ff checke a.ub.

Status
Niet open voor verdere reacties.
R

rondewoerd

Gebruiker
Lid geworden
16 mrt 2004
Berichten
16
wie wil mijn hi-jack log even nakijken?


Logfile of HijackThis v1.98.2
Scan saved at 17:05:13, on 21-10-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\etsxlg.exe
C:\Program Files\Webroot\Accelerate\accelerate2002.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\WINDOWS\explorer.exe
C:\Download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://WWW.GOOGLE.NL
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://WWW.GOOGLE.NL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Arrow Search - {1D9B10E0-E90C-11D7-A399-B7BAC8911A3F} - C:\PROGRA~1\ARROWS~1\Toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [lxahmezyfyvy] C:\WINDOWS\System32\etsxlg.exe
O4 - HKLM\..\Run: [Accelerate2002] C:\Program Files\Webroot\Accelerate\accelerate2002.exe /S
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Search - {44E30860-AA0B-11d6-A399-A14EAA64353F} - C:\Program Files\Arrow Search\Arrow Search.exe
O9 - Extra button: (no name) - {44E30861-AA0B-11d6-A399-A14EAA64353F} - C:\Program Files\Arrow Search\Arrow Search.exe
O9 - Extra 'Tools' menuitem: Search with Arrow Search - {44E30861-AA0B-11d6-A399-A14EAA64353F} - C:\Program Files\Arrow Search\Arrow Search.exe
O9 - Extra button: (no name) - {44E30862-AA0B-11d6-A399-A14EAA64353F} - C:\Program Files\Arrow Search\Arrow Search.exe
O9 - Extra 'Tools' menuitem: Search with Arrow Search - {44E30862-AA0B-11d6-A399-A14EAA64353F} - C:\Program Files\Arrow Search\Arrow Search.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

:confused: :confused: :confused: :thumb:
 
Geplaatst door rondewoerd

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll

O4 - HKLM\..\Run: [lxahmezyfyvy] C:\WINDOWS\System32\etsxlg.exe
Klik om te vergroten...


Hoi,

Welke versie van Internet Explorer gebruik jij? Je kunt dat zien door in Internet Explorer te klikken op Help -> Info. Kopieer wat daar achter "Versie:" staat en plak dat hier in je volgende bericht.


1. Scan met HijackThis, vink de bovenstaande items (zie quote) aan, sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Herstart de pc in veilige modus.
Mocht je niet weten hoe dat moet, kijk dan hier even: http://www.virushelp.nl/veilige_modus.htm

Zorg ervoor dat verborgen bestanden en mappen worden weergegeven.
Hier kun je lezen hoe dat moet: http://users.telenet.be/marcvn/spyware/1117602.htm

Verwijder nu, in veilige modus dus, het volgende bestand:

C:\WINDOWS\System32\etsxlg.exe <- dat bestand

3. Herstart de pc in 'normale modus'.

4. Maak een nieuw log en plaats dat hier. Vertel dan ook of je ArrowSearch ook kwijt wilt of niet.
 
hallo,
alvast bedankt voor je snelle reaktie
mvg, rondewoerd
dit is de versie:6.02800.1106.xpsp.2.030422-1633
 
2e scan hijack

C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Webroot\Accelerate\accelerate2002.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://WWW.GOOGLE.NL
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://WWW.GOOGLE.NL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Arrow Search - {1D9B10E0-E90C-11D7-A399-B7BAC8911A3F} - C:\PROGRA~1\ARROWS~1\Toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Accelerate2002] C:\Program Files\Webroot\Accelerate\accelerate2002.exe /S
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Search - {44E30860-AA0B-11d6-A399-A14EAA64353F} - C:\Program Files\Arrow Search\Arrow Search.exe
O9 - Extra button: (no name) - {44E30861-AA0B-11d6-A399-A14EAA64353F} - C:\Program Files\Arrow Search\Arrow Search.exe
O9 - Extra 'Tools' menuitem: Search with Arrow Search - {44E30861-AA0B-11d6-A399-A14EAA64353F} - C:\Program Files\Arrow Search\Arrow Search.exe
O9 - Extra button: (no name) - {44E30862-AA0B-11d6-A399-A14EAA64353F} - C:\Program Files\Arrow Search\Arrow Search.exe
O9 - Extra 'Tools' menuitem: Search with Arrow Search - {44E30862-AA0B-11d6-A399-A14EAA64353F} - C:\Program Files\Arrow Search\Arrow Search.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

