Weergegeven resultaten: 1 t/m 9 van 9
  1. #1
    Gevorderd   TusH's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    De stille Kempen
    Berichten
    218
    Bedankjes
    13
    Bedankt
    10 keer in 9 posts

    HijackThis logje van mijn zus

    Hoi,

    Mijn zus heeft mijn help even gevraagd omdat ze met wat rommel zat op haar pc. In haar taakbalk flikkerde vanalles dat haar wist te vertellen dat haar pc mogelijk geïnfecteerd was. Als je dan daar op klikte, kwam je op een of andere vreemde website terecht.

    Ik heb Norton in veilge modus laten lopen met als resultaat 8 verwijderde virussen.
    Adaware heeft zijn werk ook nog eens gedaan. Er waren verschillende registersleutels besmet.
    Hopelijk is nu alles opgelost, die vervelende melding zie ik toch al niet meer.

    Voor alle zekerheid wil ik toch even een logje plaatsen.

    Alvast bedankt

    TusH

    Logfile of HijackThis v1.99.1
    Scan saved at 21:57:20, on 10/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Telenet EasyCare\bin\mpbtn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\Schepens\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/b...en/default.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/b...en/default.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http/:ac.t
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;<LOCAL>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl-be\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl-be\msntb.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [oeyydue] C:\WINDOWS\system32\fquiac.exe r
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whlnsp.dl l
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dl l
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dl l
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dl l
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dl l
    O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
    O16 - DPF: {42D683F7-9C1B-11D7-A860-005056C00001} (.print Client RDP Webinstall) - https://www.virtualpc.ema.kpmg.com/w...1/TPRDPenN.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/...s/MsnPUpld.cab
    O16 - DPF: {57875390-EAE5-4408-A5D1-592B642FB900} (Whale Attachment Wiper ) - https://www.virtualpc.ema.kpmg.com/i...?egap=internal
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.virtualpc.ema.kpmg.com/W...Com1/msrdp.cab
    O16 - DPF: {807D68C6-AF19-4005-85D3-1726F794B851} (Whale SSL VPN Client, ver. 2.5.1) - https://www.virtualpc.ema.kpmg.com/W...lClntProxy.cab
    O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
    O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://www.virtualpc.ema.kpmg.com/I...WhlCompMgr.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://birds.kpmg.be/msrdp.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    Te huur, plaats voor handtekening --> P.O.T.K

  2. #2
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.887
    Bedankjes
    100
    Bedankt
    901 keer in 829 posts
    * Download en installeer AVG Anti-Spyware.
    • Na de installatie, open AVG Anti-Spyware:
      * onder "Status", klik op Change state naast "Resident shield". (wijzig van active naar inactive!)
      * onder "Update", klik op de Start update knop.
      * onder "Scanner", tab "Settings":
      • - onder "How to act?", klik op "Recommended actions" en selecteer Quarantine. (ZEER BELANGRIJK!)
        * onder "Reports", selecteer Automatically generate report after every scan en verwijder het vinkje bij Only if threats were found

      Sluit AVG Anti-Spyware. Laat het nog niet scannen.


    * Als je Adaware SE nog niet geïnstalleerd hebt, download, installeer en update het dan volgens de richtlijnen
    die je kan vinden op: http://users.pandora.be/marcvn/spyware/1414188.htm
    Download link van Ad-aware: http://www.lavasoftusa.com/products/...e_personal.php

    * Start je computer op in VEILIGE MODUS

    * Voer een volledige scan uit met Adaware en verwijder alles wat gevonden wordt.

    * Start AVG Anti-Spyware.
    • * Klik op Scan en kies Complete System Scan.
      Na de scan; volg onderstaande instructies :
      BELANGRIJK : Klik niet op de "Save Scan Report" knop vooraleer je de "Apply all Actions" knop hebt aangeklikt !
      * Draag er zorg voor dat Set all elements to: op Quarantine staat (1),
      zoniet klik op de link en kies Quarantine in de popup menu. (2)
      (Dit geldt niet voor cookies, deze worden onveranderlijk gedelete !)
      * Onderaan het venster klik op de Apply all Actions knop. (3)

      * Wanneer je de melding krijgt 'All actions have been applied', klik je onderaan op de knop Save Report.


    * Herstart je computer in normale modus.

    * Download ATF cleaner (by Atribune)

    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Gebruik je ook Firefox als browser:
    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit verwijdert het vinkje bij "Firefox saved passwords")
    Klik op de knop Empty Selected.

    Gebruik je ook Opera als browser:
    Klik op tabblad "Opera", plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop Empty Selected.
    Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

    * Post dan een nieuw hijackthis logje hier met het rapport van AVG antispyware.

    Member of ASAP

  3. #3
    Gevorderd   TusH's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    De stille Kempen
    Berichten
    218
    Bedankjes
    13
    Bedankt
    10 keer in 9 posts
    Hoi JurgenV,

    Bedankt om mijn logje te willen bekijken.
    Ik heb je acties uitgevoerd en post hierbij het logje van AVG:

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------
    + Created at: 15:35:07 11/11/2006
    + Scan result:

    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP963\A0178833.dll -> Adware.ActivShopper : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP963\A0178836.dll -> Adware.ActivShopper : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP960\A0178273.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP961\A0178285.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP963\A0178842.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Internet Security Add-On -> Adware.IntCodec : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Public Messenger ver 2.03 -> Adware.IntCodec : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP953\A0177712.exe -> Adware.VirusBurster : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108} -> Adware.VirusBurster : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP963\A0178844.exe -> Dialer.DateRegon : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP963\A0178847.hta -> Downloader.Psyme.at : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP953\A0176701.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP953\A0177699.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP953\A0177737.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP953\A0177750.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP953\A0177762.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP953\A0177778.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP954\A0177850.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP954\A0177897.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP955\A0178071.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP955\A0178095.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP956\A0178124.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP957\A0178150.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP957\A0178214.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP959\A0178234.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP961\A0178288.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP961\A0178295.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP961\A0178321.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP961\A0178329.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP962\A0178622.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP962\A0178661.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP962\A0178714.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP963\A0178825.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP963\A0178828.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP963\A0178829.dll -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP963\A0178838.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP963\A0178839.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP963\A0178841.exe -> Downloader.Zlob.atg : Cleaned with backup (quarantined).
    C:\Program Files\VideoKeyCodec\pmsngr.exe -> Not-A-Virus.Hoax.Win32.Renos.fx : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP953\A0176699.exe -> Not-A-Virus.Hoax.Win32.Renos.fx : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP953\A0177700.exe -> Not-A-Virus.Hoax.Win32.Renos.fx : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP953\A0177735.exe -> Not-A-Virus.Hoax.Win32.Renos.fx : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP953\A0177749.exe -> Not-A-Virus.Hoax.Win32.Renos.fx : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP953\A0177763.exe -> Not-A-Virus.Hoax.Win32.Renos.fx : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP953\A0177777.exe -> Not-A-Virus.Hoax.Win32.Renos.fx : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP954\A0177849.exe -> Not-A-Virus.Hoax.Win32.Renos.fx : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP954\A0177896.exe -> Not-A-Virus.Hoax.Win32.Renos.fx : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP955\A0178072.exe -> Not-A-Virus.Hoax.Win32.Renos.fx : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP955\A0178094.exe -> Not-A-Virus.Hoax.Win32.Renos.fx : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP956\A0178121.exe -> Not-A-Virus.Hoax.Win32.Renos.fx : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP957\A0178149.exe -> Not-A-Virus.Hoax.Win32.Renos.fx : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP957\A0178212.exe -> Not-A-Virus.Hoax.Win32.Renos.fx : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP959\A0178233.exe -> Not-A-Virus.Hoax.Win32.Renos.fx : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP963\A0178840.exe -> Not-A-Virus.Hoax.Win32.Renos.fx : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP960\A0178272.dll -> Trojan.Agent.db : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP963\A0178837.dll -> Trojan.Dialer.bi : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP963\A0178855.dll -> Trojan.Dialer.bi : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP963\A0178856.dll -> Trojan.Dialer.bi : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP963\A0178858.dll -> Trojan.Dialer.bi : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP963\A0178864.dll -> Trojan.Fakealert : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP963\A0178846.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP963\A0178843.exe -> Trojan.Stervis.e : Cleaned with backup (quarantined).

    ::Report end
    Te huur, plaats voor handtekening --> P.O.T.K

  4. #4
    Gevorderd   TusH's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    De stille Kempen
    Berichten
    218
    Bedankjes
    13
    Bedankt
    10 keer in 9 posts
    En het HijackThis logje:

    Logfile of HijackThis v1.99.1
    Scan saved at 15:46:11, on
    11/11/2006
    Platform: Windows XP SP2 (WinNT
    5.01.2600)
    MSIE: Internet Explorer v6.00 SP2
    (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common
    Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common
    Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet
    Security\ISSVC.exe
    C:\Program Files\Common
    Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common
    Files\Symantec
    Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common
    Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG
    Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Norton Internet
    Security\Norton
    AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program
    Files\Symantec\LiveUpdate\ALUSchedul
    erSvc.exe
    C:\Program
    Files\Photodex\CompuPicPro\ScsiAcces
    s.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common
    Files\Symantec
    Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program
    Files\Canon\CAL\CALMAIN.exe
    C:\Program
    Files\QuickTime\qttask.exe
    C:\Program
    Files\Java\jre1.5.0_04\bin\jusched.e
    xe
    C:\PROGRA~1\TELENE~1\SMARTB~1\Motive
    SB.exe
    C:\Program Files\Common
    Files\Symantec Shared\ccApp.exe
    C:\Program Files\Grisoft\AVG
    Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Telenet
    EasyCare\bin\mpbtn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet
    Explorer\iexplore.exe
    C:\Program Files\Common
    Files\Symantec
    Shared\AdBlocking\NSMdtr.exe
    C:\Program
    Files\Messenger\msmsgs.exe
    C:\DOCUME~1\Schepens\LOCALS~1\Temp\T
    ijdelijke map 1 voor
    hijackthis.zip\HijackThis.exe
    R1 -
    HKCU\Software\Microsoft\Internet
    Explorer\Main,Default_Page_URL =
    http://www.euro.dell.com/countries/b
    e/nlb/gen/default.htm
    R0 -
    HKCU\Software\Microsoft\Internet
    Explorer\Main,Start Page =
    http://breedband.telenet.be/
    R1 -
    HKLM\Software\Microsoft\Internet
    Explorer\Main,Default_Page_URL =
    http://www.telenet.be
    R1 -
    HKLM\Software\Microsoft\Internet
    Explorer\Main,Search Bar =
    about:blank
    R0 -
    HKLM\Software\Microsoft\Internet
    Explorer\Main,Start Page =
    http://www.euro.dell.com/countries/b
    e/nlb/gen/default.htm
    R1 -
    HKCU\Software\Microsoft\Internet
    Explorer\Search,SearchAssistant =
    about:blank
    R0 -
    HKLM\Software\Microsoft\Internet
    Explorer\Search,SearchAssistant =
    about:blank
    R1 -
    HKCU\Software\Microsoft\Internet
    Explorer\Main,Window Title =
    Microsoft Internet Explorer
    aangeboden door Telenet Internet
    R1 -
    HKCU\Software\Microsoft\Windows\Curr
    entVersion\Internet
    Settings,AutoConfigURL =
    http://pac.telenet.be:8080
    R1 -
    HKCU\Software\Microsoft\Windows\Curr
    entVersion\Internet
    Settings,ProxyServer = http/:ac.t
    R1 -
    HKCU\Software\Microsoft\Windows\Curr
    entVersion\Internet
    Settings,ProxyOverride =
    127.0.0.1;<local>
    R0 -
    HKCU\Software\Microsoft\Internet
    Explorer\Toolbar,LinksFolderName =
    Koppelingen
    O2 - BHO: AcroIEHlprObj Class -
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B
    3} - C:\Program Files\Adobe\Acrobat
    6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess -
    {5CA3D70E-1895-11CF-8E15-00123456789
    0} -
    C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) -
    {77701e16-9bfe-4b63-a5b4-7bd156758a3
    7} - (no file)
    O2 - BHO: ST -
    {9394EDE7-C8B5-483E-8773-474BF36AF6E
    4} - C:\Program Files\MSN
    Apps\ST\01.03.0000.1005\en-xu\stmain
    .dll
    O2 - BHO: Norton Internet Security -
    {9ECB9560-04F9-4bbc-943D-298DDF1699E
    1} - C:\Program Files\Common
    Files\Symantec
