Vraag & Antwoord

Beveiliging & privacy

HJT logje :/

6 antwoorden
  • Als iemand die na zou kunnen kijken, heel erg bedankt :) Logfile of HijackThis v1.99.0 Scan saved at 21:12:21, on 1-1-2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe E:\Program Files\DU Meter\DUMeter.exe E:\Program Files\D-Tools\daemon.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe E:\Program Files\NetLimiter\NetLimiter.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe E:\Program Files\OmniPagePro14.0\WorkFlowTray.exe E:\Program Files\Maya6.0\docs\Wrapper.exe E:\Program Files\Messenger Plus! 3\MsgPlus.exe E:\Program Files\Apache\Apache\Apache.exe E:\Program Files\Google\Gmail Notifier\gnotify.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\r_server.exe C:\WINDOWS\System32\ctfmon.exe E:\Program Files\Maya6.0\docs\jre\bin\java.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\devldr32.exe E:\Program Files\Weather Watcher\ww.exe c:\progra~1\intern~1\iexplore.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe E:\program files\valve\steam\steam.exe E:\Program Files\Apache\Apache\Apache.exe C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe E:\Program Files\foobar2000\foobar2000.exe E:\eMule0.30c-sivka.v10c6-bin\emule.exe C:\Program Files\MSN Messenger\msnmsgr.exe E:\Program Files\mIRC\mirc.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\WinRAR\WinRAR.exe C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.etdzgrfzxxgfyk.us/6wA/fPBZ/1Vu3prNpZ6aMKm5FkH8fOhi76mu/IB0eb4oQdGyXjEKE8bZPCjcWple.jsp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cqvrksqfoklbymhpcu.com/6wA/fPBZ/1WRdPuywOp1jCl0g2fkjLm0aA_aoQfc3SM.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: teamlicensereal - {1B2BAE4F-5A82-B19A-5177-E6204FDAE3F8} - C:\PROGRA~1\heckarmy\obj comp.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {DAFE91CA-0A01-2678-1874-098D9B9B99FF} - C:\DOCUME~1\FWBG\APPLIC~1\heckarmy\Chic Wait.exe O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - E:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: LongOpen - {184CB49D-0968-C765-B464-DE0058C8FB0C} - C:\PROGRA~1\heckarmy\obj comp.dll (file missing) O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DU Meter] E:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [NetLimiter] E:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [WorkFlowTray] "E:\Program Files\OmniPagePro14.0\WorkFlowTray.exe" O4 - HKLM\..\Run: [MessengerPlus3] "E:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [System] C:\WINDOWS\systray.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] E:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [corn soap trust hope] C:\Documents and Settings\All Users\Application Data\bleh aim corn soap\inside live.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "E:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WeatherWatcher] "E:\Program Files\Weather Watcher\ww.exe" O4 - HKCU\..\Run: [Amen mfcd] C:\DOCUME~1\FWBG\APPLIC~1\MOVECO~1\Meet dumb.exe O4 - HKCU\..\Run: [Steam] "e:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [WindowsRegKey upd4te2d4te] ggvavjyou.exe O4 - HKCU\..\Run: [Sepate Security Firewall] sepate.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ontvang alles met FlashGet - E:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Ontvang met FlashGet - E:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Open PDF in Word - res://E:\Program Files\OmniPagePro14.0\PdfCnv\IEShellExt.dll /100 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c18.cab O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/Interactive/TerraExplorer/Install/TEInstallPlugIn.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab30149.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Alias Documentation Server - Unknown - E:\Program Files\Maya6.0\docs\Wrapper.exe O23 - Service: Apache - Unknown - E:\Program Files\Apache\Apache\Apache.exe O23 - Service: BlackMoon FTP Service - Selom Ofori - E:\Program Files\BlackMoon FTP Server\FTPService.exe O23 - Service: BMFTPRealTimeStats - Selom Ofori - E:\Program Files\BlackMoon FTP Server\BMFTPRealTimeStats.exe O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Remote Administrator Service - Unknown - C:\WINDOWS\System32\r_server.exe
  • Zorg dat alle [url=http://users.pandora.be/marcvn/spyware/1117602.htm]verborgen bestanden weergegeven worden[/url]. Download [url=http://users.telenet.be/marcvn/tools/virusfix.reg]deze[/url] regfile. Sla op, op je bureaublad. Nog niet gebruiken. Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig de volgende programma's: Messengerplus Run nadien deze uninstaller: http://lop.com/new_uninstall.exe http://lop.com/toolbar_uninstall.exe Kan je de uninstallers niet downloaden gebruik dan deze alternatieven : http://members.rogers.com/rjmac/toolbar_uninstall.exe http://members.rogers.com/rjmac/new_uninstall.exe Reboot de computer. Wil je Messengerplus blijven gebruiken, installeer het dan deze keer zonder sponsors. Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: Sommige sleutels zouden al weg moeten zijn. [b:6f018e618e] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.etdzgrfzxxgfyk.us/6wA/fPBZ/1Vu3prNpZ6aMKm5FkH8fOhi76mu/IB0eb4oQdGyXjEKE8bZPCjcWple.jsp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cqvrksqfoklbymhpcu.com/6wA/fPBZ/1WRdPuywOp1jCl0g2fkjLm0aA_aoQfc3SM.html O2 - BHO: teamlicensereal - {1B2BAE4F-5A82-B19A-5177-E6204FDAE3F8} - C:\PROGRA~1\heckarmy\obj comp.dll (file missing) O2 - BHO: (no name) - {DAFE91CA-0A01-2678-1874-098D9B9B99FF} - C:\DOCUME~1\FWBG\APPLIC~1\heckarmy\Chic Wait.exe O3 - Toolbar: LongOpen - {184CB49D-0968-C765-B464-DE0058C8FB0C} - C:\PROGRA~1\heckarmy\obj comp.dll (file missing) O4 - HKLM\..