Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

wil iemand hier ff naar kijken

Anoniem
None
13 antwoorden
  • hey allemaal

    mijn internet opties werken niet meer en ik ben ingelogd als admin.
    wil iemand naar dit logje kijken.

    Logfile of HijackThis v1.99.1
    Scan saved at 19:20:52, on 24-3-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Apache Group\Apache\Apache.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\mysql\bin\mysqld-nt.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\Apache Group\Apache\Apache.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOINTGR.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\desksite\bin\cma.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Windows AdStatus\WinStat.exe
    C:\Program Files\Internet Optimizer\optimize.exe
    C:\Program Files\Save\Save.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows AdStatus\WinStatKeep.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Klaas Karregat\Local Settings\Temporary Internet Files\Content.IE5\GLQV4TU7\HijackThis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://voymifexhvremvzri.net/nj8iXeTacCQOBtuCGRe18y/WgMUmVvAZV3kGNBttzWzSJ5XQp6qO7RlZ9ey8zxvq.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bwtnawkdzlfkilbvas.uk/nj8iXeTacCTX8B1fy_A95zAvuz5LomlcLOBleDunAw8.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Tiscali
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1BFF3F28-EE61-2BE7-D155-625504AF7B6E} - C:\WINDOWS\System32\hjf.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: greyknob - {80E0F65E-3539-03F6-9D78-1FF5BC7C2FAD} - C:\PROGRA~1\WARNAR~1\Name locks.dll (file missing)
    O2 - BHO: (no name) - {963BB0C2-F024-6371-4FEA-C7C4A870EAF4} - C:\DOCUME~1\KLAASK~1\APPLIC~1\WARNAR~1\gramball.exe
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32
    vms.dll
    O2 - BHO: (no name) - {CDF84564-6DFA-6729-19D3-DC226CA57238} - C:\DOCUME~1\JEROEN~1\APPLIC~1\WARNAR~1\gramball.exe
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O3 - Toolbar: hope fast mp3 - {FC25F320-E2E1-B500-1B48-D46C9F001C7D} - C:\PROGRA~1\WARNAR~1\Name locks.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
    O4 - HKLM\..\Run: [gznsjejl] C:\WINDOWS\ptmfbb.exe
    O4 - HKLM\..\Run: [ussshreg] C:\PROGRA~1\ULEADS~1.0\Ussshreg.exe

    O4 - HKLM\..\Run: [89272707.exe] C:\WINDOWS\System32\89272707.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [ahfijpo] C:\WINDOWS\System32\strpph.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
    O4 - HKLM\..\Run: [Skip info axis bike] C:\Documents and Settings\All Users\Application Data\Toolfastskipinfo\more surf.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [one slow] C:\DOCUME~1\KLAASK~1\APPLIC~1\FLAP64~1\bows bias.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.nl
    O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.01.0004/OCI/setup.exe
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2000i\AcDcToday.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9A19966F-AE0E-4699-8CCE-9B6F5F1C352C} (NPKXSite Control) - http://211.172.247.223/nprotect/npkx/npkxsite.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
    O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http:/
    unonce.msn.com/setacceptlang.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2000i\AcPreview.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
    O17 - HKLM\Software\..\Telephony: DomainName =
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain =
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
    O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" –ntservice (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe




  • Verplaats in iedergeval hijackthis naar een eigen directory. B.v. c:\hijackthis. En draai het programma dan nog een keer opnieuw. Hij maakt namelijk een back-up van de gewijzigde bestanden, en deze gaan verloreren in de temp map. Verder zie ik wel al wat troep staan, maar ben (nog) niet kundig genoeg om je der verder mee te helpen.
  • ik hab meteen hijack this laten scannen en toen heb ik hem pas in een eigen directory geplaatst dat kan toch ook. :-?
  • hey ik heb zelf eens dat logje bekeken maar volgens mij klopt het ook niet dat bijna alle processen er 2 keer op staan.
  • [quote:dc44698c8c="Shikamaruuu"]ik hab meteen hijack this laten scannen en toen heb ik hem pas in een eigen directory geplaatst dat kan toch ook. :-?[/quote:dc44698c8c]

    Denk dat dat ook wel genoeg is. We horen het vanzelf.
  • Hey,

    Deïnstalleer alvast MEssengerPlus, want deze werd geïnstalleerd "met sponsors". Later zal ik aangeven wanneer je het teruyg ma installeren, maar zorg er dan wel voor dat je "zonder sponsors" kiest bij de installatie.

