een logje!!

Status
Niet open voor verdere reacties.
okijoki

okijoki

Gebruiker
Lid geworden
9 apr 2001
Berichten
761
Adaware!!

Logfile of HijackThis v1.98.2
Scan saved at 12:35:26, on 9-11-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\Adult_Playut.exe
C:\WINDOWS\repair\pcexp.exe
C:\WINDOWS\system32\mmgr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/MStart2Page/Portal/portal.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.defaultsearch.com/search/69E3ECB948C14E1F8A3503F1F7690EF6/1033/ie/searchba.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStart2Page/Portal/portal.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\IEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {9B42C82A-15E0-4E9F-ABFC-E99391210CF1} - C:\WINDOWS\lbbho.dll
O2 - BHO: (no name) - {ACB3E0B7-7D0C-40B7-99B3-3EEACDF86BFB} - C:\WINDOWS\mslagent\4b_1,0,1,1_mslagent.dll (file missing)
O2 - BHO: Saristar - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE50} - C:\WINDOWS\System32\saristar.dll
O2 - BHO: CATLEvents Object - {ED5ABC42-8E4F-4C39-9972-F0CF619D672F} - C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\pxecp.dat
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PowerQuest Startup Utility] C:\Program Files\PowerQuest\PartitionMagic4\UTILITY\MMOVER32\PQINIT.EXE
O4 - HKLM\..\Run: [lar] C:\WINDOWS\system32\llass.exe
O4 - HKLM\..\Run: [AEHKNRUXB] C:\WINDOWS\AEHKNRUXB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [KRYFM] C:\WINDOWS\KRYFM.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [*vbcmd] C:\WINDOWS\addins\vbcmd.exe
O4 - HKLM\..\Run: [*dnsav] C:\WINDOWS\Web\dnsav.exe
O4 - HKLM\..\Run: [Adult_Playut] C:\WINDOWS\Adult_Playut.exe
O4 - HKLM\..\Run: [*crmc] C:\WINDOWS\system32\3com_dmi\crmc.exe
O4 - HKLM\..\Run: [*regmsvc] C:\WINDOWS\Registration\regmsvc.exe
O4 - HKLM\..\Run: [*olewin] C:\WINDOWS\system\olewin.exe
O4 - HKLM\..\Run: [*crinet] C:\WINDOWS\AppPatch\crinet.exe
O4 - HKLM\..\Run: [*svrras] C:\WINDOWS\system\svrras.exe
O4 - HKLM\..\Run: [*aptapi] C:\WINDOWS\addins\aptapi.exe
O4 - HKLM\..\Run: [*ftpinet] C:\WINDOWS\addins\ftpinet.exe
O4 - HKLM\..\Run: [*kblib] C:\WINDOWS\Tasks\kblib.exe
O4 - HKLM\..\Run: [*docac] C:\WINDOWS\repair\docac.exe
O4 - HKLM\..\Run: [*psjava] C:\WINDOWS\Driver Cache\psjava.exe
O4 - HKLM\..\Run: [*accom] C:\WINDOWS\Tasks\accom.exe
O4 - HKLM\..\Run: [*rascom] C:\WINDOWS\Help\rascom.exe
O4 - HKLM\..\Run: [*abreula] C:\WINDOWS\Cursors\abreula.exe
O4 - HKLM\..\Run: [*inettcp] C:\WINDOWS\Help\Tours\inettcp.exe
O4 - HKLM\..\Run: [*sysdisk] C:\WINDOWS\Help\Tours\sysdisk.exe
O4 - HKLM\..\Run: [*wavewms] C:\WINDOWS\system\wavewms.exe
O4 - HKLM\..\Run: [*pcexp] C:\WINDOWS\repair\pcexp.exe
O4 - HKLM\..\Run: [OpenMstart] C:\WINDOWS\system32\mmgr32.exe
O4 - HKLM\..\RunServices: [lar] C:\WINDOWS\system32\llass.exe
O4 - HKLM\..\RunOnce: [*pcexp] C:\WINDOWS\repair\pcexp.exe rerun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\mslagent.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1014.dll,InstantAccess
O4 - HKCU\..\RunOnce: [*WinLogon] C:\WINDOWS\Web\smc.exe ren time:1099996716
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trust 730S LCD PowerC@M ZOOM Monitor.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1014_EN_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_4_EN_XP.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://asp02.photoprintit.de/microsite/5/defaults/activex/XUpload.ocx
 
VOOR dat je begint plaats je hijackthis.exe in een eigen map. Bij voorkeur c:\hijackthis.

Ga naar deze computer -> ga naar C:\ -> bestand -> nieuw -> map -> hernoem de map naar hijackthis -> plaats hijackthis.exe in die map!!!