mvg,
rondewoerd
 
1. Dat log is niet volledig, je hebt de header weggelaten.

2. Je verzuimt mijn vraag over ArrowSearch (zie punt 4 in mijn vorige antwoord) te beantwoorden.


Plaats dus het volledige log en beantwoord mijn vraag.
 
Okee, vergeet punt 2 uit mijn vorige antwoord. Maar plaats wel even een volledig log.
 
sorry Buffy,

bij deze hoop ik het beter (gelezen) te hebben gedaan
en Arrow Search mag weg
mvg,
rondewoerd

Logfile of HijackThis v1.98.2
Scan saved at 22:15:13, on 21-10-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Webroot\Accelerate\accelerate2002.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://WWW.GOOGLE.NL
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://WWW.GOOGLE.NL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Arrow Search - {1D9B10E0-E90C-11D7-A399-B7BAC8911A3F} - C:\PROGRA~1\ARROWS~1\Toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Accelerate2002] C:\Program Files\Webroot\Accelerate\accelerate2002.exe /S
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Search - {44E30860-AA0B-11d6-A399-A14EAA64353F} - C:\Program Files\Arrow Search\Arrow Search.exe
O9 - Extra button: (no name) - {44E30861-AA0B-11d6-A399-A14EAA64353F} - C:\Program Files\Arrow Search\Arrow Search.exe
O9 - Extra 'Tools' menuitem: Search with Arrow Search - {44E30861-AA0B-11d6-A399-A14EAA64353F} - C:\Program Files\Arrow Search\Arrow Search.exe
O9 - Extra button: (no name) - {44E30862-AA0B-11d6-A399-A14EAA64353F} - C:\Program Files\Arrow Search\Arrow Search.exe
O9 - Extra 'Tools' menuitem: Search with Arrow Search - {44E30862-AA0B-11d6-A399-A14EAA64353F} - C:\Program Files\Arrow Search\Arrow Search.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
 
Geplaatst door rondewoerd

O3 - Toolbar: Arrow Search - {1D9B10E0-E90C-11D7-A399-B7BAC8911A3F} - C:\PROGRA~1\ARROWS~1\Toolbar.dll

O9 - Extra button: Search - {44E30860-AA0B-11d6-A399-A14EAA64353F} - C:\Program Files\Arrow Search\Arrow Search.exe
O9 - Extra button: (no name) - {44E30861-AA0B-11d6-A399-A14EAA64353F} - C:\Program Files\Arrow Search\Arrow Search.exe
O9 - Extra 'Tools' menuitem: Search with Arrow Search - {44E30861-AA0B-11d6-A399-A14EAA64353F} - C:\Program Files\Arrow Search\Arrow Search.exe
O9 - Extra button: (no name) - {44E30862-AA0B-11d6-A399-A14EAA64353F} - C:\Program Files\Arrow Search\Arrow Search.exe
O9 - Extra 'Tools' menuitem: Search with Arrow Search - {44E30862-AA0B-11d6-A399-A14EAA64353F} - C:\Program Files\Arrow Search\Arrow Search.exe
Klik om te vergroten...



1. Scan met HijackThis, vink de bovenstaande items (zie quote) aan, sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Herstart de pc in veilige modus en verwijder de map:

C:\Program Files\Arrow Search

3. Herstart de pc in 'normale modus'.
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan