Vraag & Antwoord

Beveiliging & privacy

Kunnen jullie mij ook helpen? Hijack

17 antwoorden
  • Wie kan hier eens kritisch naar kijken? Logfile of HijackThis v1.98.2 Scan saved at 20:00:47, on 7-10-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Down2Home\Down2Home.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE C:\Program Files\Kazaa Lite\KazaaLite.kpp c:\program files\internet explorer\iexplore.exe C:\Unzipped\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dqwevuqocckd.com/KzbYMCiClP8h0gjDJfSPpu7Yotnp_9EWRP1zBlSZtgI.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fmqjfabthmwedpthkptxakepd.net/KzbYMCiClP9sa0YIzO5qXYr1bRSfTpbhz2pMLrwDIikPsf2JTMz2NQoWtSA/8mNH.jpg R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {DC27C42A-5D77-E37C-4C65-CDBC771F1874} - C:\PROGRA~1\SECOND~1\long list.exe O2 - BHO: DNSProxyObj Class - {FF4E2C50-BCF3-47cf-952A-A512F5B5D0E8} - C:\WINDOWS\System32\DNSProxy.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [1Hold] C:\PROGRA~1\SITEAC~1\Pop load.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [zzzHPSETUP] G:\Setup.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [info file exit bits] C:\Documents and Settings\All Users\Application Data\Corn Glue Info File\Fast Great.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - Startup: Internet via Kabelfoon.lnk = ? O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE O4 - Global Startup: Down2Home.lnk = C:\Program Files\Down2Home\Down2Home.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global User Startup: Down2Home.lnk = C:\Program Files\Down2Home\Down2Home.exe O4 - Global User Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\Ers_src.htm O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093033809515 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{41C4CEB9-1594-4B3E-A6DC-B76B6ED2248C}: NameServer = 62.45.45.45 62.45.46.46
  • ik kijk wel even moment geduld.
  • start hijackthis en laat volgende items fixen: [b:c6f19547e8] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dqwevuqocckd.com/KzbYMCiClP8h0gjDJfSPpu7Yotnp_9EWRP1zBlSZtgI.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fmqjfabthmwedpthkptxakepd.net/KzbYMCiClP9sa0YIzO5qXYr1bRSfTpbhz2pMLrwDIikPsf2JTMz2NQoWtSA/8mNH.jpg R3 - Default URLSearchHook is missing O2 - BHO: DNSProxyObj Class - {FF4E2C50-BCF3-47cf-952A-A512F5B5D0E8} - C:\WINDOWS\System32\DNSProxy.dll O4 - Startup: Internet via Kabelfoon.lnk = ? [/b:c6f19547e8] over de volgende heb ik mijn twijfels weet je hier wat meer van? waarvan deze programma's zijn?(nog niet laten fixen): [b:c6f19547e8] O4 - HKLM\..\Run: [1Hold] C:\PROGRA~1\SITEAC~1\Pop load.exe O4 - HKLM\..\Run: [info file exit bits] C:\Documents and Settings\All Users\Application Data\Corn Glue Info File\Fast Great.exe [/b:c6f19547e8] anders even laten scannen bij: http://virusscan.jotti.dhs.org hierna computer opnieuw opstarten en nieuwe log posten suc6 [/b]
  • Ik heb ze allemaal laten fixen (ook al denk ik dat die over kabelfoon het automatisch verbinding met internet maken was, maar dit is eenvoudig te herstellen wanneer ik dat zeker weet). Logfile of HijackThis v1.98.2 Scan saved at 21:19:13, on 7-10-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Down2Home\Down2Home.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\wuauclt.exe C:\Unzipped\hijackthis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gjrmqymkptfdoyadqjrcrw.com/KzbYMCiClP9sa0YIzO5qXYr1bRSfTpbhz2pMLrwDIin8hgEu4YcWUgoWtSA/8mNH.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {DC27C42A-5D77-E37C-4C65-CDBC771F1874} - C:\PROGRA~1\SECOND~1\long list.exe O2 - BHO: DNSProxyObj Class - {FF4E2C50-BCF3-47cf-952A-A512F5B5D0E8} - C:\WINDOWS\System32\DNSProxy.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [zzzHPSETUP] G:\Setup.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE O4 - Global Startup: Down2Home.lnk = C:\Program Files\Down2Home\Down2Home.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global User Startup: Down2Home.lnk = C:\Program Files\Down2Home\Down2Home.exe O4 - Global User Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\Ers_src.htm O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093033809515 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{41C4CEB9-1594-4B3E-A6DC-B76B6ED2248C}: NameServer = 62.45.45.45 62.45.46.46
