Vraag & Antwoord

Beveiliging & privacy

hijackthis log - virus(sen) & spyware

Anoniem
=Rieske=
9 antwoorden
 • Gegroet,

  ik heb problemen met een laptop; een hardnekkige startpagina komt steeds weer terug en op bepaalde momenten komt er een overvloed van pop-ups binnen. Soms weigert het internet zelfs dienst.

  [i:e1b737a12c]Ad-aware[/i:e1b737a12c] en [i:e1b737a12c]spybot[/i:e1b737a12c] leverden al veel op. Vervolgens wou ik [b:e1b737a12c]hijackthis[/b:e1b737a12c] (nieuwste versie gedownload) gebruiken en daar ging iets mis. Telkens ik na een scan de hj-log wou saven, kwam de virusscanner [i:e1b737a12c](mcaffee)[/i:e1b737a12c] tussenbeide want die zag er een trojan in. Omdat ik de log echt nodig had, heb ik de virusscanner even af gezet en zo de log opgeslagen. De log versturen met hotmail lukte ook niet omdat hotmail ook aangaf dat het bestand een virus betrof. Ik heb dan maar een simpele copy-paste uitgevoerd (ben ik heel laat opgekomen :oops: ). Vanaf het moment ik de virusscanner terug had opgezet verwijderde deze onmiddellijk de log.

  Ik heb tenslotte ook nog een online virusscan (bitdefender) gedaan en die heeft heel veel geïnfecteerde bestanden gevonden. Na heropstarting laptop, bleven alle problemen evenwel aan de orde.


  [b:e1b737a12c]Logfile of HijackThis v1.98.2[/b:e1b737a12c]
  Scan saved at 22:46:55, on 2/09/2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\Program Files\European Commission\Connection Client\cvpnd.exe
  C:\LDClient\LOCALSCH.EXE
  C:\WINDOWS\system32\cba\pds.exe
  C:\LDClient\QIPCLNT.EXE
  C:\LDClient\tmcsvc.exe
  C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
  C:\Program Files\Network Associates\VirusScan\Mcshield.exe
  C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
  C:\WINDOWS\System32\oodag.exe
  C:\WINDOWS\system32\scagent.exe
  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\LDClient\wuser32.exe
  C:\WINDOWS\system32\cba\xfr.exe
  C:\WINDOWS\System32\MsgSys.EXE
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\inetdata\services.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\Program Files\Apoint2K\Apoint.exe
  C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
  C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe
  C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe
  C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
  C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
  C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
  C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
  C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\Program Files\Winad Client\Winad.exe
  C:\temp\msbb.exe
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\Program Files\Winad Client\WinClt.exe
  C:\WINDOWS\System32\windllsys32.exe
  C:\Program Files\Apoint2K\Apntex.exe
  C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
  C:\Program Files\Web_Rebates\WebRebates1.exe
  C:\Program Files\Web_Rebates\WebRebates0.exe
  C:\Documents and Settings\laptop\Desktop\Spyware Removals\HijackThis.exe
  R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchtraffic.com/search.php3?l=protect1&term=
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchtraffic.com/search.php3?l=protect1&term=
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchtraffic.com/search.php3?l=protect1&term=
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.0websearch.com/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchtraffic.com/search.php3?l=protect1&term=
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchtraffic.com/search.php3?l=protect1&term=
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cc.cec/
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.cec.eu.int:82/proxy.pac
  R3 - Default URLSearchHook is missing
  F3 - REG:win.ini: run=C:\WINDOWS\inetdata\services.exe
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
  O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
  O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
  O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
  O4 - HKLM\..\Run: [TPWRSAVE] C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe -S
  O4 - HKLM\..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -S
  O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
  O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
  O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
  O4 - HKLM\..\Run: [mfldr32] C:\WINDOWS\DIaPPS\mfldr32.exe
  O4 - HKLM\..\Run: [IntelAPMClient] C:\LDClient\amclient.exe /apm /s
  O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
  O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
  O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
  O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
  O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
  O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
  O4 - HKCU\..\Run: [windllsys32.exe] C:\WINDOWS\System32\windllsys32.exe
  O4 - Global Startup: European Commission Connection Client.lnk = C:\Program Files\European Commission\Connection Client\ipsecdialer.exe
  O4 - Global Startup: Inventory Scan.LNK = C:\LDClient\LDISCN32.EXE
  O4 - Global Startup: Task Completion.LNK = C:\LDClient\AMCLIENT.EXE
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
  O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
  O14 - IERESET.INF: START_PAGE_URL=http://www.cc.cec/
  O15 - Trusted Zone: www.mt-download.com
  O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://81.211.105.37/587/online.chm::/on-line.exe
  O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=5a03172489a868fe36bc3ab2a0b0164a4646af923e691cf6723a792c2af6cc2dc638d0410eec54c47edc7bcf62441c97cdf95f7769b5bb5ac7:42bd451aab2c9f75cc072dc6dba18141
  O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab
  O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
  O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
  O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = net1.cec.eu.int
  O17 - HKLM\Software\..\Telephony: DomainName = net1.cec.eu.int
  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = net1.cec.eu.int
  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = net1.cec.eu.int
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = net1.cec.eu.int
  O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - C:\WINDOWS\digfilt.dll


  Alvast bedankt voor de hulp,

  Guft.
 • Ga er naar kijken.
  Kun je iets meer uitleg geven over hoe deze machine draait. Bv in een bedrijfsnetwerk of iets dergelijks? Verder wil ik weten of er sprake is van een remote client in deze.
 • De laptop is van een vriend van me en staat daar gewoon thuis. Ik geloof wel dat het een laptop is die de vader gebruikt voor z'n werk (europese commissie) en dat de laptop eveneens afkomstig is van z'n werk.

  Geen idee wat een remote client is, als je me dit in lekentaal (ben geen pc-kenner) kan uitleggen kan ik het op mijn manier aan m'n vriend vragen.

  Alvast bedankt voor de moeite die je wil ondernemen,

  Guft.
 • Tricky om te gaan cleanen, want een behoorlijk belangrijk notebook blijkbaar.
  Op het notebook draait een VPN client waardoor diverse zaken vanaf een serverachtige bijgewerkt kunnen worden. Moeilijk te bepalen dus wat wel of niet verwijderd kan worden en waar de rotzooi vandaan komt.

  Later deze middag ga ik proberen op een zo veilig mogelijke wijze te cleanen. Vergt ff wat tijd.
 • Sluit alle browservensters en fix onderstaande items.
  [code:1:b252953383]R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchtraffic.com/search.php3?l=protect1&term=
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchtraffic.com/search.php3?l=protect1&term=
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchtraffic.com/search.php3?l=protect1&term=
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.0websearch.com/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchtraffic.com/search.php3?l=protect1&term=
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchtraffic.com/search.php3?l=protect1&term=
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
  R3 - Default URLSearchHook is missing
  F3 - REG:win.ini: run=C:\WINDOWS\inetdata\services.exe
  O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
  O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
  O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
  O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
  O4 - HKLM\..\Run: [mfldr32] C:\WINDOWS\DIaPPS\mfldr32.exe
  O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
  O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
  O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
  O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
  O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
  O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
  O4 - HKCU\..\Run: [windllsys32.exe] C:\WINDOWS\System32\windllsys32.exe
  O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  O14 - IERESET.INF: START_PAGE_URL=http://www.cc.cec/
  O15 - Trusted Zone: www.mt-download.com
  O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://81.211.105.37/587/online.chm::/on-line.exe
  O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=5a03172489a868fe36bc3ab2a0b0164a4646af923e691cf6723a792c2af6cc2dc638d0410eec54c47edc7bcf62441c97cdf95f7769b5bb5ac7:42bd451aab2c9f75cc072dc6dba18141
  O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab
  O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
  O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
  O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - C:\WINDOWS\digfilt.dll[/code:1:b252953383]

  Reboot naar veilige modus en verwijder onderstaande bestanden.
  [code:1:b252953383]C:\WINDOWS\system32\scagent.exe
  C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
  C:\Program Files\Winad Client\Winad.exe
  C:\temp\msbb.exe
  C:\Program Files\Winad Client\WinClt.exe
  C:\WINDOWS\System32\windllsys32.exe
  C:\Program Files\Web_Rebates\WebRebates1.exe
  C:\Program Files\Web_Rebates\WebRebates0.exe
  C:\WINDOWS\inetdata\services.exe
  C:\WINDOWS\System32\nvms.dll
  C:\WINDOWS\System32\mscb.dll
  C:\WINDOWS\System32\msbe.dll
  C:\WINDOWS\DIaPPS\mfldr32.exe
  C:\WINDOWS\digfilt.dll[/code:1:b252953383]

  Draai vervolgens (nog steeds in veilige modus) geupdate versies van AdAware en Spybot en laat gevonden zut fixen.

  Boot terug naar winmode en post een nieuwe log aub.
 • Eerst en vooral, sorry voor deze laattijdige reactie (ik kon plots op reis gaan en heb deze kans dan ook niet laten ontglippen).

  Ik heb de instructies uitgevoerd en even nadien leek alles in orde.

  Nu, een week later blijkt de hardnekkige startpagina echter terug. Ook de printer doet het niet, kan dit ook aan spyware liggen?

  Hier een nieuwe log,

  [b:95090e5d46]Logfile of HijackThis v1.98.2[/b:95090e5d46]
  Scan saved at 20:46:17, on 7/09/2004

  Platform: Windows XP SP1 (WinNT 5.01.2600)

  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)  Running processes:

  C:\WINDOWS\System32\smss.exe

  C:\WINDOWS\system32\winlogon.exe

  C:\WINDOWS\system32\services.exe

  C:\WINDOWS\system32\lsass.exe

  C:\WINDOWS\system32\svchost.exe

  C:\WINDOWS\System32\svchost.exe

  C:\WINDOWS\system32\spoolsv.exe

  C:\WINDOWS\System32\Ati2evxx.exe

  C:\Program Files\European Commission\Connection Client\cvpnd.exe

  C:\LDClient\LOCALSCH.EXE

  C:\WINDOWS\system32\cba\pds.exe

  C:\LDClient\QIPCLNT.EXE

  C:\LDClient\tmcsvc.exe

  C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

  C:\Program Files\Network Associates\VirusScan\Mcshield.exe

  C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

  C:\WINDOWS\System32\oodag.exe

  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

  C:\WINDOWS\System32\svchost.exe

  C:\WINDOWS\system32\ZoneLabs\vsmon.exe

  C:\LDClient\wuser32.exe

  C:\WINDOWS\system32\cba\xfr.exe

  C:\WINDOWS\system32\MsgSys.EXE

  C:\WINDOWS\Explorer.EXE

  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

  C:\Program Files\Apoint2K\Apoint.exe

  C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

  C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe

  C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe

  C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe

  C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

  C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

  C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

  C:\Program Files\QuickTime\qttask.exe

  C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

  C:\Program Files\MSN Messenger\MsnMsgr.Exe

  C:\Program Files\Apoint2K\Apntex.exe

  C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

  C:\WINDOWS\System32\ctfmon.exe

  C:\WINDOWS\inetdata\services.exe

  C:\WINDOWS\System32\dllcache\IExplore.exe

  C:\WINDOWS\System32\dllcache\IExplore.exe

  C:\Documents and Settings\laptop\Desktop\Spyware Removals\HijackThis.exe  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.0websearch.com/

  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cc.cec/

  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.cec.eu.int:82/proxy.pac

  F3 - REG:win.ini: run=C:\WINDOWS\inetdata\services.exe

  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

  O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

  O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

  O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

  O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

  O4 - HKLM\..\Run: [TPWRSAVE] C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe -S

  O4 - HKLM\..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -S

  O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe

  O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

  O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"

  O4 - HKLM\..\Run: [IntelAPMClient] C:\LDClient\amclient.exe /apm /s

  O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

  O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

  O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe

  O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

  O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe

  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

  O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe

  O4 - Global Startup: European Commission Connection Client.lnk = C:\Program Files\European Commission\Connection Client\ipsecdialer.exe

  O4 - Global Startup: Inventory Scan.LNK = C:\LDClient\LDISCN32.EXE

  O4 - Global Startup: Task Completion.LNK = C:\LDClient\AMCLIENT.EXE

  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

  O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

  O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

  O15 - Trusted Zone: www.mt-download.com

  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

  O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = net1.cec.eu.int

  O17 - HKLM\Software\..\Telephony: DomainName = net1.cec.eu.int

  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = net1.cec.eu.int

  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = net1.cec.eu.int

  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = net1.cec.eu.int

  Alvast bedankt voor de moeite (Rieske specifiek),


  Guft. :wink:

  p.s. ben pas zaterdag terug op forum, neem gerust je tijd. :D
 • Kun je die log ff zonder "witjes" plaatsen?
 • Logfile of HijackThis v1.98.2
  Scan saved at 20:46:17, on 7/09/2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\Program Files\European Commission\Connection Client\cvpnd.exe
  C:\LDClient\LOCALSCH.EXE
  C:\WINDOWS\system32\cba\pds.exe
  C:\LDClient\QIPCLNT.EXE
  C:\LDClient\tmcsvc.exe
  C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
  C:\Program Files\Network Associates\VirusScan\Mcshield.exe
  C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
  C:\WINDOWS\System32\oodag.exe
  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\LDClient\wuser32.exe
  C:\WINDOWS\system32\cba\xfr.exe
  C:\WINDOWS\system32\MsgSys.EXE
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\Program Files\Apoint2K\Apoint.exe
  C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
  C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe
  C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe
  C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
  C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
  C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
  C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\Program Files\Apoint2K\Apntex.exe
  C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
  C:\WINDOWS\System32\ctfmon.exe
  C:\WINDOWS\inetdata\services.exe
  C:\WINDOWS\System32\dllcache\IExplore.exe
  C:\WINDOWS\System32\dllcache\IExplore.exe
  C:\Documents and Settings\laptop\Desktop\Spyware Removals\HijackThis.exe
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.0websearch.com/
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cc.cec/
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.cec.eu.int:82/proxy.pac
  F3 - REG:win.ini: run=C:\WINDOWS\inetdata\services.exe
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
  O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
  O4 - HKLM\..\Run: [TPWRSAVE] C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe -S
  O4 - HKLM\..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -S
  O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
  O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
  O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
  O4 - HKLM\..\Run: [IntelAPMClient] C:\LDClient\amclient.exe /apm /s
  O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
  O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
  O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
  O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
  O4 - Global Startup: European Commission Connection Client.lnk = C:\Program Files\European Commission\Connection Client\ipsecdialer.exe
  O4 - Global Startup: Inventory Scan.LNK = C:\LDClient\LDISCN32.EXE
  O4 - Global Startup: Task Completion.LNK = C:\LDClient\AMCLIENT.EXE
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
  O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
  O15 - Trusted Zone: www.mt-download.com
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
  O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = net1.cec.eu.int
  O17 - HKLM\Software\..\Telephony: DomainName = net1.cec.eu.int
  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = net1.cec.eu.int
  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = net1.cec.eu.int
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = net1.cec.eu.int

  Zo?

  Guft.
 • Thanks, ga 'm checken.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.