Download de killbox: http://www.bleepingcomputer.com/files/spyware/KillBox.zip en unzip hem naar je bureaublad. Start hem en vink aan delete files on reboot Plak steeds onderstaande paths erin, controleer of de optie delete on reboot nog aanstaat en klik op het rode rondje met het kruisje, als hij vraagt om opnieuw op te starten klik je op no en voeg je het volgende item toe, na het laatste item moet je wel opnieuw opstarten.

  • C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\pxecp.dat
    C:\WINDOWS\addins\vbcmd.exe
    c:\windows\system32\hostx.exe
    C:\WINDOWS\Web\dnsav.exe
    C:\WINDOWS\system32\3com_dmi\crmc.exe
    C:\WINDOWS\Registration\regmsvc.exe
    C:\WINDOWS\system\olewin.exe
    C:\WINDOWS\AppPatch\crinet.exe
    C:\WINDOWS\system\svrras.exe
    C:\WINDOWS\addins\aptapi.exe
    C:\WINDOWS\addins\ftpinet.exe
    C:\WINDOWS\Tasks\kblib.exe
    C:\WINDOWS\repair\docac.exe
    C:\WINDOWS\Driver Cache\psjava.exe
    C:\WINDOWS\Tasks\accom.exe
    C:\WINDOWS\Help\rascom.exe
    C:\WINDOWS\Cursors\abreula.exe
    C:\WINDOWS\Help\Tours\inettcp.exe
    C:\WINDOWS\Help\Tours\sysdisk.exe
    C:\WINDOWS\system\wavewms.exe
    C:\WINDOWS\repair\pcexp.exe
    C:\WINDOWS\Web\smc.exe
Laat alle verborgen bestanden weergeven: http://users.pandora.be/marcvn/spyware/1117602.htm
Controleer of ze weg zijn, voer anders bovenstaande nog een keer uit op de bestanden die er nog zijn.

Download winsockxpfix gebruik het nog niet.

Als je dat gedaan hebt druk je op ctrl + alt + del en ga je naar het tabje processen, rechtsklik op onderstaande en vervolgens op proces beeindigen.
  • C:\WINDOWS\system32\mmgr32.exe

Ga naar start -> configuratiescherm -> software en deeinstaleer:
  • switch
    new.net
    new dot net

Start je hijackthis en vink je deze items aan:
  • R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/MStart2Page/Portal/portal.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStart2Page/Portal/portal.html
    O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\IEHelper.dll
    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
    O2 - BHO: C:\WINDOWS\lbbho.dll - {9B42C82A-15E0-4E9F-ABFC-E99391210CF1} - C:\WINDOWS\lbbho.dll
    O2 - BHO: (no name) - {ACB3E0B7-7D0C-40B7-99B3-3EEACDF86BFB} - C:\WINDOWS\mslagent\4b_1,0,1,1_mslagent.dll (file missing)
    O2 - BHO: Saristar - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE50} - C:\WINDOWS\System32\saristar.dll
    O2 - BHO: CATLEvents Object - {ED5ABC42-8E4F-4C39-9972-F0CF619D672F} - C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\pxecp.dat
    O4 - HKLM\..\Run: [lar] C:\WINDOWS\system32\llass.exe
    O4 - HKLM\..\Run: [AEHKNRUXB] C:\WINDOWS\AEHKNRUXB.exe
    O4 - HKLM\..\Run: [KRYFM] C:\WINDOWS\KRYFM.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [*vbcmd] C:\WINDOWS\addins\vbcmd.exe
    O4 - HKLM\..\Run: [*dnsav] C:\WINDOWS\Web\dnsav.exe
    O4 - HKLM\..\Run: [Adult_Playut] C:\WINDOWS\Adult_Playut.exe
    O4 - HKLM\..\Run: [*crmc] C:\WINDOWS\system32\3com_dmi\crmc.exe
    O4 - HKLM\..\Run: [*regmsvc] C:\WINDOWS\Registration\regmsvc.exe
    O4 - HKLM\..\Run: [*olewin] C:\WINDOWS\system\olewin.exe
    O4 - HKLM\..\Run: [*crinet] C:\WINDOWS\AppPatch\crinet.exe
    O4 - HKLM\..\Run: [*svrras] C:\WINDOWS\system\svrras.exe
    O4 - HKLM\..\Run: [*aptapi] C:\WINDOWS\addins\aptapi.exe
    O4 - HKLM\..\Run: [*ftpinet] C:\WINDOWS\addins\ftpinet.exe
    O4 - HKLM\..\Run: [*kblib] C:\WINDOWS\Tasks\kblib.exe
    O4 - HKLM\..\Run: [*docac] C:\WINDOWS\repair\docac.exe
    O4 - HKLM\..\Run: [*psjava] C:\WINDOWS\Driver Cache\psjava.exe
    O4 - HKLM\..\Run: [*accom] C:\WINDOWS\Tasks\accom.exe
    O4 - HKLM\..\Run: [*rascom] C:\WINDOWS\Help\rascom.exe
    O4 - HKLM\..\Run: [*abreula] C:\WINDOWS\Cursors\abreula.exe
    O4 - HKLM\..\Run: [*inettcp] C:\WINDOWS\Help\Tours\inettcp.exe
    O4 - HKLM\..\Run: [*sysdisk] C:\WINDOWS\Help\Tours\sysdisk.exe
    O4 - HKLM\..\Run: [*wavewms] C:\WINDOWS\system\wavewms.exe
    O4 - HKLM\..\Run: [*pcexp] C:\WINDOWS\repair\pcexp.exe
    O4 - HKLM\..\Run: [OpenMstart] C:\WINDOWS\system32\mmgr32.exe
    O4 - HKLM\..\RunServices: [lar] C:\WINDOWS\system32\llass.exe
    O4 - HKLM\..\RunOnce: [*pcexp] C:\WINDOWS\repair\pcexp.exe rerun
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1014.dll,InstantAccess
    O4 - HKCU\..\RunOnce: [*WinLogon] C:\WINDOWS\Web\smc.exe ren time:1099996716
Sluit alle vensters behalve hijackthis en klik op fix checked.