    Shared\AdBlocking\NISShExt.dll
    O2 - BHO: MSNToolBandBHO -
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D
    0} - C:\Program Files\MSN Apps\MSN
    Toolbar\MSN
    Toolbar\01.02.5000.1021\nl-be\msntb.
    dll
    O2 - BHO: NAV Helper -
    {BDF3E430-B101-42AD-A544-FADC6B08487
    2} - C:\Program Files\Norton
    Internet Security\Norton
    AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN -
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D
    0} - C:\Program Files\MSN Apps\MSN
    Toolbar\MSN
    Toolbar\01.02.5000.1021\nl-be\msntb.
    dll
    O3 - Toolbar: Norton Internet
    Security -
    {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A
    7} - C:\Program Files\Common
    Files\Symantec
    Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus -
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D
    6} - C:\Program Files\Norton
    Internet Security\Norton
    AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [QuickTime Task]
    "C:\Program
    Files\QuickTime\qttask.exe"
    -atboottime
    O4 - HKLM\..\Run: [DXM6Patch_981116]
    C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run:
    [SunJavaUpdateSched] C:\Program
    Files\Java\jre1.5.0_04\bin\jusched.e
    xe
    O4 - HKLM\..\Run: [Motive
    SmartBridge]
    C:\PROGRA~1\TELENE~1\SMARTB~1\Motive
    SB.exe
    O4 - HKLM\..\Run: [ccApp]
    "C:\Program Files\Common
    Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec
    NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe
    /Consumer
    O4 - HKLM\..\Run: [!AVG
    Anti-Spyware] "C:\Program
    Files\Grisoft\AVG Anti-Spyware
    7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma
    Loader.lnk = C:\Program Files\Common
    Files\Adobe\Calibration\Adobe Gamma
    Loader.exe
    O4 - Global Startup: Microsoft
    Office.lnk = C:\Program
    Files\Microsoft
    Office\Office10\OSA.EXE
    O4 - Global Startup: Telenet
    EasyCare.lnk = C:\Program
    Files\Telenet
    EasyCare\bin\matcli.exe
    O8 - Extra context menu item:
    E&xporteren naar Microsoft Excel -
    res://C:\PROGRA~1\MICROS~3\Office10\
    EXCEL.EXE/3000
    O9 - Extra button: (no name) -
    {08B0E5C0-4FCB-11CF-AAA5-00401C60850
    1} - C:\Program
    Files\Java\jre1.5.0_04\bin\npjpi150_
    04.dll
    O9 - Extra 'Tools' menuitem: Console
    Java (Sun) -
    {08B0E5C0-4FCB-11CF-AAA5-00401C60850
    1} - C:\Program
    Files\Java\jre1.5.0_04\bin\npjpi150_
    04.dll
    O9 - Extra button: Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F79568
    3} - C:\Program
    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows
    Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F79568
    3} - C:\Program
    Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP:
    c:\progra~1\whalec~1\client~1\31265d
    ~1.0\whlnsp.dll
    O10 - Unknown file in Winsock LSP:
    c:\progra~1\whalec~1\client~1\31265d
    ~1.0\whllsp.dll
    O10 - Unknown file in Winsock LSP:
    c:\progra~1\whalec~1\client~1\31265d
    ~1.0\whllsp.dll
    O10 - Unknown file in Winsock LSP:
    c:\progra~1\whalec~1\client~1\31265d
    ~1.0\whllsp.dll
    O10 - Unknown file in Winsock LSP:
    c:\progra~1\whalec~1\client~1\31265d
    ~1.0\whllsp.dll
    O14 - IERESET.INF:
    START_PAGE_URL=http://www.telenet.be
    O16 - DPF:
    {42D683F7-9C1B-11D7-A860-005056C0000
    1} (.print Client RDP Webinstall) -
    https://www.virtualpc.ema.kpmg.com/w
    halecom0cb0c154c9c7056534a0995bad29c
    7bf64e3d72004ca61d074dfa4caf9d2d6f7f
    a/whalecom1/TPRDPenN.cab
    O16 - DPF:
    {4F1E5B1A-2A80-42CA-8532-2D05CB95953
    7} (MSN Photo Upload Tool) -
    http://by21fd.bay21.hotmail.msn.com/
    resources/MsnPUpld.cab
    O16 - DPF:
    {57875390-EAE5-4408-A5D1-592B642FB90
    0} (Whale Attachment Wiper ) -
    https://www.virtualpc.ema.kpmg.com/i
    mages/whlcache.cab?egap=internal
    O16 - DPF:
    {7584C670-2274-4EFB-B00B-D6AABA6D385
    0} (Microsoft RDP Client Control
    (redist)) -
    https://www.virtualpc.ema.kpmg.com/W
    haleComC45DE96E58A52C1A52819D903A01B
    BBAE5015970F4BFA5EE309795CB0FB6B4D1C
    1/WhaleCom1/msrdp.cab
    O16 - DPF:
    {807D68C6-AF19-4005-85D3-1726F794B85
    1} (Whale SSL VPN Client, ver.
    2.5.1) -
    https://www.virtualpc.ema.kpmg.com/W
    haleCom8218A96E1EE26E4034A32B6D2567/
    WhaleCom0/SecurevirtualpcPortalHomeP
    age/WhlClntProxy.cab
    O16 - DPF:
    {826287F8-454E-11D9-ADFE-00062919A34
    C}
    (ActiveXUploadFotoCom.UserCtrlFotoCo
    m) -
    http://express.foto.com/activeX/newU
    ploadFotoCom.CAB
    O16 - DPF:
    {8D9563A9-8D5F-459B-87F2-BA842255CB9
    A} (Whale Client Components) -
    https://www.virtualpc.ema.kpmg.com/I
    nternalSite/WhlCompMgr.cab
    O16 - DPF:
    {9059F30F-4EB1-4BD2-9FDC-36F43A218F4
    A} (Microsoft RDP Client Control
    (redist)) -
    http://birds.kpmg.be/msrdp.cab
    O16 - DPF:
    {B38870E4-7ECB-40DA-8C6A-595F0A5519F
    F} (MsnMessengerSetupDownloadControl
    Class) -
    http://messenger.msn.com/download/Ms
    nMessengerSetupDownloader.cab
    O18 - Protocol: msnim -
    {828030A1-22C1-4009-854F-8E305202313
    F} -
    "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
    (file missing)
    O20 - Winlogon Notify: WgaLogon -
    C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG Anti-Spyware
    Guard - Anti-Malware Development
    a.s. - C:\Program Files\Grisoft\AVG
    Anti-Spyware 7.5\guard.exe
    O23 - Service: Canon Camera Access
    Library 8 (CCALib8) - Canon Inc. -
    C:\Program
    Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event
    Manager (ccEvtMgr) - Symantec
    Corporation - C:\Program
    Files\Common Files\Symantec
    Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network
    Proxy (ccProxy) - Symantec
    Corporation - C:\Program
    Files\Common Files\Symantec
    Shared\ccProxy.exe
    O23 - Service: Symantec Password
    Validation (ccPwdSvc) - Symantec
    Corporation - C:\Program
    Files\Common Files\Symantec
    Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings
    Manager (ccSetMgr) - Symantec
    Corporation - C:\Program
    Files\Common Files\Symantec
    Shared\ccSetMgr.exe
    O23 - Service: Creative Service for
    CDROM Access - Creative Technology
    Ltd -
    C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: ISSvc (ISSVC) -
    Symantec Corporation - C:\Program
    Files\Norton Internet
    Security\ISSVC.exe
    O23 - Service: LexBce Server
    (LexBceS) - Lexmark International,
    Inc. -
    C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec
    Corporation -
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS
    ~1.EXE
    O23 - Service: Norton AntiVirus
    Auto-Protect-service (navapsvc) -
    Symantec Corporation - C:\Program
    Files\Norton Internet
    Security\Norton
    AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService
    (NetSvc) - Intel(R) Corporation -
    C:\Program
    Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper
    Service (NVSvc) - NVIDIA Corporation
    - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Planner voor
    Automatische LiveUpdate - Symantec
    Corporation - C:\Program
    Files\Symantec\LiveUpdate\ALUSchedul
    erSvc.exe
    O23 - Service: SAVScan - Symantec
    Corporation - C:\Program
    Files\Norton Internet
    Security\Norton
    AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking
    Service (SBService) - Symantec
    Corporation -
    C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT
    ~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown
    owner - C:\Program
    Files\Photodex\CompuPicPro\ScsiAcces
    s.exe
    O23 - Service: Symantec Network
    Drivers Service (SNDSrvc) - Symantec
    Corporation - C:\Program
    Files\Common Files\Symantec
    Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc
    (SPBBCSvc) - Symantec Corporation -
    C:\Program Files\Common
    Files\Symantec
    Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC -
    Symantec Corporation - C:\Program
    Files\Common Files\Symantec
    Shared\CCPD-LC\symlcsvc.exe
    Te huur, plaats voor handtekening --> P.O.T.K

  5. #5
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.887
    Bedankjes
    100
    Bedankt
    901 keer in 829 posts
    Kan je het hijackthis logje eens normaal posten?

    Member of ASAP

  6. #6
    Gevorderd   TusH's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    De stille Kempen
    Berichten
    218
    Bedankjes
    13
    Bedankt
    10 keer in 9 posts
    Ooops, sorry...

    Logfile of HijackThis v1.99.1
    Scan saved at 15:46:11, on 11/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Telenet EasyCare\bin\mpbtn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\DOCUME~1\Schepens\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/b...en/default.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/b...en/default.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http/:ac.t
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl-be\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl-be\msntb.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whlnsp.dl l
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dl l
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dl l
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dl l
    O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dl l
    O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
    O16 - DPF: {42D683F7-9C1B-11D7-A860-005056C00001} (.print Client RDP Webinstall) - https://www.virtualpc.ema.kpmg.com/w...1/TPRDPenN.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/...s/MsnPUpld.cab
    O16 - DPF: {57875390-EAE5-4408-A5D1-592B642FB900} (Whale Attachment Wiper ) - https://www.virtualpc.ema.kpmg.com/i...?egap=internal
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.virtualpc.ema.kpmg.com/W...Com1/msrdp.cab
    O16 - DPF: {807D68C6-AF19-4005-85D3-1726F794B851} (Whale SSL VPN Client, ver. 2.5.1) - https://www.virtualpc.ema.kpmg.com/W...lClntProxy.cab
    O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
    O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://www.virtualpc.ema.kpmg.com/I...WhlCompMgr.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://birds.kpmg.be/msrdp.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    Te huur, plaats voor handtekening --> P.O.T.K

  7. #7
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.887
    Bedankjes
    100
    Bedankt
    901 keer in 829 posts
    Volgende regel moet je nog fixen in hijackthis:

    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)

    Voor de rest ziet het er goed uit, hoe werkt alles verder?

    Member of ASAP

  8. De volgende gebruiker bedankt jurgenv voor deze nuttige post:

    TusH (11 November 2006)

  9. #8
    Gevorderd   TusH's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    De stille Kempen
    Berichten
    218
    Bedankjes
    13
    Bedankt
    10 keer in 9 posts
    Voor de rest bolt ie terug als een treintje. :-)

    Thanks voor de moeite !!!
    Te huur, plaats voor handtekening --> P.O.T.K

  10. #9
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.887
    Bedankjes
    100
    Bedankt
    901 keer in 829 posts
    Graag gedaan.

    Nog een paar tips om problemen te voorkomen in de toekomst:

    Installeer alvast volgende GRATIS programmatjes indien je ze nog niet hebt:

    Spywareblaster
    Adaware se
    Spybot s&d


    Tijdens het surfen, klik niet overal klakkeloos op ja als je dit gevraagd wordt... doe dit enkel wanneer je het volledig vertrouwt.

    En kies eventueel een alternatieve browser zoals Opera of Firefox.

    En ik raad je ook aan om af en toe een online virusscan uit te voeren. housecall en/of Bitdefender. Want, wat de ene scanner niet kan vinden, kan een andere misschien wel.
    Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is!!

    En... geregeld eens een bezoekje brengen aan: http://windowsupdate.microsoft.com/

    Bekijk ook eens deze 2 filmpjes.. Heel interessant:
    http://www2.trosradar.nl/mediaplayer...&mode=dossier#
    http://www.benedelman.org/spyware/security-111804.wmv


    Meer preventietips zijn ook op volgende sites te vinden:

    http://www.bluemedicine.be
    http://users.telenet.be/marcvn/spyware
    How did I get infected in the first place (article by TonyKlein)
    Het voorkomen van spyware-infecties en browserhijacking

    Member of ASAP

Discussie informatie

Users Browsing this Thread

Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)

Soortgelijke discussies

  1. HijackThis logje van mijn zus (pc werkt traag)
    Door FraiD in forum HijackThis
    Reacties: 5
    Laatste bericht: 24 August 2006, 21:56
  2. Check even mijn HiJackThis logje AUB
    Door Emile.H in forum HijackThis
    Reacties: 2
    Laatste bericht: 15 August 2006, 12:46
  3. HijackThis logje
    Door gras33 in forum HijackThis
    Reacties: 9
    Laatste bericht: 4 May 2006, 16:49
  4. mijn hijackthis logje
    Door sandro in forum HijackThis
    Reacties: 8
    Laatste bericht: 1 September 2005, 17:17
  5. mijn hijackthis
    Door anja in forum HijackThis
    Reacties: 8
    Laatste bericht: 24 May 2005, 21:41

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •