Mededeling

Collapse
No announcement yet.

hijacklog van gerardina douma

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    hijacklog van gerardina douma

    Logfile of HijackThis v1.98.2
    Scan saved at 23:07:45, on 26-10-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Windows SyncroAd\SyncroAd.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe
    C:\Program Files\Windows SyncroAd\WinSync.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\CNYHKey.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\PRISMSTA.EXE
    C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
    C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
    C:\WINDOWS\DitExp.exe
    C:\WINDOWS\system32\klduna.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\SysMetrix\SysMetrix.exe
    C:\Program Files\Medion Home Cinema XL II\PowerDVD\PDVDServ.exe
    C:\Program Files\Web_Rebates\WebRebates0.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
    C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Web_Rebates\WebRebates1.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijacklog\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\flashget\FlashGet\Jccatch.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\flashget\FlashGet\fgiebar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
    O4 - HKLM\..\Run: [uxyokqaaxxes] C:\WINDOWS\system32\klduna.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Medion Home Cinema XL II\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: Ontvang alles met FlashGet - C:\Program Files\flashget\FlashGet\jc_all.htm
    O8 - Extra context menu item: Ontvang met FlashGet - C:\Program Files\flashget\FlashGet\jc_link.htm
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=168d3f0c8f5ebbd0d83ee5445ae40e55469aa3fdaf24dd3540c41ee1ea302c2d59104a57d59aa8b aedc40580da1dd4eb01d54f:eeba47ee03d937f4aaa2edc6fc4885a4
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e48c405/netzip/RdxIE601.cab
    Labels: Geen
    • Citaat
  • #2
    Hoi Gerardina,

    1. Start HijackThis, en vink onderstaande aan:

    O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file)

    O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
    O4 - HKLM\..\Run: [uxyokqaaxxes] C:\WINDOWS\system32\klduna.exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"

    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...a2edc6fc4885a4
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e4...p/RdxIE601.cab
    2. Sluit alle andere vensters en browsers, en klik op Fix Checked.

    3. Start opnieuw op in veilige modus.
    Zorg ervoor dat verborgen bestanden en mappen zichtbaar zijn: Verkenner > Extra > Mapopties > Tablad Weergave > scroll naar beneden en vink het vakje voor "Verborgen bestanden en mappen weergeven" aan.

    4. Verwijder, in veilige modus:
    Mappen
    C:\Program Files\Web_Rebates
    C:\Program Files\Windows SyncroAd

    Bestand
    C:\WINDOWS\system32\klduna.exe

    5. Start opnieuw op in normale modus, maak een nieuw logje aan met HijackThis, en post dat hier
    • Citaat

    Comment

    • #3
      de nieuwe hijacklog gerardina

      Logfile of HijackThis v1.98.2
      Scan saved at 17:50:34, on 27-10-2004
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\Dit.exe
      C:\WINDOWS\System32\RunDll32.exe
      C:\WINDOWS\mHotkey.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe
      C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
      C:\WINDOWS\CNYHKey.exe
      C:\Program Files\Ahead\InCD\InCD.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\System32\PRISMSTA.EXE
      C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
      C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\WINDOWS\DitExp.exe
      C:\Program Files\SysMetrix\SysMetrix.exe
      C:\Program Files\Medion Home Cinema XL II\PowerDVD\PDVDServ.exe
      C:\Program Files\Messenger\MSMSGS.EXE
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
      C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
      C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
      C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\System32\snmp.exe
      C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\Program Files\hijacklog\hijackthis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
      O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\flashget\FlashGet\Jccatch.dll
      O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
      O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\flashget\FlashGet\fgiebar.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
      O4 - HKLM\..\Run: [Dit] Dit.exe
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Medion Home Cinema XL II\PowerDVD\PDVDServ.exe"
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - Global Startup: BTTray.lnk = ?
      O8 - Extra context menu item: Ontvang alles met FlashGet - C:\Program Files\flashget\FlashGet\jc_all.htm
      O8 - Extra context menu item: Ontvang met FlashGet - C:\Program Files\flashget\FlashGet\jc_link.htm
      O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
      O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=168d3f0c8f5ebbd0d83ee5445ae40e55469aa3fdaf24dd3540c41ee1ea302c2d59104a57d59aa8b aedc40580da1dd4eb01d54f:eeba47ee03d937f4aaa2edc6fc4885a4
      • Citaat

      Comment

      • #4
        nog steeds toprebates

        dat prog.toprebates staat nog steeds in software op het configuratiescherm hoe is dat nu mogelijk?
        • Citaat

        Comment

        • #5
          Is het nu mogelijk TopRebates te de-installeren? Er is namelijk niets van in te zien in je logje.

          Deze mag je ook nog even fixen:
          O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...aa2edc6fc4885a4
          • Citaat

          Comment

          • #6
            Probeer eens Add/Remove 4good http://www.4dev.com/addremove/index.htm
            is een trailversie
            • Citaat

            Comment

            • #7
              toprebates

              :s ik heb hem van software verwijderd en ik zal ook die twee andere die jij zei met hijack fixen en ik hoop dat het dan goed is.ps toen ik het van software verwijderde zei hij er is een fout verschenen, met verwijderen van het prog. zal ik het prog, toprebates verwijderen?ik heb toen ja gezegd.dus het is nu afwachten,als ik die 2prog. in hijack aan vink moet ik dan ook op fixen drukken,en is dat het of moet ik nog meer doen??gerardina
              • Citaat

              Comment

              • #8
                Het programma wat bolletje aangeeft schijnt in staat te zijn programma's te de-installeren die niet verwijderd kunnen worden door Software in Configuratiescherm

                En waarschijnlijk is TopRebates een andere naam voor WebRebates, wat wél in een van je eerdere logjes stond en verwijderd is
                • Citaat

                Comment

                • #9
                  toprebates weg!!!!!!

                  het is allemaal gelukt harstikke bedankt,al 2 dagen zonder toprebates ik bedank jullie heel vriendelijk voor de oplossing,en de snelle antwoorden gerardina
                  • Citaat

                  Comment

                  • #10
                    Graag gedaan, fijn dat het opgelost is!
                    • Citaat

                    Comment

                    Vorige template Volgende
                    Sorry, you are not authorized to view this page
                    Working...
                    X