Vraag & Antwoord

Beveiliging & privacy

HijackThis.log

Anoniem
None
24 antwoorden
  • I.v.m. het feit dat ik telkens opnieuw moet opstarten om verbinding te krijgen met internet plaats ik hier een HijackThis.log:

    Logfile of HijackThis v1.98.2
    Scan saved at 7:17:09, on 2-9-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    D:\WUTemp\FreeRAM XP Pro 1.40.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\AutoSizer\AutoSizer.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\System32\ups.exe
    C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccnet.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Plus18Point/Portal/portal.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hccnet.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [FreeRAM XP] "D:\WUTemp\FreeRAM XP Pro 1.40.exe" -win
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe" /h
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
    O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.com/ESBAdultInstaller.ocx
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (MovieSystem WAY) - http://servicesv4.moviesystem.com/cabs/msway.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1F368752-FE48-4A58-8534-1B7F1EE3E58F}: NameServer = 62.251.0.6 62.251.0.7
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1F368752-FE48-4A58-8534-1B7F1EE3E58F}: NameServer = 62.251.0.6 62.251.0.7

    Ik heb zowel Ad-aware als Spybot hun werk laten verrichten maar helaas zonder resultaat!

    Wat kan ik verwijderen?

  • Ga 'm voor je checken.
  • [code:1:09fb8a9f43]C:\WINDOWS\System32\dllhost.exe[/code:1:09fb8a9f43]
    Je internet via de schotel?

    Sluit alle browservensters en fix onderstaande items.
    [code:1:09fb8a9f43]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Plus18Point/Portal/portal.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - (no file)
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
    O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.com/ESBAdultInstaller.ocx
    O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (MovieSystem WAY) - http://servicesv4.moviesystem.com/cabs/msway.cab
    [/code:1:09fb8a9f43]

    Reboot naar veilige modus en verwijder deze map.
    [code:1:09fb8a9f43]C:\Program%20Files\Plus18Point[/code:1:09fb8a9f43]
  • Rieske allereerst heel erg bedankt voor je reactie!!
    IE start weer prima op!!!!
    Misschien toch maar over gaan op andere browser?
    Ik heb plus18point gezocht bgij program files (veilige modus) maar kon hem nergens vinden.
    Ik internet niet via de schotel; ISDN/ADSL verbinding bij HCC.
    Voor de zekerheid nog maar een log.

    Logfile of HijackThis v1.98.2
    Scan saved at 17:52:28, on 2-9-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    D:\WUTemp\FreeRAM XP Pro 1.40.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\AutoSizer\AutoSizer.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\System32\ups.exe
    C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccnet.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hccnet.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [FreeRAM XP] "D:\WUTemp\FreeRAM XP Pro 1.40.exe" -win
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe" /h
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1F368752-FE48-4A58-8534-1B7F1EE3E58F}: NameServer = 62.251.0.6 62.251.0.7
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1F368752-FE48-4A58-8534-1B7F1EE3E58F}: NameServer = 62.251.0.6 62.251.0.7

  • [img:82261ecb3a]http://home.hccnet.nl/m.schouw/approved.gif[/img:82261ecb3a]

    Mag ik je, ipv IE, deze aanbevelen?
    http://downloads.mozdev.org/mozillanl/Firefox-NL/FirefoxSetup-0.9.3-nl-NL.exe
  • Ook nog even in Configuratiescherm/Software gekeken.
    Daar staat het programma [b:d4b28155ba]Switch[/b:d4b28155ba] geinstalleerd.
    Begreep uit andere Hijack.This-logs dat dit ook geen fijn programma is :cry: .
    Ik heb geprobeerd deze te verwijderen maar dit lukt niet.
    Iemand tips om dit programma te verwijderen?
    Alvast dank!!
  • Zoek of de map Switch voorkomt op je systeem; indien ja, verwijderen.
  • Deze bestanden gevonden; welke verwijderen?

    switch.inf C:\windows\system32\ras
    Cfswitch.gif C:\program files\macromedia
    Switch Views.htm C:\program files\macromedia
    RSSeverModelSwitches.js C:\program files\macromedia
    cfswitch.htm ook macromedia
    cfswitch.vtm ook macromedia
    switch.vtm ook macromedia
    switchcase.html ook macromedia
    switchImage.csn ook macromedia
    cool switch.wav D:\Games\sounds
    switch.inf (snelkoppeling) C:\Documents and Settings\enz.
  • Geen.
    Die Switch entry in Software kun je evt verwijderen met TweakUI.
  • Heb gekeken in TweakUI; kon echter niet vinden waar je bestanden kunt verwijderen.
    Graag iets meer uitleg.
    Alvast dank!!!
  • Hallo Jos H,

    Switch had je eigenlijk moeten deïnstalleren voor je ging cleanen met HijackThis. Nu zijn een aantal bestanden verwijderd waardoor dit niet meer lukt.

    Om hem te verwijderen in de softwarelijst doe je dit:
    Open Kladblok . Plak onderstaande quote in dit bestand.
    [quote:ae601c8d66]
    REGEDIT4


    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Switch]
    [/quote:ae601c8d66]
    Sla het op als xxxx.reg op je buroblad . Zorg dat bij "opslaan al type" kiest voor "alle bestanden".
    Dubbelklik op dit bestand om de wijzigingen aan je register toe te voegen.

    groeten,
    Marc


    groeten,
    Marc
  • Fantastisch Marc –> Switch is verwijderd!!!!!!!!!!!
    Heel er bedankt voor je reactie. :)
  • Zie in Configuratiescherm dat [b:31adb34d73]Switch[/b:31adb34d73] toch weer aanwezig is. :evil:
    Voor de goede orde: was na de voorgestelde actie van M@rc wel verwijderd!
    Wat kan ik hieraan doen :-?
  • [quote:a0fa2c60dd="Jos H"]
    Wat kan ik hieraan doen :-?[/quote:a0fa2c60dd]
    Surfgedrag aanpassen?
    Veiligere browser gaan gebruiken?
    http://ftp.mozilla.org/pub/mozilla.org/firefox
    eleases/0.9.3/FirefoxSetup-0.9.3.exe
  • [quote:35eff7b5fc="Jos H"]
    Wat kan ik hieraan doen :-?[/quote:35eff7b5fc]

    Nieuwe hjt log posten, waarschijnlijk is hij terug, wil ik even controleren. Probeer wel van tevoren even zelf switch te deinstaleren in het configscherm. Gebruik daarna zoals Rieske al zei een alternatieve browser en/of pas je surfgedrag aan.
  • Bij deze:

    Logfile of HijackThis v1.98.2
    Scan saved at 9:49:04, on 11-9-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\intl.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    D:\WUTemp\FreeRAM XP Pro 1.40.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\AutoSizer\AutoSizer.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\System32\ups.exe
    C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccnet.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hccnet.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Classes] C:\WINDOWS\System32\intl.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [FreeRAM XP] "D:\WUTemp\FreeRAM XP Pro 1.40.exe" -win
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe" /h
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1F368752-FE48-4A58-8534-1B7F1EE3E58F}: NameServer = 62.251.0.6 62.251.0.7
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1F368752-FE48-4A58-8534-1B7F1EE3E58F}: NameServer = 62.251.0.6 62.251.0.7

    Volgens mij is de [b:6e370df186]intl.exe[/b:6e370df186] de boosdoener.
    Al geprobeerd te verwijderen maar helaas niet gelukt. :evil:

  • Hallo Jos,

    Druk op CTRL+ALT+DEL om Windows Taakbeheer te openen. Ga naar het tabblad processen en beëindig het volgende proces:
    intl.exe

    Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig de volgende programma's:
    Switch

    Als je dit gedaan hebt start je de computer op in veilige modus.
    Zorg dat alle verborgen bestanden weergegeven worden, en verwijder de volgende bestanden of mappen indien aanwezig:
    C:\WINDOWS\System32\intl.exe
    en waarschijnlijk deze map ook c:\program files\plus18point

    Reboot de computer, run HijackThis opnieuw en post een nieuwe log.
  • Adviezen uitgevoerd en hierbij de nieuwe log:

    Logfile of HijackThis v1.98.2
    Scan saved at 2:25:42, on 12-9-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    D:\WUTemp\FreeRAM XP Pro 1.40.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\AutoSizer\AutoSizer.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\System32\ups.exe
    C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccnet.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hccnet.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Classes] C:\WINDOWS\System32\intl.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [FreeRAM XP] "D:\WUTemp\FreeRAM XP Pro 1.40.exe" -win
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe" /h
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1F368752-FE48-4A58-8534-1B7F1EE3E58F}: NameServer = 62.251.0.6 62.251.0.7
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1F368752-FE48-4A58-8534-1B7F1EE3E58F}: NameServer = 62.251.0.6 62.251.0.7

    Zo te zien schoon, of toch niet :-?

  • [img:349c5621a9]http://home.hccnet.nl/m.schouw/approved.gif[/img:349c5621a9]
  • schoon?

    en deze dan rieske:

    [quote:1d2bb2cf67]O4 - HKLM\..\Run: [Classes] C:\WINDOWS\System32\intl.exe [/quote:1d2bb2cf67]

    volgens mij is deze ook nog van de dialer of am i wrong?

    p.s jos nog niet fixen moet effe zeker weten.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord