Vraag & Antwoord

Beveiliging & privacy

Hijack v1.35

20 antwoorden
  • Logfile of HijackThis v1.99.1 Scan saved at 17:51:42, on 3/03/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Cherry\CDI\CDI.exe C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Cherry\KeyMan\KeyMan.exe C:\Program Files\D-Tools\daemon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\WINDOWS\Mixer.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\WINDOWS\TEMP\BS377F.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\LifeView TVR\RecSche.exe C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\BMT MouseTracker\MouseTrack.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\Paper.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\DbServer.exe C:\Program Files\Trend Micro\PolicyServer\PolicyServer.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\WINDOWS\System32\vmnat.exe C:\WINDOWS\System32\vmnetdhcp.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\hopster\hopster.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe C:\Program Files\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.fortisbanking.be/start.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.vlaanderen.be:80;gopher=proxy.vlaanderen.be:80;http=proxy.vlaanderen.be:80;https=proxy.vlaanderen.be:80;socks=127.0.0.1:1080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {397D7D63-816E-4ECF-8761-775C932C5CF1} - C:\WINDOWS\iDonate.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [CherryKeyMan] "C:\Program Files\Cherry\KeyMan\KeyMan.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [HelioBar] F:\+++ Software +++\Stuff\HelioBar XP 1.4\HelioBar.exe start O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [BMT] C:\Program Files\BMT MouseTracker\MouseTrack.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h O4 - Startup: Change Wallpaper.lnk = C:\WINDOWS\Paper.exe O4 - Startup: ClnScUpd.lnk = ? O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to Keyman - C:\Program Files\Cherry\KeyMan\IEMenuExtKeyman.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing) O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing) O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101163557875 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FDD7D667-7FF1-47E4-949D-F8D1271D0DE2}: NameServer = 10.138.248.14 10.138.4.7 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Cherry Device Interface - Cherry Gmbh, Auerbach Germany, www.cherry.de - C:\Program Files\Cherry\CDI\CDI.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE O23 - Service: hpdj3600 - Unknown owner - C:\DOCUME~1\Mike\LOCALS~1\Temp\hpdj3600.exe (file missing) O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: OfficeScan Master Service (ofcservice) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: Trend Micro Policy Server for Cisco NAC (tmPolicyServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\PolicyServer\PolicyServer.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe
  • log 18-2: geen reactie meer: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=934385&highlight=#934385 log 1-2: geen reactie meer: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=926777&highlight=#926777 log 20-1: geen reactie meer: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=920775&highlight=#920775 log 30-12: geen reactie meer: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=909482&highlight=#909482 log 19-12: geen reactie meer: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=904270&highlight=#904270 ...... :o
  • [quote:ff2bca0ff8="M@rc"]log 18-2: geen reactie meer: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=934385&highlight=#934385 log 1-2: geen reactie meer: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=926777&highlight=#926777 log 20-1: geen reactie meer: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=920775&highlight=#920775 log 30-12: geen reactie meer: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=909482&highlight=#909482 log 19-12: geen reactie meer: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=904270&highlight=#904270 ...... :o[/quote:ff2bca0ff8] Omdat het opgelost geraakt. Daarom vond ik het niet nodig om een antwoord te posten. Sorry dat het zo overkomt voor jullie, dat ik er niet meer naar kijk.
  • Is wel zo netjes om te antwoorden dat het is opgelost dan in 1 keer niks meet te laten horen. Taco
  • [quote:9a985f6b06="taco78"]Is wel zo netjes om te antwoorden dat het is opgelost dan in 1 keer niks meet te laten horen. Taco[/quote:9a985f6b06] Spijt komt na de daad, maar ik zal er mee rekening houden
  • Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:7722944290] O2 - BHO: (no name) - {397D7D63-816E-4ECF-8761-775C932C5CF1} - C:\WINDOWS\iDonate.dll O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h [/b:7722944290]
  • [quote:6263e2de86="M@rc"]Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:6263e2de86] O2 - BHO: (no name) - {397D7D63-816E-4ECF-8761-775C932C5CF1} - C:\WINDOWS\iDonate.dll O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h [/b:6263e2de86][/quote:6263e2de86] Nieuw logje nadat ik bovenstaande verwijderd heb Logfile of HijackThis v1.99.1 Scan saved at 1:05:26, on 6/03/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.fortisbanking.be/start.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.vlaanderen.be:80;gopher=proxy.vlaanderen.be:80;http=proxy.vlaanderen.be:80;https=proxy.vlaanderen.be:80;socks=127.0.0.1:1080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [CherryKeyMan] "C:\Program Files\Cherry\KeyMan\KeyMan.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [HelioBar] F:\+++ Software +++\Stuff\HelioBar XP 1.4\HelioBar.exe start O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [] "C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Admin\" -HideWindow O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [BMT] C:\Program Files\BMT MouseTracker\MouseTrack.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - Startup: Change Wallpaper.lnk = C:\WINDOWS\Paper.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to Keyman - C:\Program Files\Cherry\KeyMan\IEMenuExtKeyman.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing) O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing) O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101163557875 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FDD7D667-7FF1-47E4-949D-F8D1271D0DE2}: NameServer = 10.138.248.14 10.138.4.7 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Cherry Device Interface - Cherry Gmbh, Auerbach Germany, www.cherry.de - C:\Program Files\Cherry\CDI\CDI.exe O23 - Service: Cisco Trust Agent (ctad) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe O23 - Service: Cisco Trust Agent Event Logging Service (ctalogd) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe O23 - Service: hpdj3600 - Unknown owner - C:\DOCUME~1\Mike\LOCALS~1\Temp\hpdj3600.exe (file missing) O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: OfficeScan Master Service (ofcservice) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\Speed Disk\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe
  • Lijkt me OK. Nog problemen?
  • [quote:60a71d0e8a="M@rc"]Lijkt me OK. Nog problemen?[/quote:60a71d0e8a] Momenteel niet. Thx voor de oplossing.
  • Graag gedaan. Maak je Temp-map leeg: Start - Uitvoeren tik in: %TEMP%. Selecteer alle bestanden in deze map en verwijder ze. Ledig de map met tijdelijke internetbestanden: Configuratiescherm - Internetopties - tabblad Algemeen - klik bij Tijdelijke internetbestanden op Bestanden Verwijderen. Maak je Prullenbak leeg. Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in. [url=http://users.pandora.be/marcvn/spyware/1852808.htm]Systeemherstel uitschakelen[/url]. Bezoek regelmatig de [url=http://www.windowsupdate.com]Windows Update Site[/url]. Alleen zo ben je zeker dat je de nieuwste patches voor je besturingssysteem geïnstalleerd hebt. Als er nieuwe updates beschikbaar zijn, dan dowload en installeer je alle essentiële updates en service packs. Reboot je computer en controleer opnieuw. Herhaal deze procedure tot dat er geen essentiële updates meer zijn. Installeer ook [url=http://www.javacoolsoftware.com/spywareblaster.html]SpywareBlaster[/url] en [url=http://www.javacoolsoftware.com/spywareguard.html]Spywareguard[/url]. Gebruik je de laatste versie van Spybot Search & Destroy, en je maakt gebruik van de realtime protectie TeaTimer, dan moet je Spywareguard niet installeren. Meer info over hoe je een nieuwe infectie kan voorkomen vind je [url=http://users.pandora.be/marcvn/spyware/1564073.htm]hier[/url].
  • Als ik SpywareGuard open, krijg ik een foutmelding ivm ActiveX die niet correct is.
  • Bedoel je dat spywareguard niet werkt of bedoel je dat Spywareguard meldt dat de instellingen van activeX niet goed staan?
  • [quote:160817b5a3="rataplantje"] Logfile of HijackThis v1.99.1 Scan saved at 1:05:26, on 6/03/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)[/quote:160817b5a3] SP2 installeren dan komt het spyware ook niet makkelijk je computer binnen, en krijg je ook minder kan op virussen enz. en Microsoft schort het hulp op voor mensen zonder SP2. :wink:
  • [quote:da679ee447="brandsrus"][quote:da679ee447="rataplantje"] Logfile of HijackThis v1.99.1 Scan saved at 1:05:26, on 6/03/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)[/quote:da679ee447] SP2 installeren dan komt het spyware ook niet makkelijk je computer binnen, en krijg je ook minder kan op virussen enz. en Microsoft schort het hulp op voor mensen zonder SP2. :wink:[/quote:da679ee447] Spywareguard meldt dat de instellingen van activeX niet goed staan. Met SP2 wil ik echt zo lang mogelijk wachten. Vooral omdat er data op mijn hdd staat die ik liever niet kwijt wil, en omdat het te groot (veel) is om te backuppen. Van het moment dat ik een nieuwe hdd heb, zet ik SP2 erop.