  • Je hebt last van een LOP-infectie Run deze 2 uninstallers eens een keer: http://lop.com/new_uninstall.exe http://lop.com/toolbar_uninstall.exe Kan je de uninstallers niet downloaden gebruik dan deze alternatieven : http://members.rogers.com/rjmac/toolbar_uninstall.exe http://members.rogers.com/rjmac/new_uninstall.exe Reboot de computer, run Hijackthis opnieuw en post een nieuwe log. Dan gaan we verder opruimen..
  • beiden geuninstalled. Logfile of HijackThis v1.98.2 Scan saved at 22:48:41, on 7-10-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Down2Home\Down2Home.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\wuauclt.exe c:\program files\internet explorer\iexplore.exe C:\Unzipped\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {DC27C42A-5D77-E37C-4C65-CDBC771F1874} - C:\PROGRA~1\SECOND~1\long list.exe O2 - BHO: DNSProxyObj Class - {FF4E2C50-BCF3-47cf-952A-A512F5B5D0E8} - C:\WINDOWS\System32\DNSProxy.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [zzzHPSETUP] G:\Setup.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE O4 - Global Startup: Down2Home.lnk = C:\Program Files\Down2Home\Down2Home.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global User Startup: Down2Home.lnk = C:\Program Files\Down2Home\Down2Home.exe O4 - Global User Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\Ers_src.htm O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093033809515 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{41C4CEB9-1594-4B3E-A6DC-B76B6ED2248C}: NameServer = 62.45.45.45 62.45.46.46
  • Deze nog fixen in hijackthis: O2 - BHO: (no name) - {DC27C42A-5D77-E37C-4C65-CDBC771F1874} - C:\PROGRA~1\SECOND~1\long list.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\Ers_src.htm Daarna de desbetreffende items via verkenner manueel verwijderen: C:\PROGRAM FILES\SECOND~1\ <==deze map C:\WINDOWS\Web\Ers_src.htm <==dit bestand wat betreft deze: O4 - HKLM\..\Run: [zzzHPSETUP] G:\Setup.exe daar kan ik helaas geen genoeg info over vinden of je deze mag verwijderen of niet.
  • Deze mag weg Mieke: O4 - HKLM\..\Run: [zzzHPSETUP] G:\Setup.exe
  • Thx Marc... weet ik nu ook weer bij. ;)
  • Alles uitgevoerd met dit als uiteindelijk resultaat: Logfile of HijackThis v1.98.2 Scan saved at 15:42:16, on 8-10-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Down2Home\Down2Home.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\wuauclt.exe C:\Unzipped\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: DNSProxyObj Class - {FF4E2C50-BCF3-47cf-952A-A512F5B5D0E8} - C:\WINDOWS\System32\DNSProxy.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE O4 - Global Startup: Down2Home.lnk = C:\Program Files\Down2Home\Down2Home.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global User Startup: Down2Home.lnk = C:\Program Files\Down2Home\Down2Home.exe O4 - Global User Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093033809515 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{41C4CEB9-1594-4B3E-A6DC-B76B6ED2248C}: NameServer = 62.45.45.45 62.45.46.46
  • Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:c2f6e5aa16] O2 - BHO: DNSProxyObj Class - {FF4E2C50-BCF3-47cf-952A-A512F5B5D0E8} - C:\WINDOWS\System32\DNSProxy.dll [/b:c2f6e5aa16]
  • Blijft er dan nog wel over? :D
  • [quote:27c42a512d="Schiplap"]Blijft er dan nog wel over? :D[/quote:27c42a512d] Ja hoor. Als laatste laten we jou fixen door Hijackthis... :wink:
  • [quote:96659d0eca="Schiplap"]Blijft er dan nog wel over? :D[/quote:96659d0eca] Gooi hem er nou maar uit, is "StickyPops.com" adware. edit: M@rc was sneller :( kijk trouwens wel even na of die file ook weggaat. :wink:
  • Ok, Ok, Ok................. Logfile of HijackThis v1.98.2 Scan saved at 16:43:15, on 8-10-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Down2Home\Down2Home.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Unzipped\hijackthis\HijackThis.exe C:\WINDOWS\System32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE O4 - Global Startup: Down2Home.lnk = C:\Program Files\Down2Home\Down2Home.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global User Startup: Down2Home.lnk = C:\Program Files\Down2Home\Down2Home.exe O4 - Global User Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093033809515 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
  • Ziet er goed uit Schiplap. Alle problemen van de baan?
  • Zover ik nu kan beoordelen wel ja. Hartelijk dank voor jullie tomeloze inzet.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.