Vraag & Antwoord

Beveiliging & privacy

wil iemand hier ff naar kijken

13 antwoorden
  • hey allemaal mijn internet opties werken niet meer en ik ben ingelogd als admin. wil iemand naar dit logje kijken. Logfile of HijackThis v1.99.1 Scan saved at 19:20:52, on 24-3-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Apache Group\Apache\Apache.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\cisvc.exe C:\mysql\bin\mysqld-nt.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Apache Group\Apache\Apache.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOINTGR.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\desksite\bin\cma.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Windows AdStatus\WinStat.exe C:\Program Files\Internet Optimizer\optimize.exe C:\Program Files\Save\Save.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows AdStatus\WinStatKeep.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Klaas Karregat\Local Settings\Temporary Internet Files\Content.IE5\GLQV4TU7\HijackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://voymifexhvremvzri.net/nj8iXeTacCQOBtuCGRe18y/WgMUmVvAZV3kGNBttzWzSJ5XQp6qO7RlZ9ey8zxvq.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bwtnawkdzlfkilbvas.uk/nj8iXeTacCTX8B1fy_A95zAvuz5LomlcLOBleDunAw8.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Tiscali R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1BFF3F28-EE61-2BE7-D155-625504AF7B6E} - C:\WINDOWS\System32\hjf.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: greyknob - {80E0F65E-3539-03F6-9D78-1FF5BC7C2FAD} - C:\PROGRA~1\WARNAR~1\Name locks.dll (file missing) O2 - BHO: (no name) - {963BB0C2-F024-6371-4FEA-C7C4A870EAF4} - C:\DOCUME~1\KLAASK~1\APPLIC~1\WARNAR~1\gramball.exe O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll O2 - BHO: (no name) - {CDF84564-6DFA-6729-19D3-DC226CA57238} - C:\DOCUME~1\JEROEN~1\APPLIC~1\WARNAR~1\gramball.exe O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll O3 - Toolbar: hope fast mp3 - {FC25F320-E2E1-B500-1B48-D46C9F001C7D} - C:\PROGRA~1\WARNAR~1\Name locks.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE O4 - HKLM\..\Run: [gznsjejl] C:\WINDOWS\ptmfbb.exe O4 - HKLM\..\Run: [ussshreg] C:\PROGRA~1\ULEADS~1.0\Ussshreg.exe /r O4 - HKLM\..\Run: [89272707.exe] C:\WINDOWS\System32\89272707.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [ahfijpo] C:\WINDOWS\System32\strpph.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKLM\..\Run: [Skip info axis bike] C:\Documents and Settings\All Users\Application Data\Toolfastskipinfo\more surf.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [one slow] C:\DOCUME~1\KLAASK~1\APPLIC~1\FLAP64~1\bows bias.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.nl O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.01.0004/OCI/setup.exe O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2000i\AcDcToday.ocx O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {9A19966F-AE0E-4699-8CCE-9B6F5F1C352C} (NPKXSite Control) - http://211.172.247.223/nprotect/npkx/npkxsite.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2000i\AcPreview.ocx O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = O17 - HKLM\Software\..\Telephony: DomainName = O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • Verplaats in iedergeval hijackthis naar een eigen directory. B.v. c:\hijackthis. En draai het programma dan nog een keer opnieuw. Hij maakt namelijk een back-up van de gewijzigde bestanden, en deze gaan verloreren in de temp map. Verder zie ik wel al wat troep staan, maar ben (nog) niet kundig genoeg om je der verder mee te helpen.
  • ik hab meteen hijack this laten scannen en toen heb ik hem pas in een eigen directory geplaatst dat kan toch ook. :-?
  • hey ik heb zelf eens dat logje bekeken maar volgens mij klopt het ook niet dat bijna alle processen er 2 keer op staan.
  • [quote:dc44698c8c="Shikamaruuu"]ik hab meteen hijack this laten scannen en toen heb ik hem pas in een eigen directory geplaatst dat kan toch ook. :-?[/quote:dc44698c8c] Denk dat dat ook wel genoeg is. We horen het vanzelf.
  • Hey, Deïnstalleer alvast MEssengerPlus, want deze werd geïnstalleerd "met sponsors". Later zal ik aangeven wanneer je het teruyg ma installeren, maar zorg er dan wel voor dat je "zonder sponsors" kiest bij de installatie. Wanneer Messengerplus ge-deïnstalleerd is, open je kladblok en kopieer en plak je het volgende erin: [code:1:e471afd129] dir %Windir%\tasks /a h > files.txt notepad files.txt [/code:1:e471afd129] Sla dit op als findjob.bat , kies onder opslaan voor alle bestanden en plaats het op je bureaublad. Herstart nu je PC. Dubbelklik op findjob.bat en post de inhoud van het txtbestandje die je verkrijgt, samen met een nieuw logje van HijackThis grtz, Beamerke
  • ik heb dat findjob.dat gedaan en msnplus gedeinstaleerd hier is het textbestandje van finjob en het nieuwe hijack this logje. De volumenaam van station C is BOOT Het volumenummer is E80A-E845 Map van C:\WINDOWS\tasks 25-03-2005 08:09 <DIR> . 25-03-2005 08:09 <DIR> .. 25-03-2005 08:00 286 A897A2C091A85E98.job 25-03-2005 08:00 284 A9BFBB2591AC3249.job 25-03-2005 08:00 286 AD01B36C918A274C.job 25-03-2005 08:00 250 AD9713D39180870B.job 25-03-2005 08:00 248 AFB317A491CC8B1C.job 07-09-2001 13:00 65 desktop.ini 25-03-2005 08:15 6 SA.DAT 7 bestand(en) 1.425 bytes Map van C:\Documents and Settings\Klaas Karregat\Bureaublad Logfile of HijackThis v1.99.1 Scan saved at 8:20:46, on 25-3-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Apache Group\Apache\Apache.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apache Group\Apache\Apache.exe C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\cisvc.exe C:\mysql\bin\mysqld-nt.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOINTGR.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\desksite\bin\cma.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Windows AdStatus\WinStat.exe C:\Program Files\Internet Optimizer\optimize.exe C:\Program Files\Save\Save.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows AdStatus\WinStatKeep.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\hijack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qeournyhtwagxbqxthsxc.com/nj8iXeTacCQOBtuCGRe18y/WgMUmVvAZV3kGNBttzWxV3AjhrAxGVhlZ9ey8zxvq.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Tiscali R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1BFF3F28-EE61-2BE7-D155-625504AF7B6E} - C:\WINDOWS\System32\hjf.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: greyknob - {80E0F65E-3539-03F6-9D78-1FF5BC7C2FAD} - C:\PROGRA~1\WARNAR~1\Name locks.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll O2 - BHO: (no name) - {CDF84564-6DFA-6729-19D3-DC226CA57238} - C:\DOCUME~1\JEROEN~1\APPLIC~1\WARNAR~1\gramball.exe O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll O3 - Toolbar: hope fast mp3 - {FC25F320-E2E1-B500-1B48-D46C9F001C7D} - C:\PROGRA~1\WARNAR~1\Name locks.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE O4 - HKLM\..\Run: [gznsjejl] C:\WINDOWS\ptmfbb.exe O4 - HKLM\..\Run: [ussshreg] C:\PROGRA~1\ULEADS~1.0\Ussshreg.exe /r O4 - HKLM\..\Run: [89272707.exe] C:\WINDOWS\System32\89272707.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [ahfijpo] C:\WINDOWS\System32\strpph.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.nl O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.01.0004/OCI/setup.exe O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2000i\AcDcToday.ocx O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {9A19966F-AE0E-4699-8CCE-9B6F5F1C352C} (NPKXSite Control) - http://211.172.247.223/nprotect/npkx/npkxsite.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2000i\AcPreview.ocx O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = O17 - HKLM\Software\..\Telephony: DomainName = O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • zou iemand mij hier a.u.b. ff mee willen helpen. :wink:
  • Open kladblok en kopieer en plak het volgende erin: [code:1:60062f3da1] %systemdrive% cd C:\WINDOWS\Tasks attrib -r -s -h A897A2C091A85E98.job del A897A2C091A85E98.job attrib -r -s -h A9BFBB2591AC3249.job del A9BFBB2591AC3249.job attrib -r -s -h AD01B36C918A274C.job del AD01B36C918A274C.job attrib -r -s -h AD9713D39180870B.job del AD9713D39180870B.job attrib -r -s -h AFB317A491CC8B1C.job del AFB317A491CC8B1C.job [/code:1:60062f3da1] Sla dit op als remjob.bat , kies onder opslaan voor alle bestanden en plaats het op je bureaublad. Dubbelklik op remjob.bat. Klik op start=>configuratiescherm=>software Kijk of volgende programma's in de lijst staan, en deïnstalleer die dan: Windows adstatus save of whenUsave internet Optimizer Open Hijackthis, en vink volgende regels aan: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qeournyhtwagxbqxthsxc.com/nj8iXeTacCQOBtuCGRe18y/WgMUmVvAZV3kGNBttzWxV3AjhrAxGVhlZ9ey8zxvq.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll (file missing) O2 - BHO: (no name) - {1BFF3F28-EE61-2BE7-D155-625504AF7B6E} - C:\WINDOWS\System32\hjf.dll (file missing) O2 - BHO: greyknob - {80E0F65E-3539-03F6-9D78-1FF5BC7C2FAD} - C:\PROGRA~1\WARNAR~1\Name locks.dll (file missing) O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll O2 - BHO: (no name) - {CDF84564-6DFA-6729-19D3-DC226CA57238} - C:\DOCUME~1\JEROEN~1\APPLIC~1\WARNAR~1\gramball.exe O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll O3 - Toolbar: hope fast mp3 - {FC25F320-E2E1-B500-1B48-D46C9F001C7D} - C:\PROGRA~1\WARNAR~1\Name locks.dll (file missing) O4 - HKLM\..\Run: [gznsjejl] C:\WINDOWS\ptmfbb.exe O4 - HKLM\..\Run: [89272707.exe] C:\WINDOWS\System32\89272707.exe O4 - HKLM\..\Run: [ahfijpo] C:\WINDOWS\System32\strpph.exe O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab O16 - DPF: {9A19966F-AE0E-4699-8CCE-9B6F5F1C352C} (NPKXSite Control) - http://211.172.247.223/nprotect/npkx/npkxsite.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = O17 - HKLM\Software\..\Telephony: DomainName = O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll De volgende regels duiden er op dat je geen veranderingen kan doen aan je internetopties. Je kan dit zelf hebben ingesteld (bv via spybot S&D). Als dat het geval is, schakel deze restricties dan terug even uit via Spybot S&D. Als je dit zelf niet hebt ingesteld, (of je weet het niet zeker) vink dan de volgende 2 regels ook aan: O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Sluit alle vensters behalve Hijackthis, en klik op "Fix Checked". Zorg dat alle [url=http://users.pandora.be/marcvn/spyware/1117602.htm]verborgen bestanden weergegeven worden [/url] Start je pc op in [url=http://users.pandora.be/marcvn/spyware/1378056.htm] VEILIGE MODUS[/url] Zoek via verkenner naar volgende mappen/bestanden en verwijder ze handmatig: C:\WINDOWS\[b:60062f3da1]ptmfbb.exe[/b:60062f3da1] C:\WINDOWS\System32\[b:60062f3da1]89272707.exe[/b:60062f3da1] C:\WINDOWS\System32\[b:60062f3da1]strpph.exe[/b:60062f3da1] C:\Program Files\[b:60062f3da1]Windows AdStatus[/b:60062f3da1]<==deze map C:\Program Files\[b:60062f3da1]Internet Optimizer[/b:60062f3da1]<==deze map C:\Program Files\[b:60062f3da1]Save[/b:60062f3da1]<==deze map C:\WINDOWS\system32\[b:60062f3da1]btxppanel.dll[/b:60062f3da1] Reboot je pc en dubbelklik op findjob.bat en post terug de inhoud van de tekst hier, samen met een nieuw logje van HijackThis. grtz, Beamerke
  • hey bedankt man en srry van die andere tread.
  • Geen probleem :wink: Kan je nog ff een nieuw logje plaatsen ter controle?
  • De volumenaam van station C is BOOT Het volumenummer is E80A-E845 Map van C:\WINDOWS\tasks 26-03-2005 11:38 <DIR> . 26-03-2005 11:38 <DIR> .. 26-03-2005 15:00 284 B5FD7A839142E69B.job 07-09-2001 13:00 65 desktop.ini 26-03-2005 14:49 6 SA.DAT 3 bestand(en) 355 bytes Map van C:\Documents and Settings\Klaas Karregat\Bureaublad Logfile of HijackThis v1.99.1 Scan saved at 15:19:25, on 26-3-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Apache Group\Apache\Apache.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\cisvc.exe C:\mysql\bin\mysqld-nt.exe C:\Program Files\Apache Group\Apache\Apache.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOINTGR.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\desksite\bin\cma.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\hijack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yjkjjzzdvkkkem.com/nj8iXeTacCQOBtuCGRe18y/WgMUmVvAZV3kGNBttzWxNGPlwHEETqBlZ9ey8zxvq.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Tiscali R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1BFF3F28-EE61-2BE7-D155-625504AF7B6E} - C:\WINDOWS\System32\hjf.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {963BB0C2-F024-6371-4FEA-C7C4A870EAF4} - C:\DOCUME~1\KLAASK~1\APPLIC~1\WARNAR~1\gramball.exe O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {CDF84564-6DFA-6729-19D3-DC226CA57238} - C:\DOCUME~1\JEROEN~1\APPLIC~1\WARNAR~1\gramball.exe O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE O4 - HKLM\..\Run: [ussshreg] C:\PROGRA~1\ULEADS~1.0\Ussshreg.exe /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Skip info axis bike] C:\Documents and Settings\All Users\Application Data\Toolfastskipinfo\option site.exe O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [one slow] C:\DOCUME~1\KLAASK~1\APPLIC~1\FLAP64~1\bows bias.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.nl O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.01.0004/OCI/setup.exe O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2000i\AcDcToday.ocx O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2000i\AcPreview.ocx O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • Open kladblok en kopieer en plak het volgende erin: [code:1:10f85a3bb2] %systemdrive% cd C:\WINDOWS\Tasks attrib -r -s -h B5FD7A839142E69B.job del B5FD7A839142E69B.job [/code:1:10f85a3bb2] Sla dit op als remjob.bat , kies onder opslaan voor alle bestanden en plaats het op je bureaublad. Dubbelklik op remjob.bat. Start hijackthis en vink volgende regel aan: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yjkjjzzdvkkkem.com/nj8iXeTacCQOBtuCGRe18y/WgMUmVvAZV3kGNBttzWxNGPlwHEETqBlZ9ey8zxvq.html O2 - BHO: (no name) - {1BFF3F28-EE61-2BE7-D155-625504AF7B6E} - C:\WINDOWS\System32\hjf.dll (file missing) O2 - BHO: (no name) - {963BB0C2-F024-6371-4FEA-C7C4A870EAF4} - C:\DOCUME~1\KLAASK~1\APPLIC~1\WARNAR~1\gramball.exe O2 - BHO: (no name) - {CDF84564-6DFA-6729-19D3-DC226CA57238} - C:\DOCUME~1\JEROEN~1\APPLIC~1\WARNAR~1\gramball.exe O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll O4 - HKLM\..\Run: [Skip info axis bike] C:\Documents and Settings\All Users\Application Data\Toolfastskipinfo\option site.exe O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe O4 - HKCU\..\Run: [one slow] C:\DOCUME~1\KLAASK~1\APPLIC~1\FLAP64~1\bows bias.exe Sluit nu alle vensters behalve hijackthis en klik op 'fix checked' Start nu je pc op in [b:10f85a3bb2]VEILIGE MODUS:[/b:10f85a3bb2] Start de computer opnieuw. Tijdens het opstarten hou je de F8-toets ingedrukt tot het opstartmenu verschijnt. In dit menu kies je de optie "Veilige modus". [b:10f85a3bb2]Zorg ervoor dat je verborgen mappen en bestanden weergegeven worden:[/b:10f85a3bb2] Ga naar Start en klik op Deze computer. In de menubalk selecteer je Extra en dan Mapopties. Selecteer de tab Weergave. Bij Verborgen bestanden en mappen selecteer je Verborgen bestanden en mappen weergeven. Bij Bestanden en mappen haal je het vinkje weg bij: Beveiligde besturingssysteembestanden verbergen (aanbevolen). Klik op Ja om dit te bevestigen. Klik op OK. Zoek daarna via verkenner volgende items en verwijder deze manueel: C:\Documents and Settings\All Users\Application Data\Toolfastskipinfo<==deze map C:\Documents and Settings\All Users\Application Data\FLAP64<= de map die begint met deze letters C:\Program Files\Windows AdStatus<==deze map Ga daarna naar start => uitvoeren en typ: cleanmgr en klik op ok. Laat het je systeem scannen op bestanden die moeten verwijderd worden. Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt. Klik daarna op ok. Ga naar start => uitvoeren en typ: %temp% , selecteer heel die inhoud en verwijder het. Reboot je pc terug normaal. Dubbelklik nog eens op findjob.bat, en plaats het logje dat je dan krijgt, samen met een nieuw logje van HijackThis

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.