\Run: [System] C:\WINDOWS\systray.exe O4 - HKLM\..\Run: [corn soap trust hope] C:\Documents and Settings\All Users\Application Data\bleh aim corn soap\inside live.exe O4 - HKCU\..\Run: [Amen mfcd] C:\DOCUME~1\FWBG\APPLIC~1\MOVECO~1\Meet dumb.exe O4 - HKCU\..\Run: [WindowsRegKey upd4te2d4te] ggvavjyou.exe O4 - HKCU\..\Run: [Sepate Security Firewall] sepate.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c18.cab [/b:6f018e618e] Verwijder de volgende bestanden en/of mappen indien aanwezig: C:\DOCUME~1\FWBG\APPLIC~1\MOVECO~1 C:\WINDOWS\systray.exe C:\PROGRA~1\heckarmy C:\DOCUME~1\FWBG\APPLIC~1\heckarmy C:\Documents and Settings\All Users\Application Data\bleh aim corn soap C:\DOCUME~1\FWBG\APPLIC~1\MOVECO~1 Dubbelklik op de daarstraks gedownloade regfile en laat de wijzigingen aan het register toevoegen. Reboot de computer, doe een online scan. Run HijackThis opnieuw en post een nieuwe log.
  • Logfile of HijackThis v1.99.0 Scan saved at 21:32:57, on 2-1-2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe E:\Program Files\DU Meter\DUMeter.exe E:\Program Files\D-Tools\daemon.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe E:\Program Files\NetLimiter\NetLimiter.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe E:\Program Files\OmniPagePro14.0\WorkFlowTray.exe E:\Program Files\Google\Gmail Notifier\gnotify.exe C:\WINDOWS\System32\ctfmon.exe E:\Program Files\Maya6.0\docs\Wrapper.exe E:\Program Files\Apache\Apache\Apache.exe E:\program files\valve\steam\steam.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE E:\Program Files\Maya6.0\docs\jre\bin\java.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\r_server.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe E:\Program Files\Apache\Apache\Apache.exe C:\WINDOWS\System32\devldr32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe E:\Program Files\Weather Watcher\ww.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ntvdm.exe E:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\FWBG\LOCALS~1\Temp\Rar$EX00.141\KillBox.exe C:\WINDOWS\System32\cmd.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tweakers.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - E:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DU Meter] E:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe O4 - HKLM\..\Run: [NetLimiter] E:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [WorkFlowTray] "E:\Program Files\OmniPagePro14.0\WorkFlowTray.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] E:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [System] C:\WINDOWS\systray.exe O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\FWBG\LOCALS~1\Temp\MsgPlusUninst.bat" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WeatherWatcher] "E:\Program Files\Weather Watcher\ww.exe" O4 - HKCU\..\Run: [Steam] "e:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [WindowsRegKey upd4te2d4te] ggvavjyou.exe O4 - HKCU\..\Run: [Sepate Security Firewall] sepate.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ontvang alles met FlashGet - E:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Ontvang met FlashGet - E:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Open PDF in Word - res://E:\Program Files\OmniPagePro14.0\PdfCnv\IEShellExt.dll /100 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/Interactive/TerraExplorer/Install/TEInstallPlugIn.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab30149.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Alias Documentation Server - Unknown - E:\Program Files\Maya6.0\docs\Wrapper.exe O23 - Service: Apache - Unknown - E:\Program Files\Apache\Apache\Apache.exe O23 - Service: BlackMoon FTP Service - Selom Ofori - E:\Program Files\BlackMoon FTP Server\FTPService.exe O23 - Service: BMFTPRealTimeStats - Selom Ofori - E:\Program Files\BlackMoon FTP Server\BMFTPRealTimeStats.exe O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Remote Administrator Service - Unknown - C:\WINDOWS\System32\r_server.exe volgensmij issie zo schoon, maar het kan zijn dat ik nog wat over het hoofd zie :)
  • Ik zie nog steeds 2 virussen webspider. Probeer nog een keertje. Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:3e0f3891e1] O4 - HKLM\..\Run: [System] C:\WINDOWS\systray.exe O4 - HKCU\..\Run: [WindowsRegKey upd4te2d4te] ggvavjyou.exe O4 - HKCU\..\Run: [Sepate Security Firewall] sepate.exe [/b:3e0f3891e1] Verwijder de volgende bestanden en/of mappen indien aanwezig: C:\WINDOWS\systray.exe c:\Windows\system32\sepate.exe c:\Windows\system32\ggvavjyou.exe Reboot de computer, Heel het systeem scannen met een geupdate virusscanner (of online-scan) Reboot, run HijackThis opnieuw en post een nieuwe log.
  • [code:1:d44f72ef3c]O4 - HKCU\..\Run: [WeatherWatcher] "E:\Program Files\Weather Watcher\ww.exe"[/code:1:d44f72ef3c] Is ook nog meuk.
  • [quote:030fd95ae9="=Rieske="][code:1:030fd95ae9]O4 - HKCU\..\Run: [WeatherWatcher] "E:\Program Files\Weather Watcher\ww.exe"[/code:1:030fd95ae9] Is ook nog meuk.[/quote:030fd95ae9] Ik zie het kwade er niet van in.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.