Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

wie helpt

pcguy
4 antwoorden
  • Bijgaand hijack log file…..
    ik krijg steeds mk:@MSITStore: C:\spe\start.chm::/start.html# als opstartpagina…..erg mooie natuurbeeld echter niet voor mijn zoon.
    Ik krijg 'm niet verwijderd niet met shredder nog met Hijack

    Wie wil zijn blik laten gaan over deze kinderonvriendelijke foto's



    Ronald

    Logfile of HijackThis v1.97.7
    Scan saved at 19:57:40, on 20-9-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Norman\NVC\BIN\Zanda.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\NORMAN\Nvc\BIN\ZLH.EXE
    C:\Program Files\WindUpdates\WinUpdt.exe
    C:\Program Files\WindUpdates\WinKA.exe
    C:\temp\msbb.exe
    C:\NORMAN\Nvc\BIN\NYMSE.EXE
    C:\NORMAN\Nvc\BIN\NIP.EXE
    C:\WINDOWS\olecom32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Documents and Settings\Frans Wouters\Application Data
    wlm.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\NORMAN\Nvc\BIN\NJEEVES.EXE
    C:\NORMAN\Nvc\BIN
    vcoas.exe
    C:\NORMAN\Nvc\BIN
    ipsvc.exe
    C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    C:\NORMAN\Nvc\BIN\cclaw.exe
    L:\virusfix_en\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\FRANSW~1\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=0&q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html#
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\FRANSW~1\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html#
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\FRANSW~1\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=0&q=%s
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\FRANSW~1\LOCALS~1\Temp\sp.html
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll (file missing)
    O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
    O2 - BHO: (no name) - {63FF372E-C265-5BB7-D123-675578A92A3B} - C:\WINDOWS\System32\qorzc.dll
    O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32
    vms.dll
    O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
    O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: DotComToolbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - c:\windows\toolbar_nieuw14.dll
    O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
    O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
    O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
    O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\olecom32.exe
    O4 - HKLM\..\Run: [ypvoaqcy] C:\WINDOWS\System32\wuukimcf.exe
    O4 - HKLM\..\Run: [OELoader] OELoader.exe
    O4 - HKLM\..\Run: [lch] C:\WINDOWS\lch.exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\System32\services\msxmidi.exe
    O4 - HKLM\..\Run: [mjyfolqh] C:\WINDOWS\mjyfolqh.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Trdc] C:\Documents and Settings\Frans Wouters\Application Data
    wlm.exe
    O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\System32\services\msxmidi.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Microsoft® VBScript® Console (HKLM)
    O9 - Extra 'Tools' menuitem: VBScript Terminal (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: Microsoft® VBScript® Terminal (HKCU)
    O9 - Extra 'Tools' menuitem: VBScript Terminal (HKCU)
    O13 - DefaultPrefix: http://www.heretofind.com/show.php?id=0&q=
    O13 - WWW Prefix: http://www.heretofind.com/show.php?id=0&q=
    O13 - Home Prefix: http://www.heretofind.com/show.php?id=0&q=
    O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=0&q=
    O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=0&q=
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} - http://63.217.29.115/cax.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37878.122349537
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
  • Kijk nog wel even,
  • sluit alle vensters en run hjt opnieuw en fix deze items:
    [list:60ce3d0740][b:60ce3d0740]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\FRANSW~1\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=0&q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html#
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\FRANSW~1\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html#
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\FRANSW~1\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=0&q=%s
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\FRANSW~1\LOCALS~1\Temp\sp.html
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll (file missing)
    O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
    O2 - BHO: (no name) - {63FF372E-C265-5BB7-D123-675578A92A3B} - C:\WINDOWS\System32\qorzc.dll
    O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32
    vms.dll
    O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
    O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
    O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
    O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\olecom32.exe
    O4 - HKLM\..\Run: [ypvoaqcy] C:\WINDOWS\System32\wuukimcf.exe
    O4 - HKLM\..\Run: [OELoader] OELoader.exe
    O4 - HKLM\..\Run: [lch] C:\WINDOWS\lch.exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe
    O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\System32\services\msxmidi.exe
    O4 - HKLM\..\Run: [mjyfolqh] C:\WINDOWS\mjyfolqh.exe
    O4 - HKCU\..\Run: [Trdc] C:\Documents and Settings\Frans Wouters\Application Data
    wlm.exe
    O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\System32\services\msxmidi.exe
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: Related (HKLM)
    O13 - DefaultPrefix: http://www.heretofind.com/show.php?id=0&q=
    O13 - WWW Prefix: http://www.heretofind.com/show.php?id=0&q=
    O13 - Home Prefix: http://www.heretofind.com/show.php?id=0&q=
    O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=0&q=
    O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=0&q=
    O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} - http://63.217.29.115/cax.cab [/b:60ce3d0740][/list:u:60ce3d0740]


    Herstart in veilige modus en laat alle bestanden weergeven, verwijder vervolgens:
    [list:60ce3d0740][b:60ce3d0740]C:\DOCUME~1\FRANSW~1\LOCALS~1\Temp <— maak deze map leeg
    C:\WINDOWS\System32\qorzc.dll <— deze file
    C:\WINDOWS\System32
    vms.dll <— deze file
    C:\WINDOWS\System32\mscb.dll <— deze file
    C:\WINDOWS\System32\msbe.dll <— deze file
    C:\Program Files\WindUpdates
    c:\temp <— deze map legen
    C:\WINDOWS\olecom32.exe <— deze file
    C:\WINDOWS\System32\wuukimcf.exe <— deze file
    OELoader.exe <— deze file
    C:\WINDOWS\lch.exe <— deze file
    C:\Program Files\Web_Rebates <— deze map weggooien
    C:\WINDOWS\System32\services\msxmidi.exe <— deze file
    C:\WINDOWS\mjyfolqh.exe <— deze file
    C:\Documents and Settings\Frans Wouters\Application Data
    wlm.exe <— deze file
    [/b:60ce3d0740][/list:u:60ce3d0740]


    Herstart in normale modus en post een nieuwe hijackthislog, En mail even een logje van: http://users.pandora.be/marcvn/tools/get_active_services.zip (uitpakken en scriptje uitvoeren, active.txt word aangemaakt die file even mailen, ik pb je m'n mail adres wel)
  • Heb zojuis de hijackthislog ontvangen, Active.txt komt eraan, ik post ze even hier zodat M@rc even mee kan kijken.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.