Mededeling

Collapse
No announcement yet.

Fernandez Log

Collapse
X
  •  
  • Tijd
  • Show
Clear All
new posts

  • Fernandez Log

    [1staid]

    Mijn Log, please help

    ------------------------------------------------------------

    Logfile of HijackThis v1.99.0
    Scan saved at 1:42:58, on 23-12-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\Smtray.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\INTERN~1\iexplore.exe
    C:\Hijack This\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vi.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=3C01&lc=0413&s=search&ap=b204
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vi.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.scmb.com/searchbar.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Pollprogramatom - {5C523B71-CF3D-CFEB-6DE2-01DF85FDC881} - C:\PROGRA~1\IDOLBU~1\jump mail.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: THATPLANTOOL - {C814CAFC-25E1-A11C-C575-7EC0D43D84DA} - C:\PROGRA~1\IDOLBU~1\jump mail.dll (file missing)
    O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [Smapp] Smtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "c:\program files\Quick Time\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://advnt01.com/dialer/olanda_ver3.CAB
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class) - http://www.grand-marnier.com/gmv2/download/sitemenu.dll
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030523/qtinstall.info.apple.com/drakken/nl/win/QuickTimeInstaller.exe
    O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://plugins.10er.nl/spermaslikkersnl348.exe
    O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://nl.ea.com/downloads/games/common/snoopy/iesnoopy.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) - file://C:\Program Files\Games\FIFA 2004\update.1.1\patchx2.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://virusscan.zdnet.be/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/english/5.0/win/PulsePlayer5AxWin.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/nike/nikemagiafootball/install.cab
    O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.nwales-traffic.co.uk/files/activex/camera.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea1fd.sea1.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

  • #2
    Wil iemand aub mijn log ff checken en mij vertellen wat ik vervolgens moet doen?

    Comment


    • #3
      Oorspronkelijk geplaatst door Fernandez
      Wil iemand aub mijn log ff checken en mij vertellen wat ik vervolgens moet doen?
      Je zal gewoon geduldig moeten wachten tot je log wordt nageken.
      Mensen die de log's nakijken hebben ook nog een privé leven.
      Grtz Lex.

      Kijk ook even naar ==> de huisregels <==, dit kan zeer verhelderend werken.
      Moederbord / Processor; Gigabyte GA-X58 Extreme / Core i7 920 2,66GHz @3,67GHz.
      Koeler; Thermal right 120 Ultra Extreme met Sharkoon 120x120x25mm fan.
      Geheugen / Harddisks; Dominator GT 6GB 1600MHz in Triple-channel / OCZ Agility 2 60GB (SSD), OCZ Agility 2 120GB (SSD).
      Videokaarten / Monitoren; 2x Club3d GTX460 Overclocked Edition in SLI / 2x Samsung 2253BW (22 inch).
      Branders; Plextor 820SA.
      Speakers; Logitech z5500.
      Toetsenbord / Muis; Logitech G15 / G5.

      Comment


      • #4
        Ok ik zal geduldig zijn, maar ik ben nogal benieuwd in hoeverre mn computer erop vooruit gaat als Hijack This mn comp heeft gescant

        Comment


        • #5
          Hoi Fernandez,

          Kijk even uit met welke porno sites je in het vervolg bezoekt... Diverse rotzooi is zeer waarschijnlijk via deze sites binnengekomen.

          1. Vink onderstaande regels aan in HijackTHis:

          R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.scmb.com/searchbar.html
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          R3 - Default URLSearchHook is missing

          O2 - BHO: Pollprogramatom - {5C523B71-CF3D-CFEB-6DE2-01DF85FDC881} - C:\PROGRA~1\IDOLBU~1\jump mail.dll (file missing)
          O3 - Toolbar: THATPLANTOOL - {C814CAFC-25E1-A11C-C575-7EC0D43D84DA} - C:\PROGRA~1\IDOLBU~1\jump mail.dll (file missing)
          O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)

          O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe

          O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://advnt01.com/dialer/olanda_ver3.CAB
          O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://plugins.10er.nl/spermaslikkersnl348.exe
          O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...ll/install.cab
          2. Sluit alle andere vensters en browsers, en klik op de knop “Fix Checked”.

          3. Start opnieuw op in veilige modus.
          Zorg ervoor dat verborgen bestanden en mappen zichtbaar zijn: Verkenner > Extra > Mapopties > Tablad Weergave > scroll naar beneden en vink het vakje voor "Verborgen bestanden en mappen weergeven" aan.

          4. Ga naar Windows Verkenner (Rechtsklikken op Start - Verkennen). Zoek en verwijder het volgende:
          C:\Program Files\Windows ControlAd << map

          5. Start opnieuw op in normale modus, maak een nieuw logje aan met HijackThis, en post dat hier

          Comment


          • #6
            hehehehe uh ok dank je, maar dit is de stomste vraag die je ooit heb gehad, maar hoe start je op in veilige modus?

            Comment


            • #7
              Ok sorry iets te snel om hulp gevraagd, veilige modus is gelukt,ik heb ALLE stappen uitgevoerd, maar bij het verkennen kom ik nergens de map Windows Conrtol ad tegen. Dus ik heb hier nu wel het huidige logje bijgevoegd maar ik weet niet of deze nu wel is geworden zoals de bedoeling was.

              Logfile of HijackThis v1.99.0
              Scan saved at 17:01:46, on 23-12-2004
              Platform: Windows XP SP1 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\System32\Smtray.exe
              C:\WINDOWS\System32\RUNDLL32.EXE
              C:\WINDOWS\System32\ctfmon.exe
              C:\Program Files\MSN Messenger\msnmsgr.exe
              C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
              C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
              C:\WINDOWS\System32\nvsvc32.exe
              C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\WINDOWS\System32\wuauclt.exe
              C:\Hijack This\hijackthis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vi.nl/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=3C01&lc=0413&s=search&ap=b204
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vi.nl
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
              O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
              O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
              O4 - HKLM\..\Run: [Smapp] Smtray.exe
              O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\Quick Time\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
              O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
              O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
              O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
              O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
              O4 - Global Startup: BTTray.lnk = ?
              O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
              O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
              O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
              O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
              O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
              O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
              O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class) - http://www.grand-marnier.com/gmv2/download/sitemenu.dll
              O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030523/qtinstall.info.apple.com/drakken/nl/win/QuickTimeInstaller.exe
              O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://nl.ea.com/downloads/games/common/snoopy/iesnoopy.cab
              O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
              O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) - file://C:\Program Files\Games\FIFA 2004\update.1.1\patchx2.cab
              O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
              O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
              O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://virusscan.zdnet.be/housecall/xscan53.cab
              O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
              O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
              O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/english/5.0/win/PulsePlayer5AxWin.cab
              O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.nwales-traffic.co.uk/files/activex/camera.cab
              O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
              O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea1fd.sea1.hotmail.msn.com/activex/HMAtchmt.ocx
              O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
              O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
              O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
              O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

              Comment


              • #8
                Hoi Fernandez,

                Dat is geen stomme vraag hoor, domme vragen bestaan niet

                Ik zou zelf deze regel nog even fixen, om die melding die je bij elke opstart krijgt uit te schakelen:
                O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

                (Mocht hij er niet staan is dat keurig).

                Voor de rest is er niets verkeerds meer te zien in het logje

                Comment


                • #9
                  Ok he toppie, bedankt

                  Comment

                  Sorry, you are not authorized to view this page
                  Working...
                  X
                  😀
                  🥰
                  🤢
                  😎
                  😡
                  👍
                  👎