Mededeling

Collapse
No announcement yet.

hijacklog van nieke

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    hijacklog van nieke

    Logfile of HijackThis v1.98.2
    Scan saved at 20:52:18, on 19-11-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ahead\InCD\InCD.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\Program Files\Save\Save.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\Common Files\CMEII\CMESys.exe
    C:\temp\msbb.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Program Files\Windows AdControl\WinAdCtl.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows AdControl\WinAdAlt.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ClockSync\Sync.exe
    C:\Program Files\Date Manager\DateManager.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Common Files\GMT\GMT.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\Program Files\PrecisionTime\PrecisionTime.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Web_Rebates\WebRebates0.exe
    C:\Program Files\Web_Rebates\WebRebates1.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\unzipped\hijackthis\HijackThis.exe
    C:\WINDOWS\System32\exts.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.grqvslskfectcfsvr.net/vQ8gfliKkbUADR4MYxKD8nKKgq7FapmC1qv0tVu9o2WIbfuxAg0VxAkdg_LD1K8h.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStartEnter/Portal/portal.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\IEHelper.dll
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
    O2 - BHO: (no name) - {85375AC2-2533-1679-E32E-E3261009B8B8} - C:\DOCUME~1\NIEKEZ~1\APPLIC~1\FORDHO~1\Phonewave.exe
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O2 - BHO: (no name) - {DEF4AF64-B8ED-1221-B517-F8C0D4DC2074} - C:\DOCUME~1\NIEKEZ~1\APPLIC~1\FORDHO~1\Phonewave.exe
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
    O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\Aquatica\AQ3HEL~1.EXE /partner AQ3
    O4 - HKLM\..\Run: [fakhryjtcis] C:\WINDOWS\System32\elnikli.exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [dynipif] C:\WINDOWS\dynipif.exe
    O4 - HKLM\..\Run: [toolfordviewdent] C:\Documents and Settings\All Users\Application Data\Balm info tool ford\Firstpure.exe
    O4 - HKLM\..\Run: [Draw Rdr Mess Safe] C:\Documents and Settings\All Users\Application Data\send find draw rdr\Baseaxis.exe
    O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [exts] C:\WINDOWS\System32\exts.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [loadabout] C:\DOCUME~1\NIEKEZ~1\APPLIC~1\AXISBE~1\support heck copy.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk14244NL
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=dd8db6eae7b3654038237d0b84b1b7592a7c740cb737386283389eb86c385c56bc11960de953afc 8b0f8ea2e3d3e128ba9221d51f15727809397a79e20e8b65ea7:ca217fc8f18ffa8896bcf1e0be69801e
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} (Tintel Class) - http://exe.dialer.tintel.nl/tcw.cab
    O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSECS.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
    Labels: Geen
    • Citaat
  • #2
    Hoi Nieke,

    Draai eerst de programma's die in deze thread vermeld staan:

    Nucia Security Forums
    http://www.nucia.eu/forum/showthread.php?t=12


    (Ad Aware en Spybot Search & Destroy dus)

