Mededeling

Collapse
No announcement yet.

HiJackThis Log --> Wil iemand dit checken?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    HiJackThis Log --> Wil iemand dit checken?

    Alvast super bedankt!

    Logfile of HijackThis v1.98.2
    Scan saved at 17:47:09, on 29-12-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Trust\302KS\Mouse\mouse32a.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Trust\302KS\Keyboard\KbdAp32A.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bsqcmenxbwxfhpueuqxhjzp.com/Gf3llPl8Uxp6q6reZxa7UsQVq/ntu0GndBw0o3YsMQ4ZNDQ32TABDll7ZmasgRxA.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rvmierokphblkgtrykapxnabj.com/Gf3llPl8UxpSeVLAxzi9u7qehMZBkyZP5Yfbg1EF9So.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
    F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2244EC13-ED6A-2E13-7F58-1DABAD112EA8} - C:\DOCUME~1\ROBJ~1.SNE\APPLIC~1\ONLINE~1\4road.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Trust\302KS\Keyboard\MMKEYBD.EXE
    O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Program Files\Trust\302KS\Mouse\mouse32a.exe
    O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
    O4 - HKLM\..\Run: [BOLT OKAY WMA AIM] C:\Documents and Settings\All Users\Application Data\ruleitchboltokay\itchvc.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\ROBJ~1.SNE\LOCALS~1\Temp\MsgPlusUninst.bat"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Program Files\Zilla Popup Killer\ZillaPop.exe
    O4 - HKCU\..\Run: [FUIClearHis] C:\Program Files\FreshDevices\FreshUI\freshui.exe 15 16 17
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Cake Lies] C:\DOCUME~1\ROBJ~1.SNE\APPLIC~1\PLATFO~1\CURB AUDIO TRAY.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
    O16 - DPF: NetRez ADU v4,2,0,10 - file://C:\DOCUME~1\ROBJ~1.SNE\LOCALS~1\Temp\NetRezADU.cab
    O16 - DPF: NetRez Client Installer - https://wam7.netrez2.netrez.com/classes/anasazi/ClientInstall.cab
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093270162205
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylomgames.com/activex/zylomgamesplayer.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {E43DF60D-D6FA-42AB-921C-FE0A023C5BE1} (eWebEditProLibCtl.eWebEditPro) - http://content.netmasters.nl/cmsws/wsscripts/ewebeditpro2/ewebeditpro.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{89AD0E1E-F2F1-418C-BCBF-C30EFC47B17B}: NameServer = 168.95.192.1,212.115.192.193
    Labels: Geen
  • #2
    Je hebt blijkbaar messenger plus met sponsers geïnstalleerd. Dus, ik raad je aan om eerst messenger plus te deïnstalleren. Die kan je wanneer je systeem terug clean is terug installeren, maar deze keer zonder sponsers. (Deze optie kan je kiezen bij het begin van de installatie).

    Tijdens de uninstall ervan zal je een sponservenster krijgen zoals je hier een voorbeeld ziet: http://www.msgplus.net/images/sponsor_uninstall.jpg
    Als je deze niet ziet, kijk dan eens in je taakbar. In dat venster typ je de code in die je te zien krijgt en klik op uninstall.
    Dan gewoon verdere instructies opvolgen die gegeven worden.
    Nadat dit gedaan is, reboot je je pc en post een nieuw hijackthislogje.
    Microsoft MVP - Consumer Security
    Director of Research @ Malwarebytes
    Mijn Blog

    Comment

    • #3
      Aangezien reactie is uitgebleven, veronderstel ik dat het probleem is opgelost en sluit ik deze thread.

      Comment

      Vorige template Volgende
      Working...
      X