Draai winsockxpfix

Herstart in de veilige modus: http://users.pandora.be/marcvn/spyware/1378056.htm

Verwijder indien aanwezig:
  • C:/Program Files/MStart2Page <--- deze map
    C:\Program Files\NewDotNet <--- deze map
    C:\WINDOWS\system32\llass.exe <--- deze file
    C:\WINDOWS\AEHKNRUXB.exe <--- deze file
    C:\WINDOWS\KRYFM.exe <--- deze file
    C:\WINDOWS\system32\mmgr32.exe <--- deze file

Ga naar start -> uitvoeren -> tik in %temp% en maak de map die je voor je krijgt leeg maar gooi de map zelf NIET weg.

Herstart en plaats een nieuwe log.
 
Het duurt even, maar dat komt omdat het mijn eigen laptop niet is. Maar goed.

Wederom gescanned met AdAware:

Logfile of HijackThis v1.98.2
Scan saved at 15:04:25, on 17-11-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\addins\urlc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_explorer.exe
C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: CATLEvents Object - {870B70D4-F6DA-47AE-9158-D146440A0A4D} - C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\pctteni.dat
O2 - BHO: CATLEvents Object - {C69FA570-7FDE-4C49-A7BC-CB1CF24BE66B} - C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\clru.dat
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PowerQuest Startup Utility] C:\Program Files\PowerQuest\PartitionMagic4\UTILITY\MMOVER32\PQINIT.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [*urlc] C:\WINDOWS\addins\urlc.exe
O4 - HKLM\..\RunOnce: [*urlc] C:\WINDOWS\addins\urlc.exe rerun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\mslagent.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trust 730S LCD PowerC@M ZOOM Monitor.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1014_EN_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_4_EN_XP.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://asp02.photoprintit.de/microsite/5/defaults/activex/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C536260C-96F5-493F-88CC-317237C6E7CA}: NameServer = 194.134.5.55 194.134.0.97

Ik hoop dat je er weer iets mee kunt. Kon niet alle handelingen doen die je gezegd hebt.:confused:
 
Zet hijackthis eerst eens in een eigen map!!! Hijackthis.exe dus en niet hijackthis.zip)

Voeg deze files weer in de killbox waarbij je weer delete on reboot aanvinkt en daarna op het rode rondje met het kruisje klikt, als hij vraagt om te rebooten klik je op no.
  • C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\pctteni.dat
    C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\clru.dat
    C:\WINDOWS\addins\urlc.exe
    c:\windows\system32\hostx.exe
(zorg wel even dat je er zelf goede paths van maakt die ~1 betekent meestal dat de naam nog niet compleet is.

Als je dit gedaan hebt dan herstart je de pc,

Scan nog een keer met hijackthis en vink deze regels aan:
  • R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = about :blank
    O2 - BHO: CATLEvents Object - {870B70D4-F6DA-47AE-9158-D146440A0A4D} - C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\pctteni.dat
    O2 - BHO: CATLEvents Object - {C69FA570-7FDE-4C49-A7BC-CB1CF24BE66B} - C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\clru.dat
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [*urlc] C:\WINDOWS\addins\urlc.exe
    O4 - HKLM\..\RunOnce: [*urlc] C:\WINDOWS\addins\urlc.exe rerun
Sluit ALLE vensters en klik op fix checked.

Herstart in veilige modus, laat alle bestanden weergeven en verwijder:
  • C:\PROGRA~1\NEWDOT~1 <--- map

Herstart en plaats een nieuwe log, liefst die log zo snel mogelijk.
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan