Weergegeven resultaten: 1 t/m 8 van 8

Discussie: hijack this log

  1. 27 July 2005, 14:09 #1
    duifhuis
    Gast

    hijack this log

    hoi dit is de log van mijn broertje's pc t is een warreboel amai kan iemand helpen aub er staat een hoop rommel op
    alvast merci
    groeten
    duifhuis

    Logfile of HijackThis v1.99.1
    Scan saved at 13:49:18, on 27.07.2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\System32\run.exe
    C:\windows\mspaint.exe
    C:\winfw.exe
    C:\reg.exe
    C:\Program Files\ICQLite\ICQLite.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\kn lwrap.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iK ernel.exe
    C:\WINDOWS\system32\netke.exe
    C:\Program Files\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
    C:\Program Files\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
    C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\system32\cric.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\Rar$EX00.000\Hi jackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Class - {4A8FA403-6D03-3DF6-B04E-8F3E905BDA8C} - C:\WINDOWS\system32\apirr32.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Windows] run.exe
    O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\windows\mspaint.exe
    O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
    O4 - HKLM\..\Run: [eTunnel] C:\winfw.exe
    O4 - HKLM\..\Run: [REGRUN] C:\reg.exe
    O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\Run: [netke.exe] C:\WINDOWS\system32\netke.exe
    O4 - HKLM\..\RunServices: [Windows] run.exe
    O4 - HKLM\..\RunServices: [Windows Update Manager] C:\WINDOWS\wupdate.exe
    O4 - HKLM\..\RunOnce: [cric.exe] C:\WINDOWS\system32\cric.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [SSS5] "C:\Program Files\Steganos Security Suite 5\steganos5.exe" /booting
    O4 - HKCU\..\Run: [SSS5SAFE] "C:\Program Files\Steganos Security Suite 5\safe.exe" /booting
    O4 - HKCU\..\Run: [SSS5SPM] "C:\Program Files\Steganos Security Suite 5\spm.exe" /booting
    O4 - HKCU\..\Run: [T-Online_Software_5\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O4 - Startup: T-Online 5.0.lnk = C:\Program Files\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
    O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62...ridge-c139.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/...s/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095686654648
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.communities.msn.com/contro...UC/MsnUpld.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab31267.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/.../Installer.exe
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents...1/imloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8B168ED3-8437-41E2-A4EB-115B14AD31DE}: NameServer = 217.237.150.33 217.237.151.161
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  2. 28 July 2005, 16:57 #2
    jurgenv
    jurgenv is offline
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.887
    Bedankjes
    100
    Bedankt
    901 keer in 829 posts

    Re: hijack this log

    * Je hebt HijackThis in een tijdelijke map staan.
    Voor je verder gaat moet je dit in een vaste map zetten.
    vb in C:\Program Files\HijackThis\HijackThis.exe

    * Download CWShredder.
    Plaats het op een plaats waar je het snel terugvindt.
    Nog niet laten runnen!

    * Download about:Buster:
    http://www.malwarebytes.biz/AboutBuster5.zip
    Unzip het naar een eigen map.
    Start about:Buster en klik op "Update" om de eventuele updates binnen te halen.
    Scan nog niet met about:Buster, alleen even updaten.

    * Download, installeer en update de free trial versie van Ewido Security Suite

    • Tijdens de installatie, onder "Additional Options", haal je de vinkjes weg bij "Install background guard" en "Install scan via context menu".
    • Als je Ewido voor de eerste keer runt, zal je een foutmelding krijgen "Database could not be found!". Klik dan op OK. Dit is normaal.
    • In het hoofdscherm van Ewido, klik je op update in het linker menu, en vervolgens op de Start update knop.
    • Als de updates gedaan zijn, zal er op de status bar beneden "Update successful" staan.
    • Sluit Ewido. Laat het nog niet scannen


    * Download en installeer CCleaner
    Nog niet gebruiken!

    * Zorg ervoor dat je verborgen mappen en bestanden weergegeven zijn.
    Ga naar Start en klik op Deze computer.
    In de menubalk selecteer je Extra en dan Mapopties.
    Selecteer de tab Weergave.
    Bij Verborgen bestanden en mappen selecteer je Verborgen bestanden en mappen weergeven.
    Bij Bestanden en mappen haal je het vinkje weg bij: Beveiligde besturingssysteembestanden verbergen (aanbevolen).
    Klik op Ja om dit te bevestigen.
    Klik op OK.

    * start je pc in veilige modus, hoe start ik mijn pc in veilige modus?

    * open hijackthis en vink volgende regels aan indien aanwezig:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32
    R3 - Default URLSearchHook is missing
    O2 - BHO: Class - {4A8FA403-6D03-3DF6-B04E-8F3E905BDA8C} - C:\WINDOWS\system32\apirr32.dll
    O4 - HKLM\..\Run: [Windows] run.exe
    4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\windows\mspaint.exe
    O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
    O4 - HKLM\..\Run: [eTunnel] C:\winfw.exe
    O4 - HKLM\..\Run: [REGRUN] C:\reg.exe
    O4 - HKLM\..\RunServices: [Windows] run.exe
    O4 - HKLM\..\RunServices: [Windows Update Manager] C:\WINDOWS\wupdate.exe
    O4 - HKLM\..\RunOnce: [cric.exe] C:\WINDOWS\system32\cric.exe
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6...Bridge-c139.cab

    * sluit dan alle vensters behalve hijackthis en klik op 'fixed checked'

    * verwijder vogende bestanden indien aanwezig:

    C:\WINDOWS\system32\apirr32.dll <== dit bestand
    C:\WINDOWS\System32\run.exe <== dit bestand
    C:\windows\mspaint.exe <== dit bestand
    C:\winfw.exe <== dit bestand
    C:\reg.exe <== dit bestand
    C:\WINDOWS\wupdate.exe <== dit bestand
    C:\WINDOWS\system32\cric.exe <== dit bestand

    * Start CWShredder en klik op FIX

    * Open Ewido Security Suite
    • klik op Scanner
    • Klik op complete system scan
    • Laat het programma je pc scannen
    Tijdens de scan zal je gevraagd worden of je gevonden bestanden wil verwijderen. Klik dan op OK
    Als de scan beëindigd is, zal je een knop zienBewaar rapport
    • Klik op Bewaar rapport
    • Sla het rapport op op je bureaublad
    • Sluit Ewido af


    * Start about:Buster.
    Klik op "Begin Removal".
    Als about:Buster klaar is, laat je het nog een tweede keer scannen.

    * Start CCleaner en klik op Ccleaner opstarten (onderaan rechts)

    * Reboot je pc terug naar normale mode.

    * Post een nieuw hijackthislogje + het logje van aboutbuster, Je vindt dit log (AB logfile.txt) in de map van waaruit about:Buster draait.

    Member of ASAP
  3. 29 July 2005, 17:31 #3
    duifhuis
    Gast

    Re: hijack this log

    hehe t is klaar dit is de nieuwe log:
    Logfile of HijackThis v1.99.0
    Scan saved at 17:10:43, on 29.07.2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ICQLite\ICQLite.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
    C:\Program Files\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
    C:\Program Files\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
    C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\downloads\wimpi\EMERGENCY REPAIR\Hijack This\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\windows\mspaint.exe
    O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\Run: [netke.exe] C:\WINDOWS\system32\netke.exe
    O4 - HKLM\..\Run: [Windows] run.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [SSS5] "C:\Program Files\Steganos Security Suite 5\steganos5.exe" /booting
    O4 - HKCU\..\Run: [SSS5SAFE] "C:\Program Files\Steganos Security Suite 5\safe.exe" /booting
    O4 - HKCU\..\Run: [SSS5SPM] "C:\Program Files\Steganos Security Suite 5\spm.exe" /booting
    O4 - HKCU\..\Run: [T-Online_Software_5\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O4 - Startup: T-Online 5.0.lnk = C:\Program Files\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
    O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62...ridge-c139.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/...s/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095686654648
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.communities.msn.com/contro...UC/MsnUpld.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab31267.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/.../Installer.exe
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents...1/imloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8B168ED3-8437-41E2-A4EB-115B14AD31DE}: NameServer = 217.237.150.33 217.237.151.161
    O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\system32\cric.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    en van aboutbuster:
    AboutBuster 5.0 reference file 31
    Scan started on [29.07.2005] at [16:58:49]
    ------------------------------------------------
    Removed Stream! C:\WINDOWS\ahrbl.txt:cxczdf
    Removed Stream! C:\WINDOWS\asym.ini:ciouyp
    Removed Stream! C:\WINDOWS\avazj.txt:myuexq
    Removed Stream! C:\WINDOWS\BisDNBg.dat:ujyztz
    Removed Stream! C:\WINDOWS\bmgwg.dat:fynjaa
    Removed Stream! C:\WINDOWS\bound.bmp:oqdyei
    Removed Stream! C:\WINDOWS\brtap.txt:flkkpm
    Removed Stream! C:\WINDOWS\casyg.txt:kbpezk
    Removed Stream! C:\WINDOWS\cdplayer.ini:lsvwda
    Removed Stream! C:\WINDOWS\control.ini:dcirtm
    Removed Stream! C:\WINDOWS\cykni.dat:ntdich
    Removed Stream! C:\WINDOWS\dbmzb.dat:gponsv
    Removed Stream! C:\WINDOWS\desktop.ini:dtgbxl
    Removed Stream! C:\WINDOWS\desktop.ini:gqwdyk
    Removed Stream! C:\WINDOWS\disney.ini:zhgsmf
    Removed Stream! C:\WINDOWS\disneysy.ini:wuyhzn
    Removed Stream! C:\WINDOWS\disneysy.ini:zrgisv
    Removed Stream! C:\WINDOWS\elehs.txt:ujqngu
    Removed Stream! C:\WINDOWS\eopba.dat:jjkdis
    Removed Stream! C:\WINDOWS\eqhxn.dat:mkjtax
    Removed Stream! C:\WINDOWS\eReg.dat:rszwuf
    Removed Stream! C:\WINDOWS\eugln.txt:ckcqkc
    Removed Stream! C:\WINDOWS\eyzye.txtlmlxr
    Removed Stream! C:\WINDOWS\gamestng.reg:mnlhzs
    Removed Stream! C:\WINDOWS\grtvm.dat:foemud
    Removed Stream! C:\WINDOWS\hegames.ini:abhada
    Removed Stream! C:\WINDOWS\jqtlw.txt:wipqgb
    Removed Stream! C:\WINDOWS\LVMMail.INI:lckttg
    Removed Stream! C:\WINDOWS\MF_C420.lfa:ddvgvq
    Removed Stream! C:\WINDOWS\MF_C425.lfa:rygkqw
    Removed Stream! C:\WINDOWS\ModemLog_Standaardmodem (19200 bps).txt:kzqqtg
    Removed Stream! C:\WINDOWS\n_awrvnp.dat:lkcdw
    Removed Stream! C:\WINDOWS\ODBCINST.INI:ujnyfi
    Removed Stream! C:\WINDOWS\ohdka.dat:ysrnwe
    Removed Stream! C:\WINDOWS\onwzi.txt:qlbxhm
    Removed Stream! C:\WINDOWS\ovtrk.dat:qtkszo
    Removed Stream! C:\WINDOWS\papil.dat:yvxzbo
    Removed Stream! C:\WINDOWS\Patroon.bmp:ienavx
    Removed Stream! C:\WINDOWS\prpam.dat:juuxtr
    Removed Stream! C:\WINDOWS\qbotu.txt:rwpedq
    Removed Stream! C:\WINDOWS\qcmxg.dat:afffqi
    Removed Stream! C:\WINDOWS\qrnrx.txt:uojfuq
    Removed Stream! C:\WINDOWS\qsfng.dat:jxijyb
    Removed Stream! C:\WINDOWS\REGLOCS.OLD:cxtxal
    Removed Stream! C:\WINDOWS\REGLOCS.OLD:npbtwb
    Removed Stream! C:\WINDOWS\Rhododendron.bmp:tgyssk
    Removed Stream! C:\WINDOWS\rpsxy.dat:ximyrd
    Removed Stream! C:\WINDOWS\Rtcw.INI:lauoxr
