Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hijackthis log - virus(sen) & spyware

Anoniem
=Rieske=
9 antwoorden
  • Gegroet,

    ik heb problemen met een laptop; een hardnekkige startpagina komt steeds weer terug en op bepaalde momenten komt er een overvloed van pop-ups binnen. Soms weigert het internet zelfs dienst.

    [i:e1b737a12c]Ad-aware[/i:e1b737a12c] en [i:e1b737a12c]spybot[/i:e1b737a12c] leverden al veel op. Vervolgens wou ik [b:e1b737a12c]hijackthis[/b:e1b737a12c] (nieuwste versie gedownload) gebruiken en daar ging iets mis. Telkens ik na een scan de hj-log wou saven, kwam de virusscanner [i:e1b737a12c](mcaffee)[/i:e1b737a12c] tussenbeide want die zag er een trojan in. Omdat ik de log echt nodig had, heb ik de virusscanner even af gezet en zo de log opgeslagen. De log versturen met hotmail lukte ook niet omdat hotmail ook aangaf dat het bestand een virus betrof. Ik heb dan maar een simpele copy-paste uitgevoerd (ben ik heel laat opgekomen :oops: ). Vanaf het moment ik de virusscanner terug had opgezet verwijderde deze onmiddellijk de log.

    Ik heb tenslotte ook nog een online virusscan (bitdefender) gedaan en die heeft heel veel geïnfecteerde bestanden gevonden. Na heropstarting laptop, bleven alle problemen evenwel aan de orde.


    [b:e1b737a12c]Logfile of HijackThis v1.98.2[/b:e1b737a12c]
    Scan saved at 22:46:55, on 2/09/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\European Commission\Connection Client\cvpnd.exe
    C:\LDClient\LOCALSCH.EXE
    C:\WINDOWS\system32\cba\pds.exe
    C:\LDClient\QIPCLNT.EXE
    C:\LDClient\tmcsvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\WINDOWS\System32\oodag.exe
    C:\WINDOWS\system32\scagent.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\LDClient\wuser32.exe
    C:\WINDOWS\system32\cba\xfr.exe
    C:\WINDOWS\System32\MsgSys.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\inetdata\services.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe
    C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe
    C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Winad Client\Winad.exe
    C:\temp\msbb.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Winad Client\WinClt.exe
    C:\WINDOWS\System32\windllsys32.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
    C:\Program Files\Web_Rebates\WebRebates1.exe
    C:\Program Files\Web_Rebates\WebRebates0.exe
    C:\Documents and Settings\laptop\Desktop\Spyware Removals\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchtraffic.com/search.php3?l=protect1&term=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchtraffic.com/search.php3?l=protect1&term=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchtraffic.com/search.php3?l=protect1&term=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.0websearch.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchtraffic.com/search.php3?l=protect1&term=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchtraffic.com/search.php3?l=protect1&term=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cc.cec/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.cec.eu.int:82/proxy.pac
    R3 - Default URLSearchHook is missing
    F3 - REG:win.ini: run=C:\WINDOWS\inetdata\services.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32
    vms.dll
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [TPWRSAVE] C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe -S
    O4 - HKLM\..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -S
    O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
    O4 - HKLM\..\Run: [mfldr32] C:\WINDOWS\DIaPPS\mfldr32.exe
    O4 - HKLM\..\Run: [IntelAPMClient] C:\LDClient\amclient.exe /apm /s
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
    O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
    O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
    O4 - HKCU\..\Run: [windllsys32.exe] C:\WINDOWS\System32\windllsys32.exe
    O4 - Global Startup: European Commission Connection Client.lnk = C:\Program Files\European Commission\Connection Client\ipsecdialer.exe
    O4 - Global Startup: Inventory Scan.LNK = C:\LDClient\LDISCN32.EXE
    O4 - Global Startup: Task Completion.LNK = C:\LDClient\AMCLIENT.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin3.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.cc.cec/
    O15 - Trusted Zone: www.mt-download.com
    O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://81.211.105.37/587/online.chm::/on-line.exe
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=5a03172489a868fe36bc3ab2a0b0164a4646af923e691cf6723a792c2af6cc2dc638d0410eec54c47edc7bcf62441c97cdf95f7769b5bb5ac7:42bd451aab2c9f75cc072dc6dba18141
    O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = net1.cec.eu.int
    O17 - HKLM\Software\..\Telephony: DomainName = net1.cec.eu.int
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = net1.cec.eu.int
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = net1.cec.eu.int
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = net1.cec.eu.int
    O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - C:\WINDOWS\digfilt.dll


    Alvast bedankt voor de hulp,

    Guft.

  • Ga er naar kijken.
    Kun je iets meer uitleg geven over hoe deze machine draait. Bv in een bedrijfsnetwerk of iets dergelijks? Verder wil ik weten of er sprake is van een remote client in deze.
  • De laptop is van een vriend van me en staat daar gewoon thuis. Ik geloof wel dat het een laptop is die de vader gebruikt voor z'n werk (europese commissie) en dat de laptop eveneens afkomstig is van z'n werk.

    Geen idee wat een remote client is, als je me dit in lekentaal (ben geen pc-kenner) kan uitleggen kan ik het op mijn manier aan m'n vriend vragen.

    Alvast bedankt voor de moeite die je wil ondernemen,

    Guft.
  • Tricky om te gaan cleanen, want een behoorlijk belangrijk notebook blijkbaar.
    Op het notebook draait een VPN client waardoor diverse zaken vanaf een serverachtige bijgewerkt kunnen worden. Moeilijk te bepalen dus wat wel of niet verwijderd kan worden en waar de rotzooi vandaan komt.

    Later deze middag ga ik proberen op een zo veilig mogelijke wijze te cleanen. Vergt ff wat tijd.
  • Sluit alle browservensters en fix onderstaande items.
    [code:1:b252953383]R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchtraffic.com/search.php3?l=protect1&term=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchtraffic.com/search.php3?l=protect1&term=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchtraffic.com/search.php3?l=protect1&term=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.0websearch.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchtraffic.com/search.php3?l=protect1&term=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchtraffic.com/search.php3?l=protect1&term=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R3 - Default URLSearchHook is missing
    F3 - REG:win.ini: run=C:\WINDOWS\inetdata\services.exe
    O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32
    vms.dll
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O4 - HKLM\..\Run: [mfldr32] C:\WINDOWS\DIaPPS\mfldr32.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
    O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
    O4 - HKCU\..\Run: [windllsys32.exe] C:\WINDOWS\System32\windllsys32.exe
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O14 - IERESET.INF: START_PAGE_URL=http://www.cc.cec/
    O15 - Trusted Zone: www.mt-download.com
    O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://81.211.105.37/587/online.chm::/on-line.exe
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=5a03172489a868fe36bc3ab2a0b0164a4646af923e691cf6723a792c2af6cc2dc638d0410eec54c47edc7bcf62441c97cdf95f7769b5bb5ac7:42bd451aab2c9f75cc072dc6dba18141
    O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
    O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - C:\WINDOWS\digfilt.dll[/code:1:b252953383]

    Reboot naar veilige modus en verwijder onderstaande bestanden.
    [code:1:b252953383]C:\WINDOWS\system32\scagent.exe
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\Program Files\Winad Client\Winad.exe
    C:\temp\msbb.exe
    C:\Program Files\Winad Client\WinClt.exe
    C:\WINDOWS\System32\windllsys32.exe
    C:\Program Files\Web_Rebates\WebRebates1.exe
    C:\Program Files\Web_Rebates\WebRebates0.exe
    C:\WINDOWS\inetdata\services.exe
    C:\WINDOWS\System32
    vms.dll
    C:\WINDOWS\System32\mscb.dll
    C:\WINDOWS\System32\msbe.dll
    C:\WINDOWS\DIaPPS\mfldr32.exe
    C:\WINDOWS\digfilt.dll[/code:1:b252953383]

    Draai vervolgens (nog steeds in veilige modus) geupdate versies van AdAware en Spybot en laat gevonden zut fixen.

    Boot terug naar winmode en post een nieuwe log aub.

  • Eerst en vooral, sorry voor deze laattijdige reactie (ik kon plots op reis gaan en heb deze kans dan ook niet laten ontglippen).

    Ik heb de instructies uitgevoerd en even nadien leek alles in orde.

    Nu, een week later blijkt de hardnekkige startpagina echter terug. Ook de printer doet het niet, kan dit ook aan spyware liggen?

    Hier een nieuwe log,

    [b:95090e5d46]Logfile of HijackThis v1.98.2[/b:95090e5d46]
    Scan saved at 20:46:17, on 7/09/2004

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)



    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\System32\Ati2evxx.exe

    C:\Program Files\European Commission\Connection Client\cvpnd.exe

    C:\LDClient\LOCALSCH.EXE

    C:\WINDOWS\system32\cba\pds.exe

    C:\LDClient\QIPCLNT.EXE

    C:\LDClient\tmcsvc.exe

    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

    C:\Program Files\Network Associates\VirusScan\Mcshield.exe

    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

    C:\WINDOWS\System32\oodag.exe

    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    C:\LDClient\wuser32.exe

    C:\WINDOWS\system32\cba\xfr.exe

    C:\WINDOWS\system32\MsgSys.EXE

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\Program Files\Apoint2K\Apoint.exe

    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

    C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe

    C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe

    C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe

    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

    C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    C:\Program Files\MSN Messenger\MsnMsgr.Exe

    C:\Program Files\Apoint2K\Apntex.exe

    C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\WINDOWS\inetdata\services.exe

    C:\WINDOWS\System32\dllcache\IExplore.exe

    C:\WINDOWS\System32\dllcache\IExplore.exe

    C:\Documents and Settings\laptop\Desktop\Spyware Removals\HijackThis.exe



    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.0websearch.com/

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cc.cec/

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.cec.eu.int:82/proxy.pac

    F3 - REG:win.ini: run=C:\WINDOWS\inetdata\services.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

    O4 - HKLM\..\Run: [TPWRSAVE] C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe -S

    O4 - HKLM\..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -S

    O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe

    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"

    O4 - HKLM\..\Run: [IntelAPMClient] C:\LDClient\amclient.exe /apm /s

    O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

    O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe

    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

    O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe

    O4 - Global Startup: European Commission Connection Client.lnk = C:\Program Files\European Commission\Connection Client\ipsecdialer.exe

    O4 - Global Startup: Inventory Scan.LNK = C:\LDClient\LDISCN32.EXE

    O4 - Global Startup: Task Completion.LNK = C:\LDClient\AMCLIENT.EXE

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin3.dll

    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

    O15 - Trusted Zone: www.mt-download.com

    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = net1.cec.eu.int

    O17 - HKLM\Software\..\Telephony: DomainName = net1.cec.eu.int

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = net1.cec.eu.int

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = net1.cec.eu.int

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = net1.cec.eu.int

    Alvast bedankt voor de moeite (Rieske specifiek),


    Guft. :wink:

    p.s. ben pas zaterdag terug op forum, neem gerust je tijd. :D
  • Kun je die log ff zonder "witjes" plaatsen?
  • Logfile of HijackThis v1.98.2
    Scan saved at 20:46:17, on 7/09/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\European Commission\Connection Client\cvpnd.exe
    C:\LDClient\LOCALSCH.EXE
    C:\WINDOWS\system32\cba\pds.exe
    C:\LDClient\QIPCLNT.EXE
    C:\LDClient\tmcsvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\WINDOWS\System32\oodag.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\LDClient\wuser32.exe
    C:\WINDOWS\system32\cba\xfr.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe
    C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe
    C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\inetdata\services.exe
    C:\WINDOWS\System32\dllcache\IExplore.exe
    C:\WINDOWS\System32\dllcache\IExplore.exe
    C:\Documents and Settings\laptop\Desktop\Spyware Removals\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.0websearch.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cc.cec/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.cec.eu.int:82/proxy.pac
    F3 - REG:win.ini: run=C:\WINDOWS\inetdata\services.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [TPWRSAVE] C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe -S
    O4 - HKLM\..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -S
    O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
    O4 - HKLM\..\Run: [IntelAPMClient] C:\LDClient\amclient.exe /apm /s
    O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
    O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
    O4 - Global Startup: European Commission Connection Client.lnk = C:\Program Files\European Commission\Connection Client\ipsecdialer.exe
    O4 - Global Startup: Inventory Scan.LNK = C:\LDClient\LDISCN32.EXE
    O4 - Global Startup: Task Completion.LNK = C:\LDClient\AMCLIENT.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin3.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O15 - Trusted Zone: www.mt-download.com
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = net1.cec.eu.int
    O17 - HKLM\Software\..\Telephony: DomainName = net1.cec.eu.int
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = net1.cec.eu.int
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = net1.cec.eu.int
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = net1.cec.eu.int

    Zo?

    Guft.
  • Thanks, ga 'm checken.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.