    Start hierna opnieuw op, en post een nieuw HijackThis logje hier.
    • Citaat

    Comment

    • #3
      nieuw log

      Logfile of HijackThis v1.98.2
      Scan saved at 14:43:56, on 24-11-2004
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\ahead\InCD\InCD.exe
      C:\Program Files\Winamp\Winampa.exe
      C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
      C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
      C:\Program Files\Messenger Plus! 3\MsgPlus.exe
      C:\Program Files\Windows AdControl\WinAdCtl.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Windows AdControl\WinAdAlt.exe
      C:\WINDOWS\System32\exts.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      c:\progra~1\intern~1\iexplore.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      C:\WINDOWS\System32\tcpsvcs.exe
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\PROGRA~1\WINZIP\winzip32.exe
      c:\windows\msbb.exe
      C:\Program Files\hijack this\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lunmnvccaqxdclqouqkeebsw.uk/vQ8gfliKkbUADR4MYxKD8nKKgq7FapmC1qv0tVu9o2UihFnDMBTzmAkdg_LD1K8h.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStartEnter/Portal/portal.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\spybot\Spybot - Search & Destroy\SDHelper.dll (file missing)
      O2 - BHO: (no name) - {85375AC2-2533-1679-E32E-E3261009B8B8} - C:\DOCUME~1\NIEKEZ~1\APPLIC~1\FORDHO~1\Phonewave.exe
      O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
      O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
      O2 - BHO: (no name) - {DEF4AF64-B8ED-1221-B517-F8C0D4DC2074} - C:\DOCUME~1\NIEKEZ~1\APPLIC~1\FORDHO~1\Phonewave.exe
      O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
      O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
      O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
      O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
      O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
      O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\Aquatica\AQ3HEL~1.EXE /partner AQ3
      O4 - HKLM\..\Run: [fakhryjtcis] C:\WINDOWS\System32\elnikli.exe
      O4 - HKLM\..\Run: [dynipif] C:\WINDOWS\dynipif.exe
      O4 - HKLM\..\Run: [toolfordviewdent] C:\Documents and Settings\All Users\Application Data\Balm info tool ford\Firstpure.exe
      O4 - HKLM\..\Run: [Draw Rdr Mess Safe] C:\Documents and Settings\All Users\Application Data\send find draw rdr\Baseaxis.exe
      O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [msbb] c:\windows\msbb.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [exts] C:\WINDOWS\System32\exts.exe
      O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
      O4 - HKCU\..\Run: [loadabout] C:\DOCUME~1\NIEKEZ~1\APPLIC~1\AXISBE~1\support heck copy.exe
      O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk14244NL
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
      O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=dd8db6eae7b3654038237d0b84b1b7592a7c740cb737386283389eb86c385c56bc11960de953afc 8b0f8ea2e3d3e128ba9221d51f15727809397a79e20e8b65ea7:ca217fc8f18ffa8896bcf1e0be69801e
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
      O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} (Tintel Class) - http://exe.dialer.tintel.nl/tcw.cab
      O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
      • Citaat

      Comment

      • #4
        Hoi Nieke,

        Dat ziet er al een stuk beter uit

        1. Vink onderstaande regels aan in HijackThis:

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lunmnvccaqxdclqouqkeebsw....dg_LD1K8h.html
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStartEnter/Portal/portal.html

        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\spybot\Spybot - Search & Destroy\SDHelper.dll (file missing)
        O2 - BHO: (no name) - {85375AC2-2533-1679-E32E-E3261009B8B8} - C:\DOCUME~1\NIEKEZ~1\APPLIC~1\FORDHO~1\Phonewave.exe
        O2 - BHO: (no name) - {DEF4AF64-B8ED-1221-B517-F8C0D4DC2074} - C:\DOCUME~1\NIEKEZ~1\APPLIC~1\FORDHO~1\Phonewave.exe

        O4 - HKLM\..\Run: [fakhryjtcis] C:\WINDOWS\System32\elnikli.exe
        O4 - HKLM\..\Run: [dynipif] C:\WINDOWS\dynipif.exe
        O4 - HKLM\..\Run: [toolfordviewdent] C:\Documents and Settings\All Users\Application Data\Balm info tool ford\Firstpure.exe
        O4 - HKLM\..\Run: [Draw Rdr Mess Safe] C:\Documents and Settings\All Users\Application Data\send find draw rdr\Baseaxis.exe
        O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
        O4 - HKLM\..\Run: [msbb] c:\windows\msbb.exe
        O4 - HKCU\..\Run: [exts] C:\WINDOWS\System32\exts.exe
        O4 - HKCU\..\Run: [loadabout] C:\DOCUME~1\NIEKEZ~1\APPLIC~1\AXISBE~1\support heck copy.exe

        O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZNxmk14244NL

        O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...bcf1e0be69801e
        2. Sluit alle andere vensters en browsers, en klik op de knop “Fix Checked”.

        3. Start opnieuw op in veilige modus.
        Zorg ervoor dat verborgen bestanden en mappen zichtbaar zijn: Verkenner > Extra > Mapopties > Tablad Weergave > scroll naar beneden en vink het vakje voor "Verborgen bestanden en mappen weergeven" aan.