    Removed Stream! C:\WINDOWS\Rtcw.INI:lgiymu
    Removed Stream! C:\WINDOWS\run.cxq:arbvlv
    Removed Stream! C:\WINDOWS\rzrkg.dat:yakktf
    Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:lvuaxq
    Removed Stream! C:\WINDOWS\shop.ico:ewefra
    Removed Stream! C:\WINDOWS\shop.ico:symkro
    Removed Stream! C:\WINDOWS\shop.ico:wcyyte
    Removed Stream! C:\WINDOWS\SIERRA.INI:bbnuqa
    Removed Stream! C:\WINDOWS\Sof2.INI:dtmfhh
    Removed Stream! C:\WINDOWS\Sof2.INI:lucxpn
    Removed Stream! C:\WINDOWS\Sof2.INImcigw
    Removed Stream! C:\WINDOWS\start.reg:odqmoo
    Removed Stream! C:\WINDOWS\start.reg:wxxktl
    Removed Stream! C:\WINDOWS\Stekkie.bmp:afewko
    Removed Stream! C:\WINDOWS\Sti_Trace.log:dvucjq
    Removed Stream! C:\WINDOWS\Sti_Trace.log:osqqks
    Removed Stream! C:\WINDOWS\system.ini:mcqnmn
    Removed Stream! C:\WINDOWS\tb50.ini:sfpcmz
    Removed Stream! C:\WINDOWS\Thumbs.db:vaiiil
    Removed Stream! C:\WINDOWS\Thumbs.db:wvnida
    Removed Stream! C:\WINDOWS\tiscali_it_2.ico:oezlrd
    Removed Stream! C:\WINDOWS\TMPCPYIS.BAT:lgihgb
    Removed Stream! C:\WINDOWS\TMPDELIS.BAT:eawibk
    Removed Stream! C:\WINDOWS\TMPDELIS.BAT:qkixof
    Removed Stream! C:\WINDOWS\tzzek.txt:csghjl
    Removed Stream! C:\WINDOWS\ulnis.txt:wbpovv
    Removed Stream! C:\WINDOWS\utzzo.txt:vszmmv
    Removed Stream! C:\WINDOWS\vb.ini:gwrqtg
    Removed Stream! C:\WINDOWS\vb.ini:ljyohv
    Removed Stream! C:\WINDOWS\vb.ini:ochbyf
    Removed Stream! C:\WINDOWS\vb.ini:vpaztg
    Removed Stream! C:\WINDOWS\vdgwwin.ini:bltqka
    Removed Stream! C:\WINDOWS\vxwxz.dat:scpmqf
    Removed Stream! C:\WINDOWS\wiaservc.log:ekicby
    Removed Stream! C:\WINDOWS\wiaservc.log:zdkmus
    Removed Stream! C:\WINDOWS\win.ini:ldirli
    Removed Stream! C:\WINDOWS\Winamp.ini:yucxii
    Removed Stream! C:\WINDOWS\winampa.ini:grmjqb
    Removed Stream! C:\WINDOWS\WindowsUpdate.log:dvbfns
    Removed Stream! C:\WINDOWS\winnt.bmpltmxt
    Removed Stream! C:\WINDOWS\winnt256.bmp:mkltqf
    Removed Stream! C:\WINDOWS\WINSTART.BAT:vwlkhc
    Removed Stream! C:\WINDOWS\wmprfNLD.prx:isedrw
    Removed Stream! C:\WINDOWS\WMSysPr9.prx:elehsi
    Removed Stream! C:\WINDOWS\wnhqw.txt:btxily
    Removed Stream! C:\WINDOWS\wywvc.txt:bywtlo
    Removed Stream! C:\WINDOWS\xtfxq.txt:tuqvnj
    Removed Stream! C:\WINDOWS\Zapotec.bmp:mnabht
    Removed Stream! C:\WINDOWS\Zeepbellen.bmp:buzqrl
    Removed Stream! C:\WINDOWS\Zeepbellen.bmp:dgazeo
    Removed Stream! C:\WINDOWS\Zeepbellen.bmp:zlfrcr
    Removed Stream! C:\WINDOWS\_default.pif:fcgrks
    Removed Stream! C:\WINDOWS\_default.pif:uypyfq
    Removed Stream! C:\WINDOWS\_delis32.ini:abjwha
    Removed Stream! C:\WINDOWS\_delis32.ini:agaisf
    ------------------------------------------------
    Removed File! : C:\Windows\abewt.dat
    Removed File! : C:\Windows\btiyd.dat
    Removed File! : C:\Windows\cyhom.dat
    Removed File! : C:\Windows\cykni.dat
    Removed File! : C:\Windows\eopba.dat
    Removed File! : C:\Windows\fmisd.dat
    Removed File! : C:\Windows\grtvm.dat
    Removed File! : C:\Windows\houle.dat
    Removed File! : C:\Windows\kjcal.dat
    Removed File! : C:\Windows\kjhfw.dat
    Removed File! : C:\Windows\lawnz.dat
    Removed File! : C:\Windows\lryni.dat
    Removed File! : C:\Windows\ohdka.dat
    Removed File! : C:\Windows\prpam.dat
    Removed File! : C:\Windows\pxals.dat
    Removed File! : C:\Windows\qcmxg.dat
    Removed File! : C:\Windows\qfkxo.dat
    Removed File! : C:\Windows\qkveo.dat
    Removed File! : C:\Windows\qxghd.dat
    Removed File! : C:\Windows\smlyd.dat
    Removed File! : C:\Windows\vxwxz.dat
    Removed File! : C:\Windows\wxknw.dat
    Removed File! : C:\Windows\System32\cbzoj.dat
    Removed File! : C:\Windows\System32\clvuv.dat
    Removed File! : C:\Windows\System32\dlzqq.dat
    Removed File! : C:\Windows\System32\dutgs.dat
    Removed File! : C:\Windows\System32\enlhr.dat
    Removed File! : C:\Windows\System32\gaijx.dat
    Removed File! : C:\Windows\System32\iqvuu.dat
    Removed File! : C:\Windows\System32\isgws.dat
    Removed File! : C:\Windows\System32\jjhdo.dat
    Removed File! : C:\Windows\System32\ktvbd.dat
    Removed File! : C:\Windows\System32\mbhvt.dat
    Removed File! : C:\Windows\System32\nbxff.dat
    Removed File! : C:\Windows\System32\piblw.dat
    Removed File! : C:\Windows\System32\ruofe.dat
    Removed File! : C:\Windows\System32\tcedf.dat
    Removed File! : C:\Windows\System32\zastb.dat
    Removed File! : C:\Windows\System32\zqrio.dat
    ------------------------------------------------
    Scan was COMPLETED SUCCESSFULLY at 17:00:54

    AboutBuster 5.0 reference file 31
    Scan started on [29.07.2005] at [17:01:35]
    ------------------------------------------------
    Removed Stream! C:\WINDOWS\bmgwg.dat:nkrevj
    Removed Stream! C:\WINDOWS\brtap.txt:sbeyxz
    Removed Stream! C:\WINDOWS\eugln.txt:xktgch
    Removed Stream! C:\WINDOWS\eyzye.txt:umtcfi
    Removed Stream! C:\WINDOWS\Sof2.INI:wrxcqi
    Removed Stream! C:\WINDOWS\utzzo.txt:xmomms
    Removed Stream! C:\WINDOWS\winampa.ini:wlbhdi
    Removed Stream! C:\WINDOWS\_default.pif:wywfsc
    Removed Stream! C:\WINDOWS\_delis32.ini:awfgzt
    ------------------------------------------------
    No Files Found!
    ------------------------------------------------
    Scan was COMPLETED SUCCESSFULLY at 17:03:14

    k hoop dat t ok is nu
    zou k hier op pc geen
    firewall opzetten grtz wim
  4. 29 July 2005, 18:09 #4
    jurgenv
    jurgenv is offline
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.887
    Bedankjes
    100
    Bedankt
    901 keer in 829 posts

    Re: hijack this log

    * post je volgende log met versie 1.99.1 aub

    *
    • ga naar start==>uitvoeren==>typ: services.msc
    • zoek daar de service: Remote Procedure Call (RPC) Helper <== let op!! helper moet er wel degelijk bij staan!
    • dubbelklik op Remote Procedure Call (RPC) Helper
    • klik op 'stoppen'
    • kies de opstarttype: uitgeschakeld


    * open hijackthis en vink volgende regels aan indien aanwezig:

    O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\windows\mspaint.exe
    O4 - HKLM\..\Run: [netke.exe] C:\WINDOWS\system32\netke.exe
    O4 - HKLM\..\Run: [Windows] run.exe
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6...Bridge-c139.cab
    O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\system32\cric.exe (file missing)

    * sluit dan alle vensters behale hijackthis en klik op 'fix checked'

    * start je pc in veilige modus

    * verwijder volgende bestanden indien aanwezig:

    C:\WINDOWS\system32\netke.exe
    C:\WINDOWS\system32\run.exe
    C:\WINDOWS\system32\cric.exe
    C:\windows\mspaint.exe

    * start je pc weer normaal en post een nieuw logje

    Member of ASAP
  5. 29 July 2005, 22:23 #5
    duifhuis
    Gast

    Re: hijack this log

    dit is een nieuw logje
    maar O4 - HKLM\..\Run: [netke.exe] C:\WINDOWS\system32\netke.exe en O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\system32\cric.exe (file missing)
    heb ik er niet bij gevonden heb paar keer na gekeken

    nieuwe log:
    Logfile of HijackThis v1.99.1
    Scan saved at 22:02:30, on 29.07.2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ICQLite\ICQLite.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
    C:\Program Files\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
    C:\Program Files\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\downloads\wimpi\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = ftr-proxy.t-online.de:80
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [SSS5] "C:\Program Files\Steganos Security Suite 5\steganos5.exe" /booting
    O4 - HKCU\..\Run: [SSS5SAFE] "C:\Program Files\Steganos Security Suite 5\safe.exe" /booting
    O4 - HKCU\..\Run: [SSS5SPM] "C:\Program Files\Steganos Security Suite 5\spm.exe" /booting
    O4 - HKCU\..\Run: [T-Online_Software_5\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O4 - Startup: T-Online 5.0.lnk = C:\Program Files\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
    O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/...s/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095686654648
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.communities.msn.com/contro...UC/MsnUpld.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab31267.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/.../Installer.exe
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents...1/imloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

    marci
    groeten
  6. 29 July 2005, 23:10 #6
    jurgenv
    jurgenv is offline
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.887
    Bedankjes
    100
    Bedankt
    901 keer in 829 posts

    Re: hijack this log

    ziet er goed uit voer nu zeker het volgende zeker uit want je hebt zelfs SP1 nog niet geïnstalleerd!

    Nog een paar tips om problemen te voorkomen in de toekomst:

    Installeer alvast volgende GRATIS programmatjes:

    Spywareblaster
    Adaware se
    Spybot s&d


    Tijdens het surfen, klik niet overal klakkeloos op ja als je dit gevraagd wordt... doe dit enkel wanneer je het volledig vertrouwt.

    En kies eventueel een alternatieve browser zoals Opera of Firefox.

    En ik raad je ook aan om af en toe een online virusscan uit te voeren. housecall en/of Bitdefender. Want, wat de ene scanner niet kan vinden, kan een andere misschien wel.
    Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is!!

    En... geregeld eens een bezoekje brengen aan: http://windowsupdate.microsoft.com/

    Bekijk ook eens deze 2 filmpjes.. Heel interessant:
    http://www2.trosradar.nl/mediaplayer...&mode=dossier#
    http://www.benedelman.org/spyware/security-111804.wmv


    Meer preventietips zijn ook op volgende sites te vinden:

    http://www.bluemedicine.be
    http://users.telenet.be/marcvn/spyware
    How did I get infected in the first place (article by TonyKlein)
    Het voorkomen van spyware-infecties en browserhijacking

    Member of ASAP
  7. 30 July 2005, 11:56 #7
    duifhuis
    Gast

    Re: hijack this log

    merci voor de hulp
    k heb t mijn broertje laten lezen
    k hoop dat ze t nu snappen lol

    veel succes met jullie site
    t is de best!!!!!
    groeten
  8. 30 July 2005, 12:00 #8
    jurgenv
    jurgenv is offline
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.887
    Bedankjes
    100
    Bedankt
    901 keer in 829 posts

    Re: hijack this log

    graag gedaan

    Member of ASAP
« Vorige discussie | Volgende discussie »

Discussie informatie

Users Browsing this Thread

Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)

Soortgelijke discussies

  1. hijack log
    Door kenny geldof in forum HijackThis
    Reacties: 16
    Laatste bericht: 28 December 2005, 21:42
  2. hijack
    Door Whiteman in forum HijackThis
    Reacties: 5
    Laatste bericht: 26 August 2005, 16:27
  3. Help?? hijack this log
    Door dj_lunatic in forum HijackThis
    Reacties: 7
    Laatste bericht: 26 August 2005, 13:02
  4. Hijack This
    Door Prins Ives 1 in forum HijackThis
    Reacties: 8
    Laatste bericht: 20 July 2005, 23:20
  5. hijack this
    Door fr1jo in forum HijackThis
    Reacties: 13
    Laatste bericht: 11 July 2005, 16:34

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •  

Forumregels