  • Bedoel je niet SpywareBlaster?
  • [quote:7ea07b5906="M@rc"]Bedoel je niet SpywareBlaster?[/quote:7ea07b5906] SpywareBlaster werkt wel hoor, het is echter Spywareguard die nu zelfs niet meer wil opstarten :cry:
  • Probleem is me niet bekend van Spywareguard. Ik weet dat SpywareBlaster melding kan geven ivm de instellingen van ActiveX. Overloop de instellingen van je ActiveX eens een keer. Maak een nieuwe HijackThislog en post deze. (na een reboot)
  • [quote:f34c0fe0e8="M@rc"]Probleem is me niet bekend van Spywareguard. Ik weet dat SpywareBlaster melding kan geven ivm de instellingen van ActiveX. Overloop de instellingen van je ActiveX eens een keer. Maak een nieuwe HijackThislog en post deze. (na een reboot)[/quote:f34c0fe0e8] Met spywareblaster heb ik het programma alles zelf laten doen. En hier heb je een screenshot van de foutmelding: [img:f34c0fe0e8]http://users.skynet.be/fa827242/error.jpg[/img:f34c0fe0e8] Logfile of HijackThis v1.99.1 Scan saved at 8:28:49, on 8/03/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Cherry\CDI\CDI.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\NORTON~1\NORTON~1\Speed Disk\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\WINDOWS\System32\vmnat.exe C:\WINDOWS\System32\vmnetdhcp.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Cherry\KeyMan\KeyMan.exe C:\Program Files\D-Tools\daemon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\WINDOWS\Mixer.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\LifeView TVR\RecSche.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\BMT MouseTracker\MouseTrack.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\Paper.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.fortisbanking.be/start.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.vlaanderen.be:80;gopher=proxy.vlaanderen.be:80;http=proxy.vlaanderen.be:80;https=proxy.vlaanderen.be:80;socks=127.0.0.1:1080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [CherryKeyMan] "C:\Program Files\Cherry\KeyMan\KeyMan.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [HelioBar] F:\+++ Software +++\Stuff\HelioBar XP 1.4\HelioBar.exe start O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [BMT] C:\Program Files\BMT MouseTracker\MouseTrack.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: Change Wallpaper.lnk = C:\WINDOWS\Paper.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HiDownload\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HiDownload\HDGet.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to Keyman - C:\Program Files\Cherry\KeyMan\IEMenuExtKeyman.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HiDownload\hidownload.exe O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing) O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing) O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101163557875 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Cherry Device Interface - Cherry Gmbh, Auerbach Germany, www.cherry.de - C:\Program Files\Cherry\CDI\CDI.exe O23 - Service: Cisco Trust Agent (ctad) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe O23 - Service: Cisco Trust Agent Event Logging Service (ctalogd) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe O23 - Service: hpdj3600 - Unknown owner - C:\DOCUME~1\Mike\LOCALS~1\Temp\hpdj3600.exe (file missing) O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\Speed Disk\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe
  • Deze kan je nog fixen: [b:4e2aa0d0ed] O23 - Service: hpdj3600 - Unknown owner - C:\DOCUME~1\Mike\LOCALS~1\Temp\hpdj3600.exe (file missing) [/b:4e2aa0d0ed]
  • [quote:c601cfb648="M@rc"]Deze kan je nog fixen: [b:c601cfb648] O23 - Service: hpdj3600 - Unknown owner - C:\DOCUME~1\Mike\LOCALS~1\Temp\hpdj3600.exe (file missing) [/b:c601cfb648][/quote:c601cfb648] O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing) Deze heb ik ook weggedaan. Anders loopt het in orde. Bedankt voor de hulp, en tot de volgende hijack log :D

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.