Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hijackthis.log

Anoniem
None
20 antwoorden
  • Heb weer last van ongewenste opstartpagina's met zoekprogramma's, wie wil hier naar kijken?


    Logfile of HijackThis v1.97.7
    Scan saved at 13:26:59, on 6-8-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
    C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\Program Files\Microsoft Works\WksSb.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Documents and Settings\All Users\Documenten\spyware\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {F5B723EC-28F6-4AD0-B5A1-C20C313BE133} - C:\WINDOWS\System32\pmkh.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [nstat] C:\WINDOWS
    etstat.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
    O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Real.com (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
    O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://c:
    osuch.mht!http://clubonly18.com/k4/iehelp.chm::/on-line.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38202.5647800926
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

  • Hijackthis versie is niet de meest recente.
    Deze wèl: http://computercops.biz/downloads-file-328.html
  • Maak meteen even een logje met appinit, zit about:blank in zo te zien.
    download appinit.zip en unzip hem op je bureaublad, run appinit .bat, er flitst een dosbox voorbij en windows.txt word aangemaakt, post die samen met een nieuwe log van de nieuwe hijackthis zoals Rieske al zei in je volgende post.
  • Neem 'm maar over Pcguy. :roll:
  • Sorry hoor, probeer alleen maar te helpen, sorry als dat niet mocht. :wink:
  • @topicstarter:
    Doe het volgende aub.

    * Ga naar Start - Uitvoeren. Kopieer en plak onderstaande bij openen:

    regedit /e c:\txtprtcl.txt "HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain"

    Klik op OK.
    Er wordt nu een bestandje aangemaakt dat txtprtcl.txt noemt en dit bevindt zich op de c-schijf nl.: c:\txtprtcl.txt
    Wordt dit bestandje niet aangemaakt, dan zou het moeten volstaan om de onderstaande regels met HijackThis te fixen.

  • cwsuni.exe is niet meer te vinden op het web. Link werkt niet meer en google geeft geen nieuwe opties. En nu?
  • FF balen en op zoek naar een mirror…mocht iemand hier 'm hebben, wil ik 'm wel hosten.
  • Andere route dan maar…
    Post eerst een Hijackthis log met de nieuwste versie.
    http://computercops.biz/downloads-file-328.html
  • hier
    Gisteren vernomen dat cwsuni.exe offline was.
  • Toch de cwsuni route dan maar?
  • Ja die route aanhouden.
    Is het beste.
  • Post ook maar even de uitkomst van appinit.bat.
    Het is me voorlopig niet echt duidelijk welke variant van about:blank dit is.
    Best terugmelden met een nieuwe log van de nieuwste versie van HijackThis.
  • appinat.bat geeft een zeer vreemd bestand als windows.txt, vol rare tekens. Klopt dat wel? Hieornder een nieuwe HT-log.

    Logfile of HijackThis v1.98.1
    Scan saved at 0:38:14, on 7-8-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
    C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\Program Files\Microsoft Works\WksSb.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\All Users\Documenten\spyware\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {F5B723EC-28F6-4AD0-B5A1-C20C313BE133} - C:\WINDOWS\System32\pmkh.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [nstat] C:\WINDOWS
    etstat.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
    O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
    O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://c:
    osuch.mht!http://clubonly18.com/k4/iehelp.chm::/on-line.exe
    O18 - Filter: text/html - {5E0DB478-82F9-46B1-ABF6-2A902470B9D9} - C:\WINDOWS\System32\pmkh.dll
    O18 - Filter: text/plain - {5E0DB478-82F9-46B1-ABF6-2A902470B9D9} - C:\WINDOWS\System32\pmkh.dll

  • Wat appinit doet dat klopt, post nou maar gewoon hier oke?
  • Heb je hier nu echt iets aan? Ik word er geen wijs uit…. Ik wacht af….