    Wanneer Messengerplus ge-deïnstalleerd is, open je kladblok en kopieer en plak je het volgende erin:
    [code:1:e471afd129]
    dir %Windir%\tasks /a h > files.txt
    notepad files.txt
    [/code:1:e471afd129]
    Sla dit op als findjob.bat , kies onder opslaan voor alle bestanden en plaats het op je bureaublad.

    Herstart nu je PC.

    Dubbelklik op findjob.bat en post de inhoud van het txtbestandje die je verkrijgt, samen met een nieuw logje van HijackThis

    grtz,

    Beamerke
  • ik heb dat findjob.dat gedaan en msnplus gedeinstaleerd
    hier is het textbestandje van finjob en het nieuwe hijack this logje.

    De volumenaam van station C is BOOT
    Het volumenummer is E80A-E845

    Map van C:\WINDOWS\tasks

    25-03-2005 08:09 <DIR> .
    25-03-2005 08:09 <DIR> ..
    25-03-2005 08:00 286 A897A2C091A85E98.job
    25-03-2005 08:00 284 A9BFBB2591AC3249.job
    25-03-2005 08:00 286 AD01B36C918A274C.job
    25-03-2005 08:00 250 AD9713D39180870B.job
    25-03-2005 08:00 248 AFB317A491CC8B1C.job
    07-09-2001 13:00 65 desktop.ini
    25-03-2005 08:15 6 SA.DAT
    7 bestand(en) 1.425 bytes

    Map van C:\Documents and Settings\Klaas Karregat\Bureaublad



    Logfile of HijackThis v1.99.1
    Scan saved at 8:20:46, on 25-3-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Apache Group\Apache\Apache.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apache Group\Apache\Apache.exe
    C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\mysql\bin\mysqld-nt.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOINTGR.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\desksite\bin\cma.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Windows AdStatus\WinStat.exe
    C:\Program Files\Internet Optimizer\optimize.exe
    C:\Program Files\Save\Save.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows AdStatus\WinStatKeep.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\hijack this\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qeournyhtwagxbqxthsxc.com/nj8iXeTacCQOBtuCGRe18y/WgMUmVvAZV3kGNBttzWxV3AjhrAxGVhlZ9ey8zxvq.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Tiscali
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1BFF3F28-EE61-2BE7-D155-625504AF7B6E} - C:\WINDOWS\System32\hjf.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: greyknob - {80E0F65E-3539-03F6-9D78-1FF5BC7C2FAD} - C:\PROGRA~1\WARNAR~1\Name locks.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32
    vms.dll
    O2 - BHO: (no name) - {CDF84564-6DFA-6729-19D3-DC226CA57238} - C:\DOCUME~1\JEROEN~1\APPLIC~1\WARNAR~1\gramball.exe
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O3 - Toolbar: hope fast mp3 - {FC25F320-E2E1-B500-1B48-D46C9F001C7D} - C:\PROGRA~1\WARNAR~1\Name locks.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
    O4 - HKLM\..\Run: [gznsjejl] C:\WINDOWS\ptmfbb.exe
    O4 - HKLM\..\Run: [ussshreg] C:\PROGRA~1\ULEADS~1.0\Ussshreg.exe

    O4 - HKLM\..\Run: [89272707.exe] C:\WINDOWS\System32\89272707.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [ahfijpo] C:\WINDOWS\System32\strpph.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.nl
    O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.01.0004/OCI/setup.exe
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2000i\AcDcToday.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9A19966F-AE0E-4699-8CCE-9B6F5F1C352C} (NPKXSite Control) - http://211.172.247.223/nprotect/npkx/npkxsite.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
    O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http:/
    unonce.msn.com/setacceptlang.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2000i\AcPreview.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
    O17 - HKLM\Software\..\Telephony: DomainName =
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain =
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
    O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" –ntservice (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe




  • zou iemand mij hier a.u.b. ff mee willen helpen. :wink:
  • Open kladblok en kopieer en plak het volgende erin:
    [code:1:60062f3da1]
    %systemdrive%
    cd C:\WINDOWS\Tasks
    attrib -r -s -h A897A2C091A85E98.job
    del A897A2C091A85E98.job
    attrib -r -s -h A9BFBB2591AC3249.job
    del A9BFBB2591AC3249.job
    attrib -r -s -h AD01B36C918A274C.job
    del AD01B36C918A274C.job
    attrib -r -s -h AD9713D39180870B.job
    del AD9713D39180870B.job
    attrib -r -s -h AFB317A491CC8B1C.job
    del AFB317A491CC8B1C.job

    [/code:1:60062f3da1]

    Sla dit op als remjob.bat , kies onder opslaan voor alle bestanden en plaats het op je bureaublad.

    Dubbelklik op remjob.bat.

    Klik op start=>configuratiescherm=>software
    Kijk of volgende programma's in de lijst staan, en deïnstalleer die dan:

    Windows adstatus
    save of whenUsave
    internet Optimizer

    Open Hijackthis, en vink volgende regels aan:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qeournyhtwagxbqxthsxc.com/nj8iXeTacCQOBtuCGRe18y/WgMUmVvAZV3kGNBttzWxV3AjhrAxGVhlZ9ey8zxvq.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll (file missing)
    O2 - BHO: (no name) - {1BFF3F28-EE61-2BE7-D155-625504AF7B6E} - C:\WINDOWS\System32\hjf.dll (file missing)
    O2 - BHO: greyknob - {80E0F65E-3539-03F6-9D78-1FF5BC7C2FAD} - C:\PROGRA~1\WARNAR~1\Name locks.dll (file missing)
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32
    vms.dll
    O2 - BHO: (no name) - {CDF84564-6DFA-6729-19D3-DC226CA57238} - C:\DOCUME~1\JEROEN~1\APPLIC~1\WARNAR~1\gramball.exe
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O3 - Toolbar: hope fast mp3 - {FC25F320-E2E1-B500-1B48-D46C9F001C7D} - C:\PROGRA~1\WARNAR~1\Name locks.dll (file missing)
    O4 - HKLM\..\Run: [gznsjejl] C:\WINDOWS\ptmfbb.exe
    O4 - HKLM\..\Run: [89272707.exe] C:\WINDOWS\System32\89272707.exe
    O4 - HKLM\..\Run: [ahfijpo] C:\WINDOWS\System32\strpph.exe
    O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
    O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab
    O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab
    O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
    O16 - DPF: {9A19966F-AE0E-4699-8CCE-9B6F5F1C352C} (NPKXSite Control) - http://211.172.247.223/nprotect/npkx/npkxsite.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
    O17 - HKLM\Software\..\Telephony: DomainName =
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain =
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll

    De volgende regels duiden er op dat je geen veranderingen kan doen aan je internetopties. Je kan dit zelf hebben ingesteld (bv via spybot S&D).
    Als dat het geval is, schakel deze restricties dan terug even uit via Spybot S&D. Als je dit zelf niet hebt ingesteld, (of je weet het niet zeker) vink dan de volgende 2 regels ook aan:

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    Sluit alle vensters behalve Hijackthis, en klik op "Fix Checked".

    Zorg dat alle verborgen bestanden weergegeven worden

    Start je pc op in VEILIGE MODUS

    Zoek via verkenner naar volgende mappen/bestanden en verwijder ze handmatig:

    C:\WINDOWS\[b:60062f3da1]ptmfbb.exe[/b:60062f3da1]
    C:\WINDOWS\System32\[b:60062f3da1]89272707.exe[/b:60062f3da1]
    C:\WINDOWS\System32\[b:60062f3da1]strpph.exe[/b:60062f3da1]
    C:\Program Files\[b:60062f3da1]Windows AdStatus[/b:60062f3da1]<==deze map
    C:\Program Files\[b:60062f3da1]Internet Optimizer[/b:60062f3da1]<==deze map
    C:\Program Files\[b:60062f3da1]Save[/b:60062f3da1]<==deze map
    C:\WINDOWS\system32\[b:60062f3da1]btxppanel.dll[/b:60062f3da1]


    Reboot je pc en dubbelklik op findjob.bat en post terug de inhoud van de tekst hier, samen met een nieuw logje van HijackThis.

    grtz,

    Beamerke
  • hey bedankt man en srry van die andere tread.
  • Geen probleem :wink:

    Kan je nog ff een nieuw logje plaatsen ter controle?
  • De volumenaam van station C is BOOT
    Het volumenummer is E80A-E845

    Map van C:\WINDOWS\tasks

    26-03-2005 11:38 <DIR> .
    26-03-2005 11:38 <DIR> ..
    26-03-2005 15:00 284 B5FD7A839142E69B.job
    07-09-2001 13:00 65 desktop.ini
    26-03-2005 14:49 6 SA.DAT
    3 bestand(en) 355 bytes

