Mededeling

Collapse
No announcement yet.

pc erg traag IE

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    pc erg traag IE

    Mijn pc is sinds de laatste tijd HEEL erg traag geworden. Ik gebruik hitman Pro en die heeft heel veel spyware weggehaald maar de pc blijft erg traag. Ook verschijnt er als ik Internet Explorer open een popup komen die meestal leeg blijft hieronder staat mijn log.

    Logfile of HijackThis v1.99.0
    Scan saved at 21:26:08, on 28-12-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Motherboard Monitor 5\MBM5.EXE
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Atomic Clock Sync\Atomic.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\LMPC\lockpc.exe
    C:\program files\steam\steam.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\BestPopUpKiller\BestPopupKiller.exe
    C:\Program Files\RssReader\RssReader.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\GetRight\getright.exe
    C:\Program Files\GetRight\getright.exe
    C:\Program Files\WinKey\WinKey.exe
    C:\xampp\apache\bin\Apache.exe
    C:\xampp\FileZillaFTP\FileZillaServer.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\xampp\apache\bin\Apache.exe
    c:\Program Files\ArGo Software Design\Mail Server\mlsrvnt.exe
    C:\xampp\mysql\bin\mysqld-nt.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\One eye\Bureaublad\hijackthis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.uqqkomakcjnyicztfd.com/JSuoFG5F6m6lweFqBsk/KmXrqC3lcDMzg0EN07gOwX22JxywGnw_LYpR88N8omNe.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://127.0.0.1:8080/proxyconf
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5069F07D-8A5D-4B18-319D-423C9A96E20A} - C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\Idolmeow\ExtraGreat.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Meal Burn New 01] C:\Documents and Settings\All Users\Application Data\scr keep meal burn\antiitch.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Lock My PC] C:\Program Files\LMPC\lockpc.exe /s
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [One find] C:\DOCUME~1\ONEEYE~1\APPLIC~1\DOESSO~1\bibbindfork.exe
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: apache_start.bat
    O4 - Startup: FileZillaFTP_start.bat
    O4 - Startup: mysql_start.bat
    O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
    O4 - Global Startup: Lock My PC.lnk = C:\Program Files\LMPC\lockpc.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinKey.lnk = C:\Program Files\WinKey\WinKey.exe
    O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O23 - Service: Apache2 - Apache Software Foundation - C:\xampp\apache\bin\Apache.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: FileZilla Server FTP server - Unknown - C:\xampp\FileZillaFTP\FileZillaServer.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: ArGoSoft Mail Server - ArGo Software Design - c:\Program Files\ArGo Software Design\Mail Server\mlsrvnt.exe
    O23 - Service: MySQL - Unknown - C:\xampp\mysql\bin\mysqld-nt.exe
    O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NOD32 Kernel Service - Unknown - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: VNC Server Version 4 - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    Labels: Geen
    • Citaat
  • #2
    Om de lop infectie te verwijderen volg deze stappen


    vervolgens verwijdere van SpyKiller want deze is zo nep als het maar zijn kan


    dan hitmanpro opnieuw zijn werk laten doe


    post dan een vers hijackthis logje
    not so Helpless ...
    • Citaat

    Comment

    • #3
      mijn nieuwe log

      ik heb msnplus verwijderd en ook die andere setups gedraaid. Ook heb ik hitman pro normaal en in veilige modus gedraaid

      Logfile of HijackThis v1.99.0
      Scan saved at 20:23:06, on 29-12-2004
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Documents and Settings\One eye\Bureaublad\hijackthis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://127.0.0.1:8080/proxyconf
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {5069F07D-8A5D-4B18-319D-423C9A96E20A} - C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\Idolmeow\ExtraGreat.exe
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
      O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
      O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
      O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
      O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
      O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [Meal Burn New 01] C:\Documents and Settings\All Users\Application Data\scr keep meal burn\antiitch.exe
      O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
      O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\ONEEYE~1\LOCALS~1\Temp\MsgPlusUninst.bat"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Lock My PC] C:\Program Files\LMPC\lockpc.exe /s
      O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
      O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - Startup: apache_start.bat
      O4 - Startup: FileZillaFTP_start.bat
      O4 - Startup: mysql_start.bat
      O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
      O4 - Global Startup: Lock My PC.lnk = C:\Program Files\LMPC\lockpc.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: WinKey.lnk = C:\Program Files\WinKey\WinKey.exe
      O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
      O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
      O23 - Service: Apache2 - Apache Software Foundation - C:\xampp\apache\bin\Apache.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: FileZilla Server FTP server - Unknown - C:\xampp\FileZillaFTP\FileZillaServer.exe
      O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
      O23 - Service: ArGoSoft Mail Server - ArGo Software Design - c:\Program Files\ArGo Software Design\Mail Server\mlsrvnt.exe
      O23 - Service: MySQL - Unknown - C:\xampp\mysql\bin\mysqld-nt.exe
      O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
      O23 - Service: NOD32 Kernel Service - Unknown - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
      O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      O23 - Service: VNC Server Version 4 - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
      Last edited by one-eye; 29-12-04, 19:38.
      • Citaat

      Comment

      • #4
        Ik zat net op IE en nu krijg ik een blauwe extra balk/pagina onderin beeld die heet searchnow
        • Citaat

        Comment

        • #5
          sorry ik wil niet zagen , maar dat hijackthis logje is in veilige modus gemaakt , kan ik eentje zien in gewoone modus AUB
          not so Helpless ...
          • Citaat

          Comment

          • #6
            Sorry mijn excuses nu eentje in normale windows

            Logfile of HijackThis v1.99.0
            Scan saved at 11:31:42, on 30-12-2004
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
            C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
            C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
            C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
            C:\Program Files\Motherboard Monitor 5\MBM5.EXE
            C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
            C:\Program Files\QuickTime\qttask.exe
            C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
            C:\Program Files\Eset\nod32kui.exe
            C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
            C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
            C:\Program Files\Winamp\winampa.exe
            C:\Program Files\Atomic Clock Sync\Atomic.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\LMPC\lockpc.exe
            C:\program files\steam\steam.exe
            C:\Program Files\BestPopUpKiller\BestPopupKiller.exe
            C:\Program Files\Skype\Phone\Skype.exe
            C:\Program Files\RssReader\RssReader.exe
            C:\Program Files\MSN Messenger\msnmsgr.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Program Files\GetRight\getright.exe
            C:\Program Files\GetRight\getright.exe
            C:\Program Files\WinKey\WinKey.exe
            C:\xampp\FileZillaFTP\FileZillaServer.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
            c:\Program Files\ArGo Software Design\Mail Server\mlsrvnt.exe
            C:\xampp\mysql\bin\mysqld-nt.exe
            C:\Program Files\Eset\nod32krn.exe
            C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\ZoneLabs\vsmon.exe
            C:\Program Files\RealVNC\VNC4\WinVNC4.exe
            C:\WINDOWS\system32\wuauclt.exe
            C:\Program Files\Messenger\msmsgs.exe
            C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
            C:\Documents and Settings\One eye\Bureaublad\hijackthis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://127.0.0.1:8080/proxyconf
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
            O2 - BHO: (no name) - {5069F07D-8A5D-4B18-319D-423C9A96E20A} - C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\Idolmeow\ExtraGreat.exe
            O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
            O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
            O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
            O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
            O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
            O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
            O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
            O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
            O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
            O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
            O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
            O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
            O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
            O4 - HKLM\..\Run: [Meal Burn New 01] C:\Documents and Settings\All Users\Application Data\scr keep meal burn\antiitch.exe
            O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
            O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
            O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [Lock My PC] C:\Program Files\LMPC\lockpc.exe /s
            O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
            O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
            O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
            O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
            O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
            O4 - Startup: apache_start.bat
            O4 - Startup: FileZillaFTP_start.bat
            O4 - Startup: mysql_start.bat
            O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
            O4 - Global Startup: Lock My PC.lnk = C:\Program Files\LMPC\lockpc.exe
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
            O4 - Global Startup: WinKey.lnk = C:\Program Files\WinKey\WinKey.exe
            O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
            O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
            O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
            O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
            O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
            O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
            O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
            O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
            O23 - Service: Apache2 - Apache Software Foundation - C:\xampp\apache\bin\Apache.exe
            O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
            O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
            O23 - Service: FileZilla Server FTP server - Unknown - C:\xampp\FileZillaFTP\FileZillaServer.exe
            O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
            O23 - Service: ArGoSoft Mail Server - ArGo Software Design - c:\Program Files\ArGo Software Design\Mail Server\mlsrvnt.exe
            O23 - Service: MySQL - Unknown - C:\xampp\mysql\bin\mysqld-nt.exe
            O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
            O23 - Service: NOD32 Kernel Service - Unknown - C:\Program Files\Eset\nod32krn.exe
            O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
            O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
            O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
            O23 - Service: VNC Server Version 4 - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
            • Citaat

            Comment

            • #7
              ....we gaan er van uit dat WinVNC4 geen shade heeft opgelopen door een of ander.

              Dan zijn er twee dingen in je log, die naar mijn mening er niet in moeten staan
              Dus voor de onderstaande lijntjes gaan we een scan doen

              C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\Idolmeow\ExtraGreat.exe
              C:\Documents and Settings\All Users\Application Data\scr keep meal burn\antiitch.exe

              voor deze files te scannen 1 per 1 gaan we naar http://www.kaspersky.com/scanforvirus daar klik je op "browse" zoek dan naar de bestandjes in het rood hierboven , de locatie is in het vet weergegeven. scna dus elke file afzonderlijk.
              Eenmaal gevonden, geselecteerd en zichtbaar in het venster op de website klik je op "submit" gelieve de uitkomst in je volgende post te plaatsen.

              Alsook indien mogelijk beide bestanden in een zip file plaatsen nadien , en ze naar mij door te emailen.
              not so Helpless ...
              • Citaat

              Comment

              • #8
                Scanned file: ExtraGreat.exe
                ExtraGreat.exe - packed with UPC
                ExtraGreat.exe - infected by TrojanDownloader.Win32.Swizzor.bo

                Scanned file: antiitch.exe
                antiitch.exe - packed with UPC
                antiitch.exe - infected by TrojanDownloader.Win32.Swizzor.bz

                er staan in de laatste map nog andere bestanden die geen dit aan
                Scanned file: Free Stop.exe
                Free Stop.exe - packed with UPC
                Free Stop.exe - infected by Trojan.Win32.Krepper.ab

                Scanned file: JugsOnline.exe
                JugsOnline.exe - packed with UPC
                JugsOnline.exe - infected by TrojanDownloader.Win32.Swizzor.bz

                Scanned file: CoalCopy.exe
                CoalCopy.exe - packed with UPC
                CoalCopy.exe - infected by TrojanDownloader.Win32.Swizzor.bz
                • Citaat

                Comment

                • #9
                  1/
                  kan je dan deze folders in een zip bestandje plaatsen

                  C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\Idolmeow\
                  C:\Documents and Settings\All Users\Application Data\scr keep meal burn

                  en ze mij doorgeven (wimhelpless|at|hotmail . com ) AUB


                  2/
                  je mag opnieuw scannen met hijackthis
                  dan onderstaande lijntjes aanvinken
                  O2 - BHO: (no name) - {5069F07D-8A5D-4B18-319D-423C9A96E20A} - C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\Idolmeow\ExtraGreat.exe
                  O4 - HKLM\..\Run: [Meal Burn New 01] C:\Documents and Settings\All Users\Application Data\scr keep meal burn\antiitch.exe

                  alle vensters en browsers sluitne , behalve hijackthis
                  KLIK OP FIX

                  3/
                  dan verborgen bestanden weergeven

                  4/
                  heropstarten in veilige mode

                  5/
                  onderstaande folders deleten
                  C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\Idolmeow\
                  C:\Documents and Settings\All Users\Application Data\scr keep meal burn


                  6/
                  om zeker te zijn online scannen met , zet ze op auto fix.
                  Bitdefender - Global Leader in Cybersecurity Software
                  http://www.bitdefender.com
                  Bitdefender is a cybersecurity software leader delivering best-in-class threat prevention, detection, and response solutions worldwide.

                  http://housecall.antivirus.com/



                  7/
                  en dan een vers hijackthis-logje posten alsook de resultaten van de online scans.

                  8/
                  ga naar de locatie C:\WINDOWS\Tasks voor de "Enumerating Task Scheduler jobs"
                  en post de job's naam(en) hier
                  Dank ,
                  Last edited by Helpless; 04-01-05, 12:06.
                  not so Helpless ...
                  • Citaat

                  Comment

                  Vorige template Volgende
                  Sorry, you are not authorized to view this page
                  Working...
                  X