    regf       ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ™¨¬ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ™¨¬ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ÿÿÿ ¯Š˜f hbin    ¨ÿÿÿnk, ¨Áÿº/,Ä ÿÿÿÿ ÿÿÿÿÿÿÿÿ ø x ÿÿÿÿ 0  ‹ WindowsÅÈþÿÿsk x x    ”     ì
         !
     €  !      #
     €  #  ?    
         ?   
        ?    
            <
    .Øÿÿÿvk  €   fùAppInit_DLLs֍æG ° Ðÿÿÿvk     ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5  _£ûóðÿÿÿ9 0   Ðÿÿÿvk  €'   zGDIProcessHandleQuota"þàÿÿÿvk  €   °ºSpooler2ðÿÿÿy e s Áéó ° à 0 ` ¨ àÿÿÿvk  €   =pswapdiskÐÿÿÿvk     R¿TransmissionRetryTimeoutàÿÿÿ° à 0 ` ¨ È  Ðÿÿÿvk  €'   USERProcessHandleQuotadè¸ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ£Q'ÿE$ çA# v ¸Žwÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ£Q'ÿE$ çA# v ¸Žwÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ£Q'ÿE$ çA# v ¸Žwÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ£Q'ÿE$ çA# v ¸Žwÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ£Q'ÿE$ çA# v ¸Žwÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ£Q'ÿE$ çA# v ¸Žwÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ£Q'ÿE$ çA# v ¸Žwÿ ÿ ÿ ÿHHHÿÿÿÿÿÿÿÿÿÿÿÿÿHHHÿ ÿ ÿÿÿÿÿ ÿ ÿ ÿÿÿÿÿ ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ ÿ ÿ ÿ ÿ£Q'ÿE$ çA# v ¸Žwÿ ÿ ÿ ÿÿÿÿÿHHHÿ ÿHHHÿÿÿÿÿ ÿ ÿ ÿ ÿ ÿHHHÿÿÿÿÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ£Q'ÿE$ çA# v ¸Žwÿ ÿ ÿ ÿÿÿÿÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿÿÿÿÿHHHÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ£Q'ÿE$ çA# v ¸Žwÿ ÿ ÿ ÿÿÿÿÿ ÿ ÿ ÿ ÿ ÿ ÿÿÿÿÿ ÿHHHÿÿÿÿÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ£Q'ÿE$ çA# v ¸Žwÿ ÿ ÿ ÿÿÿÿÿHHHÿ ÿHHHÿÿÿÿÿ ÿ ÿ ÿ ÿÿÿÿÿHHHÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ£Q'ÿE$ çA# v ¸Žwÿ ÿ ÿ ÿHHHÿÿÿÿÿÿÿÿÿÿÿÿÿHHHÿ ÿ ÿ ÿ ÿÿÿÿÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ£Q'ÿE$ çA# v ¸Žwÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ£Q'ÿE$ çA# v ¸Žwÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ£Q'ÿE$ çA# v ¸Žwÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ£Q'ÿE$ çA# v ¸Žwÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ ÿ£Q'ÿE$ çA# v ÒŠ;ÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿêÀwÿ¦JÿE$ æA$ t Òl ÿá{ ÿá{ ÿá{ ÿá{ ÿá{ ÿá{ ÿá{ ÿá{ ÿá{ ÿá{ ÿá{ ÿá{ ÿá{ ÿá{ ÿá{ ÿá{ ÿá{ ÿá{ ÿä‚ ÿüÀÿîž?ÿå†ÿüÀÿîž?ÿ®yMÿSsÔÿšwjÿ¥? ÿE% áB#n µc'ÿÍg ÿÍg ÿÍg ÿÍg ÿÍg ÿÍg ÿÍg ÿÍg ÿÍg ÿÍg ÿÍg ÿÍg ÿÍg ÿÍg ÿÍg ÿÍg ÿÍg ÿÍg ÿÑo ÿö»ÿâ‘?ÿÔuÿö»ÿâ‘?ÿžiMÿMmÔÿ¯h1ÿš4 ÿH&Ó@! = ›;þµ`'ÿݐLÿݐLÿݐLÿݐLÿݐLÿݐLÿݐLÿݐLÿݐLÿݐLÿݐLÿݐLÿݐLÿݐLÿݐLÿݐLÿݐLÿݐLÿݐLÿݐLÿݐLÿݐLÿݐLÿݐLÿÖ•Zÿ²h9ÿ¨X.ÿI(g>"  g:9l; ¨P!ñO!òO!òO!òO!òO!òO!òO!òO!òO!òO!òO!òO!òO!òO!òO!òO!òO!òO!òO!òO!òO!òO!òO!òO!òi:¯]3MA!@ 
    9 UU  
  • Mena jij heb geen verborgen installer, dus als het goed is dan is het txt bestandje wat je van Rieske moest aanmaken ook niet gebeurt.
    Dus start HijackThis en verwijder:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    O2 - BHO: (no name) - {F5B723EC-28F6-4AD0-B5A1-C20C313BE133} - C:\WINDOWS\System32\pmkh.dll

    O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://c:
    osuch.mht!http://clubonly18.com/k4/iehelp.chm::/on-line.exe

    O18 - Filter: text/html - {5E0DB478-82F9-46B1-ABF6-2A902470B9D9} - C:\WINDOWS\System32\pmkh.dll

    O18 - Filter: text/plain - {5E0DB478-82F9-46B1-ABF6-2A902470B9D9} - C:\WINDOWS\System32\pmkh.dll

    Herstart je computer in veilige modus en kijk of dit bestand nog aanwezig is:
    C:\WINDOWS\System32\pmkh.dll <= dit bestand

    Zoja verwijderen.
    Zorg wel dat je verborgen bestanden weergeven aan heb staan.
    Herstart en plaats een nieuw Hijacklog
  • Logfile of HijackThis v1.98.1
    Scan saved at 22:28:47, on 9-8-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
    C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Documents and Settings\All Users\Documenten\spyware\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [nstat] C:\WINDOWS
    etstat.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
  • Hallo MENA,

    Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
    [b:56f2f1ea27]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\maike\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    O4 - HKLM\..\Run: [nstat] C:\WINDOWS
    etstat.exe

    [/b:56f2f1ea27]

    C:\WINDOWS
    etstat.exe <— dit bestand laat je scannen op http://www.kaspersky.com
    emoteviruschk.html

    Meldt even het resultaat van die scan. Indien het een virus blijkt te zijn (wat ik vermoed) verwijder je het in veilige modus.
    (Let wel op: de legale netstat.exe zit c:\windows\system32\)

    Reboot, run hijackthis opnieuw en post een nieuwe log.

    groeten,
    Marc


  • Hij is niet weg; post nog ff een log met de nieuwste hjt versie.
    http://computercops.biz/downloads-file-328.html

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.