Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hijack v1.35

None
20 antwoorden
  • Logfile of HijackThis v1.99.1
    Scan saved at 17:51:42, on 3/03/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Cherry\CDI\CDI.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Trend Micro\OfficeScan Client
    trtscan.exe
    C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Cherry\KeyMan\KeyMan.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\WINDOWS\TEMP\BS377F.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\LifeView TVR\RecSche.exe
    C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\BMT MouseTracker\MouseTrack.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\WINDOWS\Paper.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\DbServer.exe
    C:\Program Files\Trend Micro\PolicyServer\PolicyServer.exe
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\WINDOWS\System32\vmnat.exe
    C:\WINDOWS\System32\vmnetdhcp.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\hopster\hopster.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001
    l\msnappau.exe
    C:\Program Files\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.fortisbanking.be/start.asp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.vlaanderen.be:80;gopher=proxy.vlaanderen.be:80;http=proxy.vlaanderen.be:80;https=proxy.vlaanderen.be:80;socks=127.0.0.1:1080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {397D7D63-816E-4ECF-8761-775C932C5CF1} - C:\WINDOWS\iDonate.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001
    l\msntb.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001
    l\msntb.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [CherryKeyMan] "C:\Program Files\Cherry\KeyMan\KeyMan.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [HelioBar] F:\+++ Software +++\Stuff\HelioBar XP 1.4\HelioBar.exe start
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [BMT] C:\Program Files\BMT MouseTracker\MouseTrack.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
    O4 - Startup: Change Wallpaper.lnk = C:\WINDOWS\Paper.exe
    O4 - Startup: ClnScUpd.lnk = ?
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to Keyman - C:\Program Files\Cherry\KeyMan\IEMenuExtKeyman.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
    O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS
    ppdf32.dll
    O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101163557875
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FDD7D667-7FF1-47E4-949D-F8D1271D0DE2}: NameServer = 10.138.248.14 10.138.4.7
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Cherry Device Interface - Cherry Gmbh, Auerbach Germany, www.cherry.de - C:\Program Files\Cherry\CDI\CDI.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
    O23 - Service: hpdj3600 - Unknown owner - C:\DOCUME~1\Mike\LOCALS~1\Temp\hpdj3600.exe (file missing)
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN
    ipsvc.exe (file missing)
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client
    trtscan.exe
    O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
    O23 - Service: OfficeScan Master Service (ofcservice) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    O23 - Service: Trend Micro Policy Server for Cisco NAC (tmPolicyServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\PolicyServer\PolicyServer.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe






  • log 18-2: geen reactie meer: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=934385&highlight=#934385
    log 1-2: geen reactie meer: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=926777&highlight=#926777
    log 20-1: geen reactie meer: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=920775&highlight=#920775
    log 30-12: geen reactie meer: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=909482&highlight=#909482
    log 19-12: geen reactie meer: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=904270&highlight=#904270
    ……
    :o
  • [quote:ff2bca0ff8="M@rc"]log 18-2: geen reactie meer: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=934385&highlight=#934385
    log 1-2: geen reactie meer: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=926777&highlight=#926777
    log 20-1: geen reactie meer: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=920775&highlight=#920775
    log 30-12: geen reactie meer: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=909482&highlight=#909482
    log 19-12: geen reactie meer: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=904270&highlight=#904270
    ……
    :o[/quote:ff2bca0ff8]

    Omdat het opgelost geraakt. Daarom vond ik het niet nodig om een antwoord te posten. Sorry dat het zo overkomt voor jullie, dat ik er niet meer naar kijk.
  • Is wel zo netjes om te antwoorden dat het is opgelost dan in 1 keer niks meet te laten horen.

    Taco
  • [quote:9a985f6b06="taco78"]Is wel zo netjes om te antwoorden dat het is opgelost dan in 1 keer niks meet te laten horen.

    Taco[/quote:9a985f6b06]
    Spijt komt na de daad, maar ik zal er mee rekening houden
  • Start de computer in veilige modus.

    Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
    [b:7722944290]
    O2 - BHO: (no name) - {397D7D63-816E-4ECF-8761-775C932C5CF1} - C:\WINDOWS\iDonate.dll

    O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
    [/b:7722944290]
  • [quote:6263e2de86="M@rc"]Start de computer in veilige modus.

    Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
    [b:6263e2de86]
    O2 - BHO: (no name) - {397D7D63-816E-4ECF-8761-775C932C5CF1} - C:\WINDOWS\iDonate.dll

    O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
    [/b:6263e2de86][/quote:6263e2de86]
    Nieuw logje nadat ik bovenstaande verwijderd heb

    Logfile of HijackThis v1.99.1
    Scan saved at 1:05:26, on 6/03/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.fortisbanking.be/start.asp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.vlaanderen.be:80;gopher=proxy.vlaanderen.be:80;http=proxy.vlaanderen.be:80;https=proxy.vlaanderen.be:80;socks=127.0.0.1:1080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001
    l\msntb.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001
    l\msntb.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [CherryKeyMan] "C:\Program Files\Cherry\KeyMan\KeyMan.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [HelioBar] F:\+++ Software +++\Stuff\HelioBar XP 1.4\HelioBar.exe start
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [] "C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Admin" -HideWindow
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [BMT] C:\Program Files\BMT MouseTracker\MouseTrack.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - Startup: Change Wallpaper.lnk = C:\WINDOWS\Paper.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to Keyman - C:\Program Files\Cherry\KeyMan\IEMenuExtKeyman.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
    O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS
    ppdf32.dll
    O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101163557875
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FDD7D667-7FF1-47E4-949D-F8D1271D0DE2}: NameServer = 10.138.248.14 10.138.4.7
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Cherry Device Interface - Cherry Gmbh, Auerbach Germany, www.cherry.de - C:\Program Files\Cherry\CDI\CDI.exe
    O23 - Service: Cisco Trust Agent (ctad) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe
    O23 - Service: Cisco Trust Agent Event Logging Service (ctalogd) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
    O23 - Service: hpdj3600 - Unknown owner - C:\DOCUME~1\Mike\LOCALS~1\Temp\hpdj3600.exe (file missing)
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN
    ipsvc.exe (file missing)
    O23 - Service: OfficeScan Master Service (ofcservice) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\Speed Disk\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe



  • Lijkt me OK.
    Nog problemen?
  • [quote:60a71d0e8a="M@rc"]Lijkt me OK.
    Nog problemen?[/quote:60a71d0e8a]

    Momenteel niet. Thx voor de oplossing.
  • Graag gedaan.

    Maak je Temp-map leeg: Start - Uitvoeren tik in: %TEMP%.
    Selecteer alle bestanden in deze map en verwijder ze.

    Ledig de map met tijdelijke internetbestanden: Configuratiescherm - Internetopties - tabblad Algemeen - klik bij Tijdelijke internetbestanden op Bestanden Verwijderen.

    Maak je Prullenbak leeg.

    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
    Systeemherstel uitschakelen.

    Bezoek regelmatig de Windows Update Site. Alleen zo ben je zeker dat je de nieuwste patches voor je besturingssysteem geïnstalleerd hebt. Als er nieuwe updates beschikbaar zijn, dan dowload en installeer je alle essentiële updates en service packs. Reboot je computer en controleer opnieuw. Herhaal deze procedure tot dat er geen essentiële updates meer zijn.

    Installeer ook SpywareBlaster en Spywareguard.
    Gebruik je de laatste versie van Spybot Search & Destroy, en je maakt gebruik van de realtime protectie TeaTimer, dan moet je Spywareguard niet installeren.
    Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier.
  • Als ik SpywareGuard open, krijg ik een foutmelding ivm ActiveX die niet correct is.
  • Bedoel je dat spywareguard niet werkt of bedoel je dat Spywareguard meldt dat de instellingen van activeX niet goed staan?
  • [quote:160817b5a3="rataplantje"]
    Logfile of HijackThis v1.99.1
    Scan saved at 1:05:26, on 6/03/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)[/quote:160817b5a3]

    SP2 installeren dan komt het spyware ook niet makkelijk je computer binnen, en krijg je ook minder kan op virussen enz. en Microsoft schort het hulp op voor mensen zonder SP2. :wink:
  • [quote:da679ee447="brandsrus"][quote:da679ee447="rataplantje"]
    Logfile of HijackThis v1.99.1
    Scan saved at 1:05:26, on 6/03/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)[/quote:da679ee447]

    SP2 installeren dan komt het spyware ook niet makkelijk je computer binnen, en krijg je ook minder kan op virussen enz. en Microsoft schort het hulp op voor mensen zonder SP2. :wink:[/quote:da679ee447]

    Spywareguard meldt dat de instellingen van activeX niet goed staan.

    Met SP2 wil ik echt zo lang mogelijk wachten. Vooral omdat er data op mijn hdd staat die ik liever niet kwijt wil, en omdat het te groot (veel) is om te backuppen. Van het moment dat ik een nieuwe hdd heb, zet ik SP2 erop.
  • Bedoel je niet SpywareBlaster?
  • [quote:7ea07b5906="M@rc"]Bedoel je niet SpywareBlaster?[/quote:7ea07b5906]

    SpywareBlaster werkt wel hoor, het is echter Spywareguard die nu zelfs niet meer wil opstarten :cry:
  • Probleem is me niet bekend van Spywareguard. Ik weet dat SpywareBlaster melding kan geven ivm de instellingen van ActiveX.

    Overloop de instellingen van je ActiveX eens een keer.
    Maak een nieuwe HijackThislog en post deze. (na een reboot)
  • [quote:f34c0fe0e8="M@rc"]Probleem is me niet bekend van Spywareguard. Ik weet dat SpywareBlaster melding kan geven ivm de instellingen van ActiveX.

    Overloop de instellingen van je ActiveX eens een keer.
    Maak een nieuwe HijackThislog en post deze. (na een reboot)[/quote:f34c0fe0e8]

    Met spywareblaster heb ik het programma alles zelf laten doen. En hier heb je een screenshot van de foutmelding:
    [img:f34c0fe0e8]http://users.skynet.be/fa827242/error.jpg[/img:f34c0fe0e8]

    Logfile of HijackThis v1.99.1
    Scan saved at 8:28:49, on 8/03/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
    C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Cherry\CDI\CDI.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\NORTON~1\NORTON~1\Speed Disk\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\WINDOWS\System32\vmnat.exe
    C:\WINDOWS\System32\vmnetdhcp.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Cherry\KeyMan\KeyMan.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\LifeView TVR\RecSche.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\BMT MouseTracker\MouseTrack.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\WINDOWS\Paper.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.fortisbanking.be/start.asp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.vlaanderen.be:80;gopher=proxy.vlaanderen.be:80;http=proxy.vlaanderen.be:80;https=proxy.vlaanderen.be:80;socks=127.0.0.1:1080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001
    l\msntb.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001
    l\msntb.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [CherryKeyMan] "C:\Program Files\Cherry\KeyMan\KeyMan.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [HelioBar] F:\+++ Software +++\Stuff\HelioBar XP 1.4\HelioBar.exe start
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [BMT] C:\Program Files\BMT MouseTracker\MouseTrack.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: Change Wallpaper.lnk = C:\WINDOWS\Paper.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HiDownload\HDGetAll.htm
    O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HiDownload\HDGet.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to Keyman - C:\Program Files\Cherry\KeyMan\IEMenuExtKeyman.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HiDownload\hidownload.exe
    O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
    O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS
    ppdf32.dll
    O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101163557875
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Cherry Device Interface - Cherry Gmbh, Auerbach Germany, www.cherry.de - C:\Program Files\Cherry\CDI\CDI.exe
    O23 - Service: Cisco Trust Agent (ctad) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe
    O23 - Service: Cisco Trust Agent Event Logging Service (ctalogd) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
    O23 - Service: hpdj3600 - Unknown owner - C:\DOCUME~1\Mike\LOCALS~1\Temp\hpdj3600.exe (file missing)
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN
    ipsvc.exe (file missing)
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\Speed Disk\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe



  • Deze kan je nog fixen:
    [b:4e2aa0d0ed]
    O23 - Service: hpdj3600 - Unknown owner - C:\DOCUME~1\Mike\LOCALS~1\Temp\hpdj3600.exe (file missing)
    [/b:4e2aa0d0ed]
  • [quote:c601cfb648="M@rc"]Deze kan je nog fixen:
    [b:c601cfb648]
    O23 - Service: hpdj3600 - Unknown owner - C:\DOCUME~1\Mike\LOCALS~1\Temp\hpdj3600.exe (file missing)
    [/b:c601cfb648][/quote:c601cfb648]

    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN
    ipsvc.exe (file missing)
    Deze heb ik ook weggedaan.

    Anders loopt het in orde.

    Bedankt voor de hulp, en tot de volgende hijack log :D

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.