Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

HJT logje :/

=Rieske=
6 antwoorden
  • Als iemand die na zou kunnen kijken, heel erg bedankt :)

    Logfile of HijackThis v1.99.0
    Scan saved at 21:12:21, on 1-1-2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\DU Meter\DUMeter.exe
    E:\Program Files\D-Tools\daemon.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    E:\Program Files\NetLimiter\NetLimiter.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\Program Files\OmniPagePro14.0\WorkFlowTray.exe
    E:\Program Files\Maya6.0\docs\Wrapper.exe
    E:\Program Files\Messenger Plus! 3\MsgPlus.exe
    E:\Program Files\Apache\Apache\Apache.exe
    E:\Program Files\Google\Gmail Notifier\gnotify.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\r_server.exe
    C:\WINDOWS\System32\ctfmon.exe
    E:\Program Files\Maya6.0\docs\jre\bin\java.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\devldr32.exe
    E:\Program Files\Weather Watcher\ww.exe
    c:\progra~1\intern~1\iexplore.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    E:\program files\valve\steam\steam.exe
    E:\Program Files\Apache\Apache\Apache.exe
    C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    E:\Program Files\foobar2000\foobar2000.exe
    E:\eMule0.30c-sivka.v10c6-bin\emule.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    E:\Program Files\mIRC\mirc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    E:\Program Files\WinRAR\WinRAR.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.etdzgrfzxxgfyk.us/6wA/fPBZ/1Vu3prNpZ6aMKm5FkH8fOhi76mu/IB0eb4oQdGyXjEKE8bZPCjcWple.jsp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cqvrksqfoklbymhpcu.com/6wA/fPBZ/1WRdPuywOp1jCl0g2fkjLm0aA_aoQfc3SM.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: teamlicensereal - {1B2BAE4F-5A82-B19A-5177-E6204FDAE3F8} - C:\PROGRA~1\heckarmy\obj comp.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {DAFE91CA-0A01-2678-1874-098D9B9B99FF} - C:\DOCUME~1\FWBG\APPLIC~1\heckarmy\Chic Wait.exe
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - E:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: LongOpen - {184CB49D-0968-C765-B464-DE0058C8FB0C} - C:\PROGRA~1\heckarmy\obj comp.dll (file missing)
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [DU Meter] E:\Program Files\DU Meter\DUMeter.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [NetLimiter] E:\Program Files\NetLimiter\NetLimiter.exe /s
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [WorkFlowTray] "E:\Program Files\OmniPagePro14.0\WorkFlowTray.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "E:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [System] C:\WINDOWS\systray.exe
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] E:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [corn soap trust hope] C:\Documents and Settings\All Users\Application Data\bleh aim corn soap\inside live.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "E:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WeatherWatcher] "E:\Program Files\Weather Watcher\ww.exe"
    O4 - HKCU\..\Run: [Amen mfcd] C:\DOCUME~1\FWBG\APPLIC~1\MOVECO~1\Meet dumb.exe
    O4 - HKCU\..\Run: [Steam] "e:\program files\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [WindowsRegKey upd4te2d4te] ggvavjyou.exe
    O4 - HKCU\..\Run: [Sepate Security Firewall] sepate.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ontvang alles met FlashGet - E:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Ontvang met FlashGet - E:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Open PDF in Word - res://E:\Program Files\OmniPagePro14.0\PdfCnv\IEShellExt.dll /100
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin
    pjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin
    pjpi142_05.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c18.cab
    O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/Interactive/TerraExplorer/Install/TEInstallPlugIn.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab30149.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
    O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Alias Documentation Server - Unknown - E:\Program Files\Maya6.0\docs\Wrapper.exe
    O23 - Service: Apache - Unknown - E:\Program Files\Apache\Apache\Apache.exe
    O23 - Service: BlackMoon FTP Service - Selom Ofori - E:\Program Files\BlackMoon FTP Server\FTPService.exe
    O23 - Service: BMFTPRealTimeStats - Selom Ofori - E:\Program Files\BlackMoon FTP Server\BMFTPRealTimeStats.exe
    O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Remote Administrator Service - Unknown - C:\WINDOWS\System32\r_server.exe
  • Zorg dat alle verborgen bestanden weergegeven worden.

    Download deze regfile.
    Sla op, op je bureaublad. Nog niet gebruiken.


    Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig de volgende programma's:
    Messengerplus
    Run nadien deze uninstaller:
    http://lop.com/new_uninstall.exe
    http://lop.com/toolbar_uninstall.exe
    Kan je de uninstallers niet downloaden gebruik dan deze alternatieven :
    http://members.rogers.com
    jmac/toolbar_uninstall.exe
    http://members.rogers.com
    jmac/new_uninstall.exe

    Reboot de computer.

    Wil je Messengerplus blijven gebruiken, installeer het dan deze keer zonder sponsors.


    Start de computer in veilige modus.

    Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
    Sommige sleutels zouden al weg moeten zijn.
    [b:6f018e618e]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.etdzgrfzxxgfyk.us/6wA/fPBZ/1Vu3prNpZ6aMKm5FkH8fOhi76mu/IB0eb4oQdGyXjEKE8bZPCjcWple.jsp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cqvrksqfoklbymhpcu.com/6wA/fPBZ/1WRdPuywOp1jCl0g2fkjLm0aA_aoQfc3SM.html

    O2 - BHO: teamlicensereal - {1B2BAE4F-5A82-B19A-5177-E6204FDAE3F8} - C:\PROGRA~1\heckarmy\obj comp.dll (file missing)
    O2 - BHO: (no name) - {DAFE91CA-0A01-2678-1874-098D9B9B99FF} - C:\DOCUME~1\FWBG\APPLIC~1\heckarmy\Chic Wait.exe

    O3 - Toolbar: LongOpen - {184CB49D-0968-C765-B464-DE0058C8FB0C} - C:\PROGRA~1\heckarmy\obj comp.dll (file missing)

    O4 - HKLM\..\Run: [System] C:\WINDOWS\systray.exe
    O4 - HKLM\..\Run: [corn soap trust hope] C:\Documents and Settings\All Users\Application Data\bleh aim corn soap\inside live.exe
    O4 - HKCU\..\Run: [Amen mfcd] C:\DOCUME~1\FWBG\APPLIC~1\MOVECO~1\Meet dumb.exe
    O4 - HKCU\..\Run: [WindowsRegKey upd4te2d4te] ggvavjyou.exe
    O4 - HKCU\..\Run: [Sepate Security Firewall] sepate.exe

    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c18.cab

    [/b:6f018e618e]

    Verwijder de volgende bestanden en/of mappen indien aanwezig:
    C:\DOCUME~1\FWBG\APPLIC~1\MOVECO~1
    C:\WINDOWS\systray.exe
    C:\PROGRA~1\heckarmy
    C:\DOCUME~1\FWBG\APPLIC~1\heckarmy
    C:\Documents and Settings\All Users\Application Data\bleh aim corn soap
    C:\DOCUME~1\FWBG\APPLIC~1\MOVECO~1

    Dubbelklik op de daarstraks gedownloade regfile en laat de wijzigingen aan het register toevoegen.

    Reboot de computer, doe een online scan.

    Run HijackThis opnieuw en post een nieuwe log.
  • Logfile of HijackThis v1.99.0
    Scan saved at 21:32:57, on 2-1-2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\DU Meter\DUMeter.exe
    E:\Program Files\D-Tools\daemon.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    E:\Program Files\NetLimiter\NetLimiter.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\Program Files\OmniPagePro14.0\WorkFlowTray.exe
    E:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\WINDOWS\System32\ctfmon.exe
    E:\Program Files\Maya6.0\docs\Wrapper.exe
    E:\Program Files\Apache\Apache\Apache.exe
    E:\program files\valve\steam\steam.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    E:\Program Files\Maya6.0\docs\jre\bin\java.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\r_server.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    E:\Program Files\Apache\Apache\Apache.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    E:\Program Files\Weather Watcher\ww.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32
    tvdm.exe
    E:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\FWBG\LOCALS~1\Temp\Rar$EX00.141\KillBox.exe
    C:\WINDOWS\System32\cmd.exe
    C:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tweakers.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - E:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [DU Meter] E:\Program Files\DU Meter\DUMeter.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
    O4 - HKLM\..\Run: [NetLimiter] E:\Program Files\NetLimiter\NetLimiter.exe /s
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [WorkFlowTray] "E:\Program Files\OmniPagePro14.0\WorkFlowTray.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] E:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [System] C:\WINDOWS\systray.exe
    O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\FWBG\LOCALS~1\Temp\MsgPlusUninst.bat"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WeatherWatcher] "E:\Program Files\Weather Watcher\ww.exe"
    O4 - HKCU\..\Run: [Steam] "e:\program files\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [WindowsRegKey upd4te2d4te] ggvavjyou.exe
    O4 - HKCU\..\Run: [Sepate Security Firewall] sepate.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ontvang alles met FlashGet - E:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Ontvang met FlashGet - E:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Open PDF in Word - res://E:\Program Files\OmniPagePro14.0\PdfCnv\IEShellExt.dll /100
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin
    pjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin
    pjpi142_05.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/Interactive/TerraExplorer/Install/TEInstallPlugIn.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab30149.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
    O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Alias Documentation Server - Unknown - E:\Program Files\Maya6.0\docs\Wrapper.exe
    O23 - Service: Apache - Unknown - E:\Program Files\Apache\Apache\Apache.exe
    O23 - Service: BlackMoon FTP Service - Selom Ofori - E:\Program Files\BlackMoon FTP Server\FTPService.exe
    O23 - Service: BMFTPRealTimeStats - Selom Ofori - E:\Program Files\BlackMoon FTP Server\BMFTPRealTimeStats.exe
    O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Remote Administrator Service - Unknown - C:\WINDOWS\System32\r_server.exe

    volgensmij issie zo schoon, maar het kan zijn dat ik nog wat over het hoofd zie :)
  • Ik zie nog steeds 2 virussen webspider.
    Probeer nog een keertje.

    Start de computer in veilige modus.

    Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
    [b:3e0f3891e1]
    O4 - HKLM\..\Run: [System] C:\WINDOWS\systray.exe

    O4 - HKCU\..\Run: [WindowsRegKey upd4te2d4te] ggvavjyou.exe
    O4 - HKCU\..\Run: [Sepate Security Firewall] sepate.exe
    [/b:3e0f3891e1]

    Verwijder de volgende bestanden en/of mappen indien aanwezig:
    C:\WINDOWS\systray.exe
    c:\Windows\system32\sepate.exe
    c:\Windows\system32\ggvavjyou.exe

    Reboot de computer, Heel het systeem scannen met een geupdate virusscanner (of online-scan)
    Reboot, run HijackThis opnieuw en post een nieuwe log.
  • [code:1:d44f72ef3c]O4 - HKCU\..\Run: [WeatherWatcher] "E:\Program Files\Weather Watcher\ww.exe"[/code:1:d44f72ef3c]
    Is ook nog meuk.
  • [quote:030fd95ae9="=Rieske="][code:1:030fd95ae9]O4 - HKCU\..\Run: [WeatherWatcher] "E:\Program Files\Weather Watcher\ww.exe"[/code:1:030fd95ae9]
    Is ook nog meuk.[/quote:030fd95ae9]
    Ik zie het kwade er niet van in.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.