        4. Ga naar Windows Verkenner (Rechtsklikken op Start - Verkennen). Zoek en verwijder het volgende:
        Mappen:
        C:\Documents and Settings\NIEKEZ~1\Application Data\FORDHO...
        C:\Documents and Settings\NIEKEZ~1\Application Data\AXISBE...
        C:\Documents and Settings\All Users\Application Data\Balm info tool ford
        C:\Documents and Settings\All Users\Application Data\send find draw rdr
        C:\Program Files\Windows AdControl
        C:\Program Files\MStartEnter

        Bestanden:
        C:\WINDOWS\System32\elnikli.exe
        C:\WINDOWS\dynipif.exe
        C:\WINDOWS\msbb.exe
        C:\WINDOWS\System32\exts.exe

        5. Start opnieuw op in normale modus, maak een nieuw logje aan met HijackThis, en post dat hier
        • Citaat

        Comment

        • #5
          alvast bedankt!



          Logfile of HijackThis v1.98.2
          Scan saved at 15:41:45, on 25-11-2004
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\ahead\InCD\InCD.exe
          C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
          C:\Program Files\Logitech\iTouch\iTouch.exe
          C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
          C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
          C:\WINDOWS\System32\tcpsvcs.exe
          C:\WINDOWS\system32\slserv.exe
          C:\Program Files\MSN Messenger\msnmsgr.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\hijack this\HijackThis.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tbopxjoucdzvtturcbxwtlvj.com/vQ8gfliKkbUADR4MYxKD8nKKgq7FapmC1qv0tVu9o2UEX/WcA7Gzowkdg_LD1K8h.html
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
          O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
          O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
          O2 - BHO: (no name) - {DEF4AF64-B8ED-1221-B517-F8C0D4DC2074} - C:\DOCUME~1\NIEKEZ~1\APPLIC~1\FORDHO~1\Phonewave.exe (file missing)
          O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
          O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
          O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
          O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
          O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
          O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
          O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\Aquatica\AQ3HEL~1.EXE /partner AQ3
          O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
          O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
          O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
          O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
          O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} (Tintel Class) - http://exe.dialer.tintel.nl/tcw.cab
          O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
          • Citaat

          Comment

          • #6
            nieuw log

            ik heb hitman pro gedownload en die laten draaien. een van de programma's vond dit bestand c:\windows\smcfg.exe
            kunt u mij vertellen of ik die kan laten deleten of niet?

            Logfile of HijackThis v1.98.2
            Scan saved at 0:15:59, on 29-12-2004
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\csrss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\ahead\InCD\InCD.exe
            C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
            C:\Program Files\Logitech\iTouch\iTouch.exe
            C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
            C:\Program Files\Winamp\winampa.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
            C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
            C:\WINDOWS\System32\tcpsvcs.exe
            C:\WINDOWS\system32\slserv.exe
            C:\WINDOWS\system32\wdfmgr.exe
            C:\WINDOWS\System32\alg.exe
            C:\Program Files\MSN Messenger\msnmsgr.exe
            C:\Program Files\Kazaa Lite\kazaalite.kpp
            C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Program Files\hijack this\HijackThis.exe

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tbopxjoucdzvtturcbxwtlvj.com/vQ8gfliKkbUADR4MYxKD8nKKgq7FapmC1qv0tVu9o2UEX/WcA7Gzowkdg_LD1K8h.html
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
            O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
            O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
            O2 - BHO: (no name) - {DEF4AF64-B8ED-1221-B517-F8C0D4DC2074} - C:\DOCUME~1\NIEKEZ~1\APPLIC~1\FORDHO~1\Phonewave.exe (file missing)
            O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
            O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
            O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
            O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
            O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
            O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
            O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\Aquatica\AQ3HEL~1.EXE /partner AQ3
            O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
            O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
            O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
            O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
            O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
            O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
            O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
            O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
            O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} (Tintel Class) - http://exe.dialer.tintel.nl/tcw.cab
            O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
            • Citaat

            Comment

            • #7
              Hoi Nieke,

              Het is al een aardig tijdje geleden, maar jouw topic is me blijkbaar ontgaan... Excuses daarvoor.

              Update even naar HijackThis 1.99.1:

              Nucia Security Forums
              http://www.nucia.eu/downloads/hijackthis/index.html


              Maak hiermee een vers logje aan, en post dat hier.
              • Citaat

              Comment

              Vorige template Volgende
              Sorry, you are not authorized to view this page
              Working...
              X