kunnen jullie eens zien,k'zit er mee!!
Logfile of HijackThis v1.99.1
Scan saved at 19:06:41, on 27-12-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printra y.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\paytime.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\winstall.exe
C:\WINDOWS\System32\paytime.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\winstall.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Tijdelijke map 1 voor hijackthis[1].zip\HijackThis.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl-be\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printra y.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe"
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [timessquare] c:\windows\timessquare.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...99/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\kt44l7hq1.dll
O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Weergegeven resultaten: 1 t/m 7 van 7
Discussie: dringend!
-
27 December 2005, 20:11 #1Gevorderd
- Geregistreerd
- 10 May 2005
- Locatie
- Oost-Vlaanderen
- Berichten
- 169
- Bedankjes
- 126
- Bedankt
- 48 keer in 31 posts
dringend!
-
27 December 2005, 20:22 #2Gevorderd
- Geregistreerd
- 10 May 2005
- Locatie
- Oost-Vlaanderen
- Berichten
- 169
- Bedankjes
- 126
- Bedankt
- 48 keer in 31 posts
Re: dringend!
het gaat om spyware,krijg ze niet weg!
Paul
-
27 December 2005, 20:36 #3Erelid
- Geregistreerd
- 10 May 2005
- Locatie
- West-Vlaanderen
- Berichten
- 5.852
- Bedankjes
- 90
- Bedankt
- 800 keer in 736 posts
Re: dringend!
* Je kan deze instructies best uitprinten of opslaan in een kladblokbestand, want straks zal je in veilige modus
moeten gaan werken, en dan is deze pagina niet beschikbaar (geen internet)
* pak hijackthis.exe uit en plaats die in een vaste map zoals bv C:/hijackthis
* Download smitRem.exe en sla dit op op het Bureaublad.
Dubbelklik op het bestand en pak het uit naar zijn eigen map op het Bureaublad.
* Download, installeer en update de free trial versie van Ewido anti-malware
- Tijdens de installatie, onder "Additional Options", haal je de vinkjes weg bij "Install background guard" en "Install scan via context menu".
- Als je Ewido voor de eerste keer runt, zal je een foutmelding krijgen "Database could not be found!". Klik dan op OK. Dit is normaal.
- In het hoofdscherm van Ewido, klik je op update in het linker menu, en vervolgens op de Start update knop.
- Als de updates gedaan zijn, zal er op de status bar beneden "Update successful" staan.
- Sluit Ewido. Laat het nog niet scannen
* Als je Adaware SE nog niet geïnstalleerd hebt, download, installeer en update het dan volgens de richtlijnen
die je kan vinden op: http://users.pandora.be/marcvn/spyware/1414188.htm
* Start je computer op in VEILIGE MODUS
* open hijackthis en vink volgende regels aan:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [timessquare] c:\windows\timessquare.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)
* sluit dan alle vensters behalve hijackthis en klik op 'fix checked'
* verwijder volgende bestanden indien aanwezig:
C:\WINDOWS\System32\paytime.exe
c:\windows\timessquare.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
* Open de smitrem-map op je bureaublad, en dubbelklik op RunThis.bat. Volg de aanwijzigingen op het scherm.
Je bureaublad en ikoontjes zullen even verdwijnen en daarna terug verschijnen, dit is normaal.
Wacht tot het tooltje zijn werk heeft gedaan en Disk Cleanup afgelopen is. Dit kan enige tijd duren, dus wees geduldig.
* Voer een volledige scan uit met Adaware en verwijder alles wat gevonden wordt.
* Open Ewido Security Suite- klik op Scanner
- Klik op complete system scan
- Laat het programma je pc scannen
Als de scan beëindigd is, zal je een knop zienBewaar rapport- Klik op Bewaar rapport
- Sla het rapport op op je bureaublad
- Sluit Ewido af
* Ga dan naar Start -> configuratiescherm -> vormgeving en thema's -> bureaublad ->bureaublad aanpassen -> Website -> haal het vinkje weg bij "Security Info" als het er nog staat.
* Herstart je computer in normale modus.
* Doe een online scan via Panda's online virus scan en bewaar het rapport dat je krijgt na het scannen
* Herstart je pc nogmaals en plaats dan een nieuw logje van Hijackthis, samen met het rapport van Ewido en Panda, Post de log van de smitRem tool, die je hier kan vinden: C:\smitfiles.txt.
Member of ASAP
-
28 December 2005, 01:08 #4Gevorderd
- Geregistreerd
- 10 May 2005
- Locatie
- Oost-Vlaanderen
- Berichten
- 169
- Bedankjes
- 126
- Bedankt
- 48 keer in 31 posts
Re: dringend!
<!--{ Start Header --><TABLE cellSpacing=0 cellPadding=0 width="100%" border=0><TBODY><TR><TD><!-- -->
<!-- --> </TD></TD><TD align=right>
</TD></TR></TBODY></TABLE><!--} Start Header -->McAfee FreeScan has detected 3 files on your computer!
Your personal information might be vulnerable to exposure or corruption.
Your computer might transmit possible threats to friends, family, and co-workers.
Get immediate protection with McAfee VirusScan. Buy Now! Learn More...
Important: If you disabled your anti-virus software, please re-enable it now.
<!--{ Control and status panel --><TABLE cellSpacing=0 cellPadding=1 width="100%" border=0><TBODY><TR><TD class=border vAlign=top><TABLE height=110 cellSpacing=0 cellPadding=3 width="100%" border=0><TBODY><TR><TD class=titles id=idTitleScanLocation noWrap height=15>Scan Location</TD></TR><TR><TD class=normal align=middle><SELECT class=dropdown id=idScanType size=3 name=idScanType> <OPTION value=fullscan selected>Drive C</OPTION> <OPTION value=mydocuments>My Documents</OPTION> <OPTION value=windows>Windows Files</OPTION></SELECT>
<!--Scan Button Here--><INPUT id=idButtonScan onclick=javascript:btnScan_onclick() type=image src="http://us.mcafee.com/apps/mfs/en-us/images/scanbutton.gif" name=idButtonScan> </TD></TR></TBODY></TABLE></TD><TD>
</TD><TD class=border vAlign=top width="100%"><TABLE height=110 cellSpacing=0 cellPadding=3 width="100%" border=0><TBODY><TR><TD class=titles id=idTitleScanStatus bgColor=white colSpan=2 height=15>Scan Status</TD></TR><TR><TD class=normal vAlign=top>Files Scanned: 76662
Files Detected: 3
Information: Scanning completed!</TD><TD class=normal vAlign=top align=right>
</TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE><!--} Control and status panel -->
<!--{ Result List --><TABLE cellSpacing=0 cellPadding=1 width="100%" border=0><TBODY><TR><TD class=border vAlign=top><TABLE cellSpacing=0 cellPadding=0 width="100%" border=0><TBODY><TR><TD class=titles id=idTitleInfectedFiles width="100%">List of Detected Files</TD></TR><TR><TD class=normal vAlign=top><TABLE cellSpacing=0 cellPadding=1 width="100%" border=0><TBODY><TR><TD class=listheader width="70%">File Name</TD><TD class=listheader width="30%">Threat Name</TD></TR><TR><TD class=normal vAlign=top>C:\Documents and Settings\...\Process.exe</TD><TD class=normal vAlign=top>PrcViewer</TD></TR><TR><TD class=normal vAlign=top>C:\secure32.html</TD><TD class=normal vAlign=top>StartPage-IH</TD></TR><TR><TD class=normal vAlign=top>C:\WINDOWS\secure32.html</TD><TD class=normal vAlign=top>StartPage-IH</TD></TR></TBODY></TABLE>
</TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE><!--} Result List -->
<TABLE cellSpacing=0 cellPadding=0 width=580 border=0><TBODY><TR><TD><TABLE cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD><TABLE cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD>
</TD></TR><TR><TD background=http://images.mcafee.com/common/dash_vertical_1x3.gif></TD></TR></TBODY></TABLE></TD><TD vAlign=center><TABLE cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD background=http://images.mcafee.com/common/dash_horizontal_1x3.gif></TD></TR></TBODY></TABLE></TD><TD style="FONT-SIZE: 12px; COLOR: #003399" width=225>Recommended Security Solution</TD><TD vAlign=center width=351><TABLE cellSpacing=0 cellPadding=0 width="100%" border=0><TBODY><TR><TD background=http://images.mcafee.com/common/dash_horizontal_1x3.gif></TD></TR></TBODY></TABLE></TD><TD><TABLE cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD></TD></TR><TR><TD background=http://images.mcafee.com/common/dash_vertical_1x3.gif></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR><TR><TD><TABLE cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD width=1 background=http://images.mcafee.com/common/dash_vertical_1x3.gif></TD><TD style="PADDING-RIGHT: 5px; PADDING-LEFT: 5px; PADDING-BOTTOM: 5px; PADDING-TOP: 5px"><TABLE cellSpacing=0 cellPadding=5 border=0><TBODY><TR><TD id=idUpsellVSO>VirusScan
With daily automatic updates, always-on protection and e-mail scanning, McAfee VirusScan detects, blocks, and removes viruses, spyware, mass-mailing worms, Trojans, and other possible threats.</TD></TR><TR><TD id=idUpsellVSOBuy>
$34.99 (USD)—that's $5 off the regular price of $39.99</TD></TR></TBODY></TABLE></TD><TD width=1 background=http://images.mcafee.com/common/dash_vertical_1x3.gif></TD></TR></TBODY></TABLE></TD></TR><TR><TD background=http://images.mcafee.com/common/dash_horizontal_1x3.gif></TD></TR></TBODY></TABLE>
<INPUT type=hidden value=PrcViewer name=searchstring> <INPUT type=hidden value=Select_Type name=virusType> <INPUT type=hidden value=yes name=enter>
McAfee FreeScan has detected 3 files on your computer!
Your personal information might be vulnerable to exposure or corruption.
Your computer might transmit possible threats to friends, family, and co-workers.
Get immediate protection with McAfee VirusScan. Buy Now! Learn More...
Important: If you disabled your anti-virus software, please re-enable it now.
Scan Location
Drive C My Documents Windows Files
Scan Status
Files Scanned: 76662
Files Detected: 3
Information: Scanning completed!
List of Detected Files
File Name Threat Name
C:\Documents and Settings\...\Process.exe PrcViewer
C:\secure32.html StartPage-IH
C:\WINDOWS\secure32.html StartPage-IH
Recommended Security Solution
VirusScan
With daily automatic updates, always-on protection and e-mail scanning, McAfee VirusScan detects, blocks, and removes viruses, spyware, mass-mailing worms, Trojans, and other possible threats.
$34.99 (USD)—that's $5 off the regular price of $39.99
McAfee FreeScan has detected 3 files on your computer!
Your personal information might be vulnerable to exposure or corruption.
Your computer might transmit possible threats to friends, family, and co-workers.
Get immediate protection with McAfee VirusScan. Buy Now! Learn More...
Important: If you disabled your anti-virus software, please re-enable it now.
Scan Location
Drive C My Documents Windows Files
Scan Status
Files Scanned: 76662
Files Detected: 3
Information: Scanning completed!
List of Detected Files
File Name Threat Name
C:\Documents and Settings\...\Process.exe PrcViewer
C:\secure32.html StartPage-IH
C:\WINDOWS\secure32.html StartPage-IH
Recommended Security Solution
VirusScan
With daily automatic updates, always-on protection and e-mail scanning, McAfee VirusScan detects, blocks, and removes viruses, spyware, mass-mailing worms, Trojans, and other possible threats.
$34.99 (USD)—that's $5 off the regular price of $39.99
Logfile of HijackThis v1.99.1
Scan saved at 0:02:32, on 28-12-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printra y.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl-be\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printra y.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe"
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...57/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\ktlsl7371.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
van ewido heb ik geen knop bewaar rapport gevonden!
het is nog niet 100%,hopelijk help je verder!
Paul
-
28 December 2005, 01:27 #5Erelid
- Geregistreerd
- 10 May 2005
- Locatie
- West-Vlaanderen
- Berichten
- 5.852
- Bedankjes
- 90
- Bedankt
- 800 keer in 736 posts
Re: dringend!
en de rest van de logjes? smitrem en panda?
BTW laat gelieve die McAfee achterwege tijdens de fix aub
Member of ASAP
-
3 January 2006, 11:48 #6Gevorderd
- Geregistreerd
- 10 May 2005
- Locatie
- Oost-Vlaanderen
- Berichten
- 169
- Bedankjes
- 126
- Bedankt
- 48 keer in 31 posts
Re: dringend!
jurgenv,
probleem opgelost,deze topic mag dicht!
Paul
-
5 January 2006, 01:46 #7Erelid
- Geregistreerd
- 10 May 2005
- Locatie
- West-Vlaanderen
- Berichten
- 5.852
- Bedankjes
- 90
- Bedankt
- 800 keer in 736 posts
Re: dringend!
ok...
Member of ASAP
-
De volgende gebruiker bedankt jurgenv voor deze nuttige post:
roos paul ( 7 January 2006)
Discussie informatie
Users Browsing this Thread
Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)
Soortgelijke discussies
-
geluidskaart dringend !!
Door nojs in forum PC-randapparatuur en andere PC-hardwareReacties: 9Laatste bericht: 17 January 2006, 12:15 -
dringend vraagje
Door pasterke in forum InternetReacties: 19Laatste bericht: 11 October 2005, 13:03 -
dringend vraagje
Door DJ Nike in forum InternetReacties: 16Laatste bericht: 26 September 2005, 22:16
Regels voor berichten
- Copyright © 2004 - 2019, Minatica.be
-
Powered by vBulletin®, versie 4.2.2
Copyright © 2024 vBulletin Solutions, Inc. - Design door Gert Bangels
Favorieten/bladwijzers