Kan iemand hier ff naar kijken en adviseren en beter nog hoe voorkom ik een volgende keer. Hier kom mijn log: C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\hfp.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE G:\programma's\crack\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {50CD2587-904A-40A0-8AC1-0BC082FDE876} - C:\WINDOWS\System32\illahb.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research (HKLM) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38151.1416550926 O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download

Vraag & Antwoord

13 antwoorden

Kan iemand hier ff naar kijken en adviseren en beter nog hoe voorkom ik een volgende keer.
Hier kom mijn log:

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hfp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
G:\programma's\crack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {50CD2587-904A-40A0-8AC1-0BC082FDE876} - C:\WINDOWS\System32\illahb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38151.1416550926
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download

Anoniem 28 juni 2004 22:36

Hallo Obi_one,

Download Ad-aware. Zorg dat het programma volledig geupdate is. Instructies over gebruik en instellingen vind je hier of in de spywarefaq. Start Ad-aware nog niet.

Download en installeer APM from: http://www.diamondcs.com.au/index.php?page=apm

Sluit alle open vensters behalve dat van HijackThis.
[b:44892fc599]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {50CD2587-904A-40A0-8AC1-0BC082FDE876} - C:\WINDOWS\System32\illahb.dll[/b:44892fc599]

Start het programma APM.
In het bovenste venster selecteer je explorer.exe
In het onderste venster zoek je C:\WINDOWS\System32\illahb.dll.
Rechtsklik op deze DLL en kies voor Unload.
Klik op OK.

Reboot en scan vervolgens met Ad-aware.

Reboot de computer. Download dit bestandje. Unzip het op je buroblad. Dubbelklik op appinit.bat. Er verschijnt een 'dos' box en dan wordt er een bestand aangemaakt dat windows.txt noemt. Open dit bestand, en plak de inhoud in je volgende post.

Run HijackThis nog een keer en post een nieuwe HijackThislog.

groeten,
Marc

Anoniem 29 juni 2004 15:22

regf Pugf hbin ¨ÿÿÿnk, ºúyÕ[Ä ÿÿÿÿ ÿÿÿÿÿÿÿÿ 8 x ÿÿÿÿ 0 : \ò WindowsÌÈþÿÿsk x x ” ì
!
€ ! #
€ # ?
?
?
Øÿÿÿvk : Ø fùAppInit_DLLsÖæGÀÿÿÿC : \ W I N D O W S \ S y s t e m 3 2 \ d 3 d o . d l l ˜ ° Ðÿÿÿvk P ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5 _£ûóðÿÿÿ3 0 0 Ðÿÿÿvk €' zGDIProcessHandleQuota"þàÿÿÿvk À °ºSpooler2ðÿÿÿy e s ¬u ° p è àÿÿÿvk € =pswapdiskÐÿÿÿvk ` R¿TransmissionRetryTimeoutàÿÿÿ° p è X Ðÿÿÿvk €' JUSERProcessHandleQuotaô¨x Is dit wel ok?
Hier meteen een nieuwe Hijack log.

Logfile of HijackThis v1.97.7
Scan saved at 17:33:18, on 29-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hfp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\SYSTEM32\dllcache\notepad.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
G:\programma's\crack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\D6844~1.SME\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {978476AB-36BF-4E9C-B675-4981AC5AC0D0} - C:\WINDOWS\System32\idikmna.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38151.1416550926
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Anoniem 29 juni 2004 16:33

Hallo Obi_one,

De hijacker maakt gebruik van de verborgen installer.
We gaan dit proberen:

Download CWShredder.
Nog niet gebruiken.

Dowload Sphjfix.
Unzip het programma en start het.

Na een automatische reboot run je CWShredder.
Reboot de computer.

Run HijackThis en post een nieuwe log.

Anoniem 29 juni 2004 16:41

Logfile of HijackThis v1.97.7
Scan saved at 21:49:31, on 29-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hfp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
G:\programma's\crack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38151.1416550926
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Hoop dat het nu weg is anders geef ik hem format c

Anoniem 29 juni 2004 20:50

Hij is weg, dus een format c: is niet nodig.

Anoniem 29 juni 2004 20:58

[quote:107d8a8113="De huismeester"]Hij is weg, dus een format c: is niet nodig.[/quote:107d8a8113]
Toch even checken naar die verborgen installer..
De hijacker kan terugkomen als deze niet weg is.

Sla appinit.bat even op in een nieuwe map, start het en post er een nieuw logje van.

Anoniem 29 juni 2004 21:03

regf Pugf hbin ÿÿÿnk, ¶ƒS÷]Ä ÿÿÿÿ ÿÿÿÿÿÿÿÿ € ÿÿÿÿ 0 : \ò Windows_HijackedÈþÿÿsk € € ” ì
!
€ ! #
€ # ?
?
?
Øÿÿÿvk € fùAppInit_DLLsÖæG ¸ Ðÿÿÿvk ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5 _£ûóðÿÿÿ3 0 0 Ðÿÿÿvk €' zGDIProcessHandleQuota"þàÿÿÿvk ˆ °ºSpooler2ðÿÿÿy e s ¬u ¸ è 8 h ° àÿÿÿvk € =pswapdiskÐÿÿÿvk ( R¿TransmissionRetryTimeoutàÿÿÿ¸ è 8 h ° Ð Ðÿÿÿvk €' JUSERProcessHandleQuotaô¨° Helemaal weg of toch nog wat achtergebleven?
Hoe voorkom je dat die spyware op je pc komt?
In elk geval hartelijk dank voor de hulp!!!

Anoniem 1 juli 2004 15:00

kijk hier maar eens, hier staat vanalles over preventie

Anoniem 1 juli 2004 15:09

Hallo Obi_one,

[img:59f10ce3f2]http://users.pandora.be/marcvn/Iconen/icon_thumb.gif[/img:59f10ce3f2]
Ook dat logje is clean.
Hou het zo.

groeten,
Marc

Anoniem 1 juli 2004 16:43

M@rc erg bedankt!

Anoniem 1 juli 2004 17:36

Graag gedaan.

Anoniem 1 juli 2004 17:44

even een offtopic vraagje: waarom vind je jezelf een sukkel dat je een hjt log hier post? is toch niks mis mee? (en misschien voelen sommige andere zich een beetje beledigt ook nog)

Anoniem 1 juli 2004 17:45

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Vraag & Antwoord

Weer zo'n sukkel met een Hijack log :(

Beantwoord deze vraag

Gerelateerde vragen

Inloggen

Registreren

We hebben je een e-mail gestuurd!

Oops… er ging wat mis.

Hoera, je account is nu geactiveerd!

Dit token is niet meer valide.

Wachtwoord vergeten?

Je aanvraag is verstuurd

Wachtwoord herstellen

Wachtwoord herstellen

Dit token is niet meer valide.

Bedankt!

Je vraag is geplaatst!

Je antwoord is geplaatst!

Bevestigingsmail verstuurd!

Cookies op Reshift websites

Wij maken gebruik van cookies, en dit doen we:

Waarom moet je eigenlijk akkoord gaan met cookies?

Geen cookie ondersteuning