasyBarShell.dll (file missing)

    O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
    O4 - HKLM\..\Run: [qhhhgutdomu] C:\WINDOWS\System32\klduna.exe
    O4 - HKLM\..\Run: [easywww] C:\windows\easywww2.exe
    O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe
    O4 - HKLM\..\Run: [redirect] C:\windows\redirect7.exe

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O16 - DPF: {3F2705D0-C9D8-4020-A15C-E495A0050EC6} (Easywebinstaller Control) - http://s7.blingblingcontent.com/tool...binstaller.ocx
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e4...p/RdxIE601.cab

    3. Sluit alle andere vensters en browsers, en klik op Fix Checked.

    4. Start opnieuw op in veilige modus.
    Zorg ervoor dat verborgen bestanden en mappen zichtbaar zijn: Verkenner > Extra > Mapopties > Tablad Weergave > scroll naar beneden en vink het vakje voor "Verborgen bestanden en mappen weergeven" aan.

    Verwijder, in veilige modus:
    Map
    C:\Program Files\SimpelInternet

    Bestanden
    C:\windows\redirect7.exe
    C:\WINDOWS\ewupdater.exe
    C:\windows\easywww2.exe
    C:\WINDOWS\System32\klduna.exe
    C:\WINDOWS\wdskctl.exe

    5. Start opnieuw op in normale modus, maak een nieuw logje aan met HijackThis, en post dat hier
    • Citaat

    Comment

    • #3
      Hoe moet je ook alweer op starten in veilige modus, moet je dan op F8 drukken tijdens het opstarten??? Of was dat iets anders...
      • Citaat

      Comment

      • #4
        Inderdaad
        • Citaat

        Comment

        • #5
          Logfile of HijackThis v1.98.2
          Scan saved at 22:24:06, on 25-9-2004
          Platform: Windows XP SP1 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
          C:\WINDOWS\System32\RunDll32.exe
          C:\WINDOWS\CNYHKey.exe
          C:\WINDOWS\Dit.exe
          C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
          C:\WINDOWS\System32\PRISMSTA.EXE
          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          C:\Program Files\Voetbal International\WatchDog.Exe
          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
          C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\Program Files\MSN Messenger\msnmsgr.exe
          C:\Program Files\RealPopup\RealPopup.exe
          D:\Shareaza\Shareaza.exe
          C:\WINDOWS\System32\ctfmon.exe
          C:\WINDOWS\DitExp.exe
          C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\Program Files\Norton AntiVirus\navapsvc.exe
          C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
          C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
          C:\WINDOWS\System32\wuauclt.exe
          C:\Documents and Settings\Joeri\Local Settings\Temp\Tijdelijke map 3 voor hijackthis.zip\HijackThis.exe
          C:\Program Files\Messenger\msmsgs.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vi.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
          O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: DotComToolbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - c:\windows\toolbar_nieuw14.dll
          O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
          O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
          O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
          O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
          O4 - HKLM\..\Run: [Dit] Dit.exe
          O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
          O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
          O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
          O4 - HKLM\..\Run: [WatchDogExe] C:\Program Files\Voetbal International\WatchDog.Exe
          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
          O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [jtwwybioxuxin] C:\WINDOWS\System32\klduna.exe
          O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe
          O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
          O4 - HKCU\..\Run: [RealPopup] "C:\Program Files\RealPopup\RealPopup.exe" BOOT
          O4 - HKCU\..\Run: [Shareaza] "D:\Shareaza\Shareaza.exe" -tray
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
          O8 - Extra context menu item: &RSDN Search - res://c:\windows\toolbar_nieuw14.dll/GoRSDN.dll.htm
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
          O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
          O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
          O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
          O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} - http://www.advnt01.com/dialer/olanda_ver3.CAB
          O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
          O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
          O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
          O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
          O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
          O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28177.cab


          Dit is het logje nadat ik je instructies heb op gevolgt...
          • Citaat

          Comment

          • #6
            Zie nog even stap 1 van de vorige instructies

            1. Deze aanvinken en fixen in HijackThis:

            O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll

            O3 - Toolbar: DotComToolbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - c:\windows\toolbar_nieuw14.dll

            O4 - HKLM\..\Run: [jtwwybioxuxin] C:\WINDOWS\System32\klduna.exe
            O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe

            O8 - Extra context menu item: &RSDN Search - res://c:\windows\toolbar_nieuw14.dll/GoRSDN.dll.htm

            O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} - http://www.advnt01.com/dialer/olanda_ver3.CAB