    Map van C:\Documents and Settings\Klaas Karregat\Bureaublad


    Logfile of HijackThis v1.99.1
    Scan saved at 15:19:25, on 26-3-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Apache Group\Apache\Apache.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\mysql\bin\mysqld-nt.exe
    C:\Program Files\Apache Group\Apache\Apache.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOINTGR.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\desksite\bin\cma.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijack this\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yjkjjzzdvkkkem.com/nj8iXeTacCQOBtuCGRe18y/WgMUmVvAZV3kGNBttzWxNGPlwHEETqBlZ9ey8zxvq.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Tiscali
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1BFF3F28-EE61-2BE7-D155-625504AF7B6E} - C:\WINDOWS\System32\hjf.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {963BB0C2-F024-6371-4FEA-C7C4A870EAF4} - C:\DOCUME~1\KLAASK~1\APPLIC~1\WARNAR~1\gramball.exe
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {CDF84564-6DFA-6729-19D3-DC226CA57238} - C:\DOCUME~1\JEROEN~1\APPLIC~1\WARNAR~1\gramball.exe
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
    O4 - HKLM\..\Run: [ussshreg] C:\PROGRA~1\ULEADS~1.0\Ussshreg.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Skip info axis bike] C:\Documents and Settings\All Users\Application Data\Toolfastskipinfo\option site.exe
    O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [one slow] C:\DOCUME~1\KLAASK~1\APPLIC~1\FLAP64~1\bows bias.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.nl
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.01.0004/OCI/setup.exe
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2000i\AcDcToday.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
    O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http:/
    unonce.msn.com/setacceptlang.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2000i\AcPreview.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
    O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" –ntservice (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe



  • Open kladblok en kopieer en plak het volgende erin:
    [code:1:10f85a3bb2]
    %systemdrive%
    cd C:\WINDOWS\Tasks
    attrib -r -s -h B5FD7A839142E69B.job
    del B5FD7A839142E69B.job
    [/code:1:10f85a3bb2]

    Sla dit op als remjob.bat , kies onder opslaan voor alle bestanden en plaats het op je bureaublad.
    Dubbelklik op remjob.bat.

    Start hijackthis en vink volgende regel aan:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yjkjjzzdvkkkem.com/nj8iXeTacCQOBtuCGRe18y/WgMUmVvAZV3kGNBttzWxNGPlwHEETqBlZ9ey8zxvq.html
    O2 - BHO: (no name) - {1BFF3F28-EE61-2BE7-D155-625504AF7B6E} - C:\WINDOWS\System32\hjf.dll (file missing)
    O2 - BHO: (no name) - {963BB0C2-F024-6371-4FEA-C7C4A870EAF4} - C:\DOCUME~1\KLAASK~1\APPLIC~1\WARNAR~1\gramball.exe
    O2 - BHO: (no name) - {CDF84564-6DFA-6729-19D3-DC226CA57238} - C:\DOCUME~1\JEROEN~1\APPLIC~1\WARNAR~1\gramball.exe
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
    O4 - HKLM\..\Run: [Skip info axis bike] C:\Documents and Settings\All Users\Application Data\Toolfastskipinfo\option site.exe
    O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
    O4 - HKCU\..\Run: [one slow] C:\DOCUME~1\KLAASK~1\APPLIC~1\FLAP64~1\bows bias.exe

    Sluit nu alle vensters behalve hijackthis en klik op 'fix checked'

    Start nu je pc op in [b:10f85a3bb2]VEILIGE MODUS:[/b:10f85a3bb2]
    Start de computer opnieuw.
    Tijdens het opstarten hou je de F8-toets ingedrukt tot het opstartmenu verschijnt.
    In dit menu kies je de optie "Veilige modus".


    [b:10f85a3bb2]Zorg ervoor dat je verborgen mappen en bestanden weergegeven worden:[/b:10f85a3bb2]
    Ga naar Start en klik op Deze computer.
    In de menubalk selecteer je Extra en dan Mapopties.
    Selecteer de tab Weergave.
    Bij Verborgen bestanden en mappen selecteer je Verborgen bestanden en mappen weergeven.
    Bij Bestanden en mappen haal je het vinkje weg bij: Beveiligde besturingssysteembestanden verbergen (aanbevolen).
    Klik op Ja om dit te bevestigen.
    Klik op OK.

    Zoek daarna via verkenner volgende items en verwijder deze manueel:

    C:\Documents and Settings\All Users\Application Data\Toolfastskipinfo<==deze map
    C:\Documents and Settings\All Users\Application Data\FLAP64<= de map die begint met deze letters
    C:\Program Files\Windows AdStatus<==deze map

    Ga daarna naar start => uitvoeren en typ: cleanmgr en klik op ok.

    Laat het je systeem scannen op bestanden die moeten verwijderd worden.

    Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.

    Klik daarna op ok.

    Ga naar start => uitvoeren en typ: %temp% , selecteer heel die inhoud en verwijder het.

    Reboot je pc terug normaal.
    Dubbelklik nog eens op findjob.bat, en plaats het logje dat je dan krijgt, samen met een nieuw logje van HijackThis

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.