Vraag & Antwoord

Beveiliging & privacy

Log bekijken svp

7 antwoorden
  • Hoi, Ik zit bij mijn buurjongen. Wil de pc opschonen en antivirus erop zetten. Helaas kan ik een oude versie van Panda niet verwijderen. Kunnen jullie svp effe helpen?? Logfile of HijackThis v1.99.1 Scan saved at 14:34:51, on 20-3-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\Dit.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\Program Files\Common Files\CMEII\CMESys.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Altnet\Points Manager\Points Manager.exe C:\PROGRA~1\Support.com\bin\tgcmd.exe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe C:\windows\msbb.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\Snelkiezer.exe C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\Program Files\Kazaa\kazaa.exe C:\Program Files\Common Files\GMT\GMT.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\sp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\familie\LOCALS~1\Temp\Rar$EX00.703\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.utolphzkae.info/eGutpa1wTctZz4qpTNv_QQyrjZ1sHnw7d6wJEwoVC85MoFbRlJtEmQ0TrDJapqqS.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door chello broadband n.v. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {A2D31A41-8815-EBC8-CAEB-674E3764267C} - C:\PROGRA~1\RoadHide\Bags Long.exe (file missing) O2 - BHO: ToolHelper Class - {AAAE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\PROGRA~1\OSMMAN~1\OSMTOO~1.DLL (file missing) O3 - Toolbar: Locators.com Search Bar - {E720B458-B65A-438C-9FF3-B1DF65D7DB3E} - C:\WINDOWS\System32\Locators.dll (file missing) O3 - Toolbar: Locators.com Links Bar - {E720B458-B65A-438C-9FF3-B1DF65D7DB3F} - shdocvw.dll (file missing) O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe" O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s O4 - HKLM\..\Run: [tgcmd] "C:\PROGRA~1\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe" O4 - HKLM\..\Run: [Meet Free Wave Mode] C:\Documents and Settings\All Users\Application Data\Bleh Thunk Meet Free\ByteFirst.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [msbb] c:\windows\msbb.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Snelkiezer] C:\WINDOWS\Snelkiezer_.exe /quiet O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM\..\Run: [mrkpafgx] C:\WINDOWS\mrkpafgx.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [sp] C:\sp.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Locators.com Search Bar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\System32\Locators.dll (file missing) O9 - Extra 'Tools' menuitem: Locators.com Search Bar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\System32\Locators.dll (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - O23 - Service: distributed.net client (dnetc) - Unknown owner - C:\WINDOWS\system32\iosdt\iosdt.exe (file missing) O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe (file missing) O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  • Scan eerst met een geupdate Ad-Aware SE. Instructies vind je hier: http://users.telenet.be/marcvn/spyware/1414188.htm Herstart de computer en maak een nieuwe Hijackthislog. Post deze. Download vindjob.zip: http://users.telenet.be/marcvn/tools/vindjob.zip Unzip het dubelklik op vindjob.bat. Er wordt een logje gemaakt. Post de inhoud van dit logje ook.
  • Logfile of HijackThis v1.99.1 Scan saved at 20:35:44, on 20-3-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\Dit.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\PROGRA~1\Support.com\bin\tgcmd.exe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\Snelkiezer_.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\Program Files\Kazaa\kazaa.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe c:\documents and settings\familie\local settings\temp\fsg_4203.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\familie\Bureaublad\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.utolphzkae.info/eGutpa1wTctZz4qpTNv_QQyrjZ1sHnw7d6wJEwoVC85MoFbRlJtEmQ0TrDJapqqS.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door chello broadband n.v. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {A2D31A41-8815-EBC8-CAEB-674E3764267C} - C:\PROGRA~1\RoadHide\Bags Long.exe (file missing) O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL (file missing) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [tgcmd] "C:\PROGRA~1\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe O4 - HKLM\..