Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

HJT logje

Anoniem
steggel
11 antwoorden
  • Hallo, graag zou ik dit logje willen laten checken, alvast bedankt. Ik weet het het is een grote zooi, maar gelukkig niet van mij.. :wink:

    Logfile of HijackThis v1.99.1
    Scan saved at 22:04:33, on 10-3-2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\sessmgr.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\RDSHOST.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Joost\LOCALS~1\Temp\Rar$EX00.422\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.iwgdjywervhuvgmrpdpkzu.com/CQgaVJae3PFbmCTB6RiY_qd9GCPMM/Rb5gWlNq9lghYO8oRewXikmUp8xlyhCejD.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.btimvwtrzilpd.com/CQgaVJae3PE/9PxKIEyoSNTfqBwBJA7lpea/x3K1_3E.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http:/
    ed.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.planet.nl:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O1 - Hosts: 64.233.167.104 www.symantec.com
    O1 - Hosts: 64.233.167.104 www.sophos.com
    O1 - Hosts: 64.233.167.104 www.mcafee.com
    O1 - Hosts: 64.233.167.104 www.viruslist.com
    O1 - Hosts: 64.233.167.104 www.f-secure.com
    O1 - Hosts: 64.233.167.104 www.avp.com
    O1 - Hosts: 64.233.167.104 www.kaspersky.com
    O1 - Hosts: 64.233.167.104 www.networkassociates.com
    O1 - Hosts: 64.233.167.104 www.ca.com
    O1 - Hosts: 64.233.167.104 www.my-etrust.com
    O1 - Hosts: 64.233.167.104 www.nai.com
    O1 - Hosts: 64.233.167.104 www.trendmicro.com
    O1 - Hosts: 64.233.167.104 securityresponse.symantec.com
    O1 - Hosts: 64.233.167.104 sophos.com
    O1 - Hosts: 64.233.167.104 mcafee.com
    O1 - Hosts: 64.233.167.104 liveupdate.symantecliveupdate.com
    O1 - Hosts: 64.233.167.104 viruslist.com
    O1 - Hosts: 64.233.167.104 f-secure.com
    O1 - Hosts: 64.233.167.104 kaspersky.com
    O1 - Hosts: 64.233.167.104 kaspersky-labs.com
    O1 - Hosts: 64.233.167.104 avp.com
    O1 - Hosts: 64.233.167.104 networkassociates.com
    O1 - Hosts: 64.233.167.104 ca.com
    O1 - Hosts: 64.233.167.104 mast.mcafee.com
    O1 - Hosts: 64.233.167.104 my-etrust.com
    O1 - Hosts: 64.233.167.104 download.mcafee.com
    O1 - Hosts: 64.233.167.104 dispatch.mcafee.com
    O1 - Hosts: 64.233.167.104 secure.nai.com
    O1 - Hosts: 64.233.167.104 nai.com
    O1 - Hosts: 64.233.167.104 update.symantec.com
    O1 - Hosts: 64.233.167.104 updates.symantec.com
    O1 - Hosts: 64.233.167.104 us.mcafee.com
    O1 - Hosts: 64.233.167.104 liveupdate.symantec.com
    O1 - Hosts: 64.233.167.104 customer.symantec.com
    O1 - Hosts: 64.233.167.104 rads.mcafee.com
    O1 - Hosts: 64.233.167.104 trendmicro.com
    O1 - Hosts: 64.233.167.104 sandbox.norman.no
    O1 - Hosts: 64.233.167.104 www.pandasoftware.com
    O1 - Hosts: 64.233.167.104 uk.trendmicro-europe.com
    O2 - BHO: (no name) - {610D3734-EB9E-07EE-ED0C-1C1F75FCD856} - C:\WINDOWS\APPLIC~1\OOZEFO~1\Program bash.exe
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [gGWD6XFk9] C:\WINDOWS\lluqy.exe
    O4 - HKLM\..\Run: [drivemediatypempeg] C:\WINDOWS\All Users\Application Data\BoltDrvDriveMedia\Cornlive.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [serpe] C:\WINDOWS\System32\formatsys.exe
    O4 - HKLM\..\Run: [ltwob] C:\WINDOWS\System32\formatsys.exe
    O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\System32\formatsys.exe
    O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\System32\formatsys.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [chic acid] C:\WINDOWS\APPLIC~1\DASHDE~1\software one.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4307/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BBB04FE5-BCD2-4B74-9429-04CB427CE0EC}: NameServer = 10.0.0.1
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    Thnx
  • Als je nou eens begint met msn plus eraf te sodemieteren en daarna een nieuw logje te posten. :wink:

    Overigens ben ik weer een beetje aan het beginnen met hjt. :D

    Edit: van jou niet verwacht maar goed: HAAL HIJACKTHIS NOU EENS UIT DIE TEMP MAP.
  • Download the Hoster: http://members.aol.com/toadbee/hoster.zip . Unzip het programma, run het, klik op Restore Original Hosts, klik op OK en sluit het programma af.

