Mededeling

Collapse
No announcement yet.

Log Wil

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Log Wil

    Logfile of HijackThis v1.98.2
    Scan saved at 19:42:51, on 23-11-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Program Files\Classic PhoneTools\CapFax.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\PocketCam 3Mega\ICON.EXE
    C:\lotus\wordpro\ltsstart.exe
    C:\lotus\smartctr\suitest.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.shnzbqlmafgdfeoplwukvnk.info/G2QV/rdPfS6hJj9/054KeMhBHGA_zBc4jL9wTAxXPmlVxdr_qyYPpDmggqPHG3KR.jpg
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yipuddaavnraanqyxrognz.com/G2QV/rdPfS5lwolx8XFTDdFnny7Jz9SDMRKllM4GEKY.jsp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://kitcentral.wanadoo.nl/cgi/redir.pl?prd=ie&pver=6.0&ar=ie6update
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Wanadoo
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.wanadoo.nl:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.wanadoo.nl;signup.wanadoo.nl;;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1E51705A-2D56-BF99-CFB0-C2221D89A18A} - C:\DOCUME~1\KARINA~1\APPLIC~1\ProcLove\poll eggs.exe
    O2 - BHO: (no name) - {459285FC-B088-BBC1-9989-D9C4D95C3946} - C:\DOCUME~1\KARINA~1\APPLIC~1\ProcLove\poll eggs.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Size soap dog win] C:\Documents and Settings\All Users\Application Data\Grid Drive Size Soap\Seek acid.exe
    O4 - HKLM\..\Run: [mp3regsbonelies] C:\Documents and Settings\All Users\Application Data\DentFilmMp3Regs\dog more.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Wanadoo Menu] C:\Program Files\Wanadoo\NL\Mnu\IGOMNU.EXE /S:T
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [ball less] C:\DOCUME~1\KARINA~1\APPLIC~1\SETTIN~1\partextrameal.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
    O4 - Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: PocketCam 3Mega Monitor.lnk = ?
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl/
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
    Labels: Geen
    • Citaat
  • #2
    Hi KarinAx,

    Het is handig om deze pagina op te slaan in je favorieten zodat je deze makkelijker kan vinden wanneer je terugkomt.

    Start HijackThis, klik op "Scan" and kruis de volgende onderdelen aan.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.shnzbqlmafgdfeoplwukvnk.i...mggqPHG3KR.jpg
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yipuddaavnraanqyxrognz.co...RKllM4GEKY.jsp

    O2 - BHO: (no name) - {1E51705A-2D56-BF99-CFB0-C2221D89A18A} - C:\DOCUME~1\KARINA~1\APPLIC~1\ProcLove\poll eggs.exe
    O2 - BHO: (no name) - {459285FC-B088-BBC1-9989-D9C4D95C3946} - C:\DOCUME~1\KARINA~1\APPLIC~1\ProcLove\poll eggs.exe

    O4 - HKLM\..\Run: [Size soap dog win] C:\Documents and Settings\All Users\Application Data\Grid Drive Size Soap\Seek acid.exe
    O4 - HKLM\..\Run: [mp3regsbonelies] C:\Documents and Settings\All Users\Application Data\DentFilmMp3Regs\dog more.exe
    O4 - HKCU\..\Run: [ball less] C:\DOCUME~1\KARINA~1\APPLIC~1\SETTIN~1\partextrameal.exe

    Sluit alle programma's, inclusief browsers, behalve HijackThis. Klik op "Fix checked".

    Start je computer in beveiligde modus. Hoe start ik mijn computer in veilige modus?

    Zorg dat je verborgen bestanden kan zien. Hoe toon ik verborgen bestanden?

    Mappen en bestanden met een tilde (~) betekenen dat er een map/bestand is dat begint met de 6 letters voor de tilde, houdt rekening ermee dat er spaties in kunnen staan. Als er meer dan één is, post dan wat gevonden is. Verwijder niet!

    Verwijder de volgende bestanden in rood (het kan zijn dat ze al verwijderd zijn):

    C:\Documents And Settings\KARINA~1\Application Data\Settings\partextrameal.exe

    Verwijder de volgende mappen in rood (het kan zijn dat deze al verwijderd zijn):

    C:\Documents And Settings\KARINA~1\Application Data\ProcLove
    C:\Documents and Settings\All Users\Application Data\Grid Drive Size Soap
    C:\Documents and Settings\All Users\Application Data\DentFilmMp3Regs

    Herstart de computer en post een nieuwe log in deze thread.
    • Citaat

    Comment

    • #3
      Log Wil2

      Hierbij het nieuwe logje:


      Logfile of HijackThis v1.98.2
      Scan saved at 21:17:24, on 24-11-2004
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\SYSTEM32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\System32\LXSUPMON.EXE
      C:\Program Files\Classic PhoneTools\CapFax.EXE
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\Messenger Plus! 3\MsgPlus.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\PocketCam 3Mega\ICON.EXE
      C:\lotus\wordpro\ltsstart.exe
      C:\lotus\smartctr\suitest.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Norton AntiVirus\SAVScan.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\hijackthis\HijackThis.exe
      C:\Program Files\Mozilla Firefox\firefox.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qiwvbovrqydbt.org/G2QV/rdPfS6hJj9/054KeMhBHGA_zBc4jL9wTAxXPmmQY4FuR1p46DmggqPHG3KR.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://kitcentral.wanadoo.nl/cgi/redir.pl?prd=ie&pver=6.0&ar=ie6update
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Wanadoo
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.wanadoo.nl:8080
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.wanadoo.nl;signup.wanadoo.nl;;<local>
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
      O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
      O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
      O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
      O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Wanadoo Menu] C:\Program Files\Wanadoo\NL\Mnu\IGOMNU.EXE /S:T
      O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
      O4 - Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: PocketCam 3Mega Monitor.lnk = ?
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl/
      O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
      O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
      • Citaat

      Comment

      • #4
        Hi KarinAx,

        Start HijackThis, klik op "Scan" and kruis de volgende onderdelen aan.

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qiwvbovrqydbt.org/G2QV/rd...ggqPHG3KR.html

        Sluit alle programma's, inclusief browsers, behalve HijackThis. Klik op "Fix checked". Herstart de computer en post een nieuwe log in deze thread.
        • Citaat

        Comment

        Vorige template Volgende
        Sorry, you are not authorized to view this page
        Working...
        X