\Run: [Meet Free Wave Mode] C:\Documents and Settings\All Users\Application Data\Bleh Thunk Meet Free\ByteFirst.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Snelkiezer] C:\WINDOWS\Snelkiezer.exe /quiet O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM\..\Run: [mrkpafgx] C:\WINDOWS\mrkpafgx.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\familie\local settings\temp\fsg_4203.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - O23 - Service: distributed.net client (dnetc) - Unknown owner - C:\WINDOWS\system32\iosdt\iosdt.exe (file missing) O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe (file missing) O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe De volumenaam van station C is BOOT Het volumenummer is 08AC-1C85 Map van C:\WINDOWS\tasks 20-03-2005 15:12 <DIR> . 20-03-2005 15:12 <DIR> .. 20-03-2005 20:00 272 ABCC29E8910FA0AC.job 20-03-2005 20:00 238 AF62BD7291852F8A.job 20-03-2005 20:35 500 Controle op updates door McAfee.com (THUIS-familie).job 11-09-2002 13:00 65 desktop.ini 12-03-2005 18:31 394 FRU Task #Hewlett-Packard#hp psc 2170 series#1110648647.job 20-03-2005 15:12 394 FRU Task #Hewlett-Packard#hp psc 2170 series#1111327913.job 20-03-2005 20:32 6 SA.DAT 14-03-2005 09:00 392 {14487FFA-87B3-414A-96BE-C3BFB25B4C30}_THUIS_familie.job 18-03-2005 16:00 392 {2C02E8E6-29AA-4543-ABFD-F1AA526AEE04}_THUIS_familie.job 18-03-2005 16:00 392 {D00B235B-5297-4B6F-B446-C95AC3AE8F55}_THUIS_familie.job 10 bestand(en) 3.045 bytes Map van C:\Documents and Settings\familie\Local Settings\Temporary Internet Files\Content.IE5\4VY7AF4P
  • Kan je me dit bestand zippen en mailen: C:\WINDOWS\Snelkiezer.exe (marckieATbluemedicine.be - AT vervang je door @) Open kladblok en kopieer onderstaande code in dit kladblokbestand. Sla het op als deljob.bat [code:1:36c7ee0f04] %systemdrive% cd C:\WINDOWS\Tasks attrib -r -s -h ABCC29E8910FA0AC.job del ABCC29E8910FA0AC.job attrib -r -s -h AF62BD7291852F8A.job del AF62BD7291852F8A.job [/code:1:36c7ee0f04] Sla HijackThis op in een eigen map. Niet op je bureaublad of in je Temp-files. HijackThis maakt namelijk backups in de map waar het opgestart wordt. Zorg dat alle [url=http://users.pandora.be/marcvn/spyware/1117602.htm]verborgen bestanden weergegeven worden[/url]. Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig de volgende programma's: P2P Network Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. Dubbelklik op deljob.bat. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:36c7ee0f04] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.utolphzkae.info/eGutpa1wTctZz4qpTNv_QQyrjZ1sHnw7d6wJEwoVC85MoFbRlJtEmQ0TrDJapqqS.html R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL (file missing) O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL (file missing) O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [Snelkiezer] C:\WINDOWS\Snelkiezer.exe /quiet O4 - HKLM\..\Run: [mrkpafgx] C:\WINDOWS\mrkpafgx.exe O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\familie\local settings\temp\fsg_4203.exe" O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - O23 - Service: distributed.net client (dnetc) - Unknown owner - C:\WINDOWS\system32\iosdt\iosdt.exe (file missing) [/b:36c7ee0f04] Verwijder de volgende bestanden indien aanwezig: C:\WINDOWS\mrkpafgx.exe Verwijder de volgende mappen indien aanwezig: C:\Program Files\MyWay C:\WINDOWS\system32\P2P Networking C:\Program Files\Common Files\GMT C:\WINDOWS\system32\iosdt Maak deze map leeg: c:\documents and settings\familie\local settings\temp Reboot de computer, run HijackThis opnieuw en post een nieuwe log. Maak een nieuwe log met vindjob.bat en post dit logje ook.
  • Ik ben het aan het bestuderen. Wel ben ik nu weer bij mijzelf thuis. Morgenmiddag ga ik je adviezen uitvoeren en hoop dan op de goede weg te zitten bij hem. Alvast heel veel dank tot dusver. Carl
  • Hoi M@rk, De ellende is zo enorm.. Krijg de meeste bestanden niet eens verwijderd. Veilige Modus werkt nauwelijks. We besluiten maar om de recovery disk erdoor te halen. Goed idee??
  • Lijkt me niet echt nodig hoor. Probeer veilige modus met netwerkondersteuning. Lukt het niet meld je dan terug met een nieuwe Hijackthislog.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.