            2. Start opnieuw op in veilige modus, en verwijder:
            C:\WINDOWS\ewupdater.exe
            C:\WINDOWS\System32\klduna.exe
            c:\windows\toolbar_nieuw14.dll

            3. Start opnieuw op in normale modus, maak een nieuw logje aan met HijackThis, en post dat hier
            • Citaat

            Comment

            • #7
              OK, maar als ik zoek naar dat klduna.exe dan vind de computer helemaal niets, hetzelfde geld voor ewupdater.exe
              • Citaat

              Comment

              • #8
                Het logje, zonder dat ik klduna.exe en ewupdater.exe heb weggehaalt. En vreemd genoeg stond O8 - Extra context menu item: &RSDN Search - res://c:\windows\toolbar_nieuw14.dll/GoRSDN.dll.htm er niet meer bij.

                Logfile of HijackThis v1.98.2
                Scan saved at 12:37:20, on 26-9-2004
                Platform: Windows XP SP1 (WinNT 5.01.2600)
                MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                C:\WINDOWS\Explorer.EXE
                C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                C:\WINDOWS\System32\RunDll32.exe
                C:\WINDOWS\mHotkey.exe
                C:\WINDOWS\CNYHKey.exe
                C:\WINDOWS\Dit.exe
                C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
                C:\WINDOWS\System32\PRISMSTA.EXE
                C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                C:\Program Files\Voetbal International\WatchDog.Exe
                C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
                C:\Program Files\QuickTime\qttask.exe
                C:\Program Files\MSN Messenger\msnmsgr.exe
                C:\Program Files\RealPopup\RealPopup.exe
                D:\Shareaza\Shareaza.exe
                C:\WINDOWS\System32\ctfmon.exe
                C:\WINDOWS\DitExp.exe
                C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
                C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                C:\Program Files\Norton AntiVirus\navapsvc.exe
                C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
                C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
                C:\WINDOWS\System32\wuauclt.exe
                C:\Documents and Settings\Joeri\Local Settings\Temp\Tijdelijke map 4 voor hijackthis.zip\HijackThis.exe
                C:\Program Files\Messenger\msmsgs.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vi.nl/
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
                O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
                O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
                O4 - HKLM\..\Run: [Dit] Dit.exe
                O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
                O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
                O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
                O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
                O4 - HKLM\..\Run: [WatchDogExe] C:\Program Files\Voetbal International\WatchDog.Exe
                O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
                O4 - HKCU\..\Run: [RealPopup] "C:\Program Files\RealPopup\RealPopup.exe" BOOT
                O4 - HKCU\..\Run: [Shareaza] "D:\Shareaza\Shareaza.exe" -tray
                O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
                O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
                O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
                O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
                O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
                O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
                O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
                O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
                O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
                O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28177.cab
                • Citaat

                Comment

                • #9
                  Oorspronkelijk geplaatst door joeri_arndt
                  OK, maar als ik zoek naar dat klduna.exe dan vind de computer helemaal niets, hetzelfde geld voor ewupdater.exe
                  Heb je het zoeken naar verborgen bestanden ook ingeschakeld staan? Dit kun je vinden onder geavanceerde zoekopties en in verkenner bij
                  "Start, instellingen, configscherm, mapopties, 2e tabblad, "verborgen bestanden en mappen weergeven"."


                  Het rapaille dat per Przewalskipaard arriveerde bij het feeëriek gesitueerde etablissement - komma -

                  "Verwar de waarheid niet met de mening van de meerderheid"
                  • Citaat

                  Comment

                  • #10
                    Oorspronkelijk geplaatst door Admin
                    Heb je het zoeken naar verborgen bestanden ook ingeschakeld staan? Dit kun je vinden onder geavanceerde zoekopties en in verkenner bij
                    "Start, instellingen, configscherm, mapopties, 2e tabblad, "verborgen bestanden en mappen weergeven"."
                    Ja, die staat aan...
                    • Citaat

                    Comment

                    • #11
                      1. Ga naar Deze Computer, dubbelklik daar op C. Dubbelklik op Program Files. Klik nu op "Bestand" > "Nieuw" > "Map". Noem deze map HJT of HijackThis. Plaats nu de HijackThis.exe in DIE map. Draai in het vervolg HijackThis vanuit DIE map . Dit in verband met de backups die dit programma maakt
                      Moet ik het quoten? Je draait het nog steeds vanuit een tijdelijke map...

                      Maargoed, je logje is schoon nu

                      Problemen ook opgelost?
                      • Citaat

                      Comment

                      Vorige template Volgende
                      Sorry, you are not authorized to view this page
                      Working...
                      X