    Laat dan dit tooltje er eens overgaan: http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.a.removal.tool.html

    Na de computer opnieuw gestart te hebben maak je een nieuwe hijackthislog en post je deze.

    edit: en dan doe je wat Pcguy zegt… :wink:
  • edit, zag het al, winrar zat in de weg, edit hier morgen een nieuw logje Marc… :wink:
  • Hier het lang verwachte HJT logje:

    Logfile of HijackThis v1.99.1
    Scan saved at 17:06:50, on 11-3-2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Skype\Phone\Skype.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\WINDOWS\system32\sessmgr.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
    C:\WINDOWS\system32\RDSHOST.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zcrbusyscys.com/CQgaVJae3PFbmCTB6RiY_qd9GCPMM/Rb5gWlNq9lghYPKswJEqR/O0p8xlyhCejD.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.btimvwtrzilpd.com/CQgaVJae3PE/9PxKIEyoSNTfqBwBJA7lpea/x3K1_3E.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http:/
    ed.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.planet.nl:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O2 - BHO: (no name) - {610D3734-EB9E-07EE-ED0C-1C1F75FCD856} - C:\WINDOWS\APPLIC~1\OOZEFO~1\Program bash.exe
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [gGWD6XFk9] C:\WINDOWS\lluqy.exe
    O4 - HKLM\..\Run: [drivemediatypempeg] C:\WINDOWS\All Users\Application Data\BoltDrvDriveMedia\Cornlive.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [serpe] C:\WINDOWS\System32\formatsys.exe
    O4 - HKLM\..\Run: [ltwob] C:\WINDOWS\System32\formatsys.exe
    O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\System32\formatsys.exe
    O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\System32\formatsys.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [chic acid] C:\WINDOWS\APPLIC~1\DASHDE~1\software one.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4307/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BBB04FE5-BCD2-4B74-9429-04CB427CE0EC}: NameServer = 10.0.0.1
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  • M@rc schreef:
    [quote:bca8d3cc11]Laat dan dit tooltje er eens overgaan: http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.a.removal.tool.html[/quote:bca8d3cc11]
    Is dit al uitgevoerd?

    Sjaak
  • Ja, maar ik zal het nog een keer doen en dan nog een nieuw HJT logje posten..

    [Edit]

    Logfile of HijackThis v1.99.1
    Scan saved at 18:12:39, on 11-3-2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\sessmgr.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
    C:\WINDOWS\system32\RDSHOST.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qlqbtsookqjcshnyuyvmdm.net/CQgaVJae3PFbmCTB6RiY_qd9GCPMM/Rb5gWlNq9lghbkc9vo/aPkc0p8xlyhCejD.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http:/
    ed.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.planet.nl:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O2 - BHO: (no name) - {610D3734-EB9E-07EE-ED0C-1C1F75FCD856} - C:\WINDOWS\APPLIC~1\OOZEFO~1\Program bash.exe
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [gGWD6XFk9] C:\WINDOWS\lluqy.exe
    O4 - HKLM\..\Run: [drivemediatypempeg] C:\WINDOWS\All Users\Application Data\BoltDrvDriveMedia\Cornlive.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [serpe] C:\WINDOWS\System32\formatsys.exe
    O4 - HKLM\..\Run: [ltwob] C:\WINDOWS\System32\formatsys.exe
    O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\System32\formatsys.exe
    O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\System32\formatsys.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [chic acid] C:\WINDOWS\APPLIC~1\DASHDE~1\software one.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4307/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BBB04FE5-BCD2-4B74-9429-04CB427CE0EC}: NameServer = 10.0.0.1
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    [/EDIT]
  • Met toestemming van M@rc plaats ik hier de herstelacties.

    Run deze 2 uninstallers:
    http://lop.com/new_uninstall.exe
    http://lop.com/toolbar_uninstall.exe
    Kan je de uninstallers niet downloaden gebruik dan deze alternatieven :
    http://members.rogers.com
    jmac/toolbar_uninstall.exe

    http://members.rogers.com
    jmac/new_uninstall.exe


    selecteer in hijackthis de volgende items:
    [b:701ca55a4b]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qlqbtsookqjcshnyuyvmdm.net/CQgaVJae3PFbmCTB6RiY_qd9GCPMM/Rb5gWlNq9lhbkc9vo/aPkc0p8xlyhCejD.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O2 - BHO: (no name) - {610D3734-EB9E-07EE-ED0C-1C1F75FCD856} - C:\WINDOWS\APPLIC~1\OOZEFO~1\Program bash.exe
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
    O4 - HKLM\..\Run: [gGWD6XFk9] C:\WINDOWS\lluqy.exe
    O4 - HKLM\..\Run: [drivemediatypempeg] C:\WINDOWS\All Users\Application Data\BoltDrvDriveMedia\Cornlive.exe
    O4 - HKLM\..\Run: [serpe] C:\WINDOWS\System32\formatsys.exe
    O4 - HKLM\..\Run: [ltwob] C:\WINDOWS\System32\formatsys.exe
    O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\System32\formatsys.exe
    O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\System32\formatsys.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [chic acid] C:\WINDOWS\APPLIC~1\DASHDE~1\software one.exe [/b:701ca55a4b]

    Sluit alle vensters behalve hijackthis en klik op "Fix checked"

    Zorg dat je besturingssysteem- en verborgen bestanden kunt zien.
    De volgende bestanden/directories verwijderen:

    C:\WINDOWS\Applications Data\OOZEFO~1\Program bash.exe
    C:\Program Files\Hotbar\
    C:\WINDOWS\lluqy.exe
    C:\WINDOWS\All Users\Application Data\BoltDrvDriveMedia\
    C:\WINDOWS\System32\formatsys.exe
    C:\WINDOWS\Applications Data\DASHDE~1\

    EDIT:
    Plaats een log ter controle.

    Sjaak
  • Er zijn een aantal dingen verwijdert:

    C:\WINDOWS\Applications Data\OOZEFO~1\Program bash.exe NIET VERW
    C:\Program Files\Hotbar\ verwijderd
    C:\WINDOWS\lluqy.exe NIET VERW
    C:\WINDOWS\All Users\Application Data\BoltDrvDriveMedia\ verwijderd
    C:\WINDOWS\System32\formatsys.exe NIET VERW
    C:\WINDOWS\Applications Data\DASHDE~1\ NIET VERW

    Die links, van die programma's daarbij zegt AVG dat het een virus is.. En als ik de alternatieve probeer gebeurt er niks, is down..

    Hier nog een HJT logje:
    Logfile of HijackThis v1.99.1
    Scan saved at 13:06:32, on 14-3-2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\RDSHOST.exe
    C:\WINDOWS\system32\sessmgr.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://znxsvvurhzvdieqkesem.uk/CQgaVJae3PFbmCTB6RiY_qd9GCPMM/Rb5gWlNq9lghY1exiYMZaUuEp8xlyhCejD.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.planet.nl:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4307/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BBB04FE5-BCD2-4B74-9429-04CB427CE0EC}: NameServer = 10.0.0.1
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    MVG, Jayday
  • De bestanden die je niet kon verwijderen zijn mogelijk verborgen.
    Kijk bij de instellingen van de verkenner:
    Extra -> Mapopties -> Weergave
    Beveiligde besturingssysteembestanden verbergen (aanbevolen) moet je deselecteren
    Toon verborgen bestanden en mappen moet je selecteren.

    formatsys.exe is door het fixprogramma al verwijderd.

    Ivm MessengerPlus zijn mogelijk nog enkele (verborgen) jobs die moeten worden verwijderd.
    Open notepad en copieer de volgende code:
    [code:1:9376e3df47]@echo off
    attrib -H "%WinDir%\Tasks\*.job"
    dir "%WinDir%\Tasks\*.job" /a >C:\jobs.txt
    start c:\jobs.txt
    [/code:1:9376e3df47]
    en sla het op het bureablad op als jobs.bat
    Opslaan als type: Alle bestanden

    Start het script.
    vervolgens moet je de jobs die uit 16 tekens met random letters en cijfers verwijderen —> bijv. A92D9DEE921D8AB3.job / A8FE5AE46387DD54.job uit de Tasks directory (onder Windows)

    Start hijackthis nog een keer op en fix het volgende item:

    [b:9376e3df47]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://znxsvvurhzvdieqkesem.uk/CQgaVJae3PFbmCTB6RiY_qd9GCPMM/Rb5gWlNq9lghY1exiYMZaUuEp8xlyhCejD.php[/b:9376e3df47]

    Dan moet alles weer in orde zijn.

    Sjaak
  • Een logje ter controle Sjaak.. :wink:

    Logfile of HijackThis v1.99.1
    Scan saved at 18:34:18, on 14-3-2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\sessmgr.exe
    C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\RDSHOST.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.planet.nl:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4307/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BBB04FE5-BCD2-4B74-9429-04CB427CE0EC}: NameServer = 10.0.0.1
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe



    Thnx Sjaak 8)

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.