Hijack

Badjas · 15 sep 2004

Hallo,

IK blijf last houden van popup screens en ze worden behorend irritant. Paar maal gescan met de allerlaatste versie van ad-aware maar hij vindt niets meer maar blijft popups geven.

Hierbij mijn log: wie kan me helpen?

Logfile of HijackThis v1.98.2
Scan saved at 15:11:50, on 15-9-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\atiptaxx.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\WINNT\system32\IEHost.exe
C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE
C:\WINNT\system32\pcs\pcsvc.exe
C:\WINNT\system32\auxlwb14.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Psion\PsiWin\Psconsv.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
C:\PROGRA~1\Psion\PsiWin\Elogerr.exe
C:\WINNT\MS\SMS\CORE\BIN\Launch32.exe
C:\Documents and Settings\RoHuisman\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.logicacmg.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.logicacmg.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 145.26.106.211:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Helper Class - {451650B0-444B-11d2-BEB9-00600892E26F} - C:\PROGRA~1\Invensys\CRM\Shared\AUIEHE~1.DLL
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\system32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\system32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\system32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [Synchro] Synchro.exe
O4 - HKLM\..\Run: [TVD_Update_Agent] C:\WINNT\System32\TVD_Update_Agent.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [BDASetOfficeTemplate] C:\PROGRA~1\Invensys\CRM\Shared\BDASetOfficeTemplate.exe
O4 - HKLM\..\Run: [Bakra] C:\WINNT\system32\IEHost.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINNT\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [88ccccd4c459] C:\WINNT\system32\auxlwb14.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PsiWin 2.3 Connection Server.lnk = C:\Program Files\Psion\PsiWin\Psconsv.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.logicacmg.com/
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://portal.logicacmg.nl/Citrix/ICAWEB/en/ica32/wficac.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://lara.global.logica.com/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab

Doeg doeg,

Rob

H@ns · 18 sep 2004

Nog steeds hulp nodig?

Badjas · 18 sep 2004

Ja, heel graag. Ik zie dat iedereen na mij hele goede tips krijg, en ik niet.

Badjas · 29 sep 2004

Help!!! Nog steeds geen antwoord!

buffy · 29 sep 2004

Hoi Badjas,

Wil je even een nieuw log maken en dat hier plaatsen?

Badjas · 29 sep 2004

OK:

Logfile of HijackThis v1.98.2
Scan saved at 10:59:03, on 29-9-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\WINNT\System32\TVD_Update_Agent.exe
C:\WINNT\system32\IEHost.exe
C:\WINNT\system32\pcs\pcsvc.exe
C:\WINNT\system32\auxlwb14.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Psion\PsiWin\Psconsv.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
C:\PROGRA~1\Psion\PsiWin\Elogerr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Psion\PsiWin\Prc32Eng.Exe
C:\Program Files\Psion\PsiWin\COPYANY.EXE
C:\Program Files\Psion\PsiWin\wprntsvr.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\RoHuisman\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.logicacmg.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.logicacmg.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 145.26.106.211:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Helper Class - {451650B0-444B-11d2-BEB9-00600892E26F} - C:\PROGRA~1\Invensys\CRM\Shared\AUIEHE~1.DLL
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\system32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\system32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\system32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [Synchro] Synchro.exe
O4 - HKLM\..\Run: [TVD_Update_Agent] C:\WINNT\System32\TVD_Update_Agent.exe
O4 - HKLM\..\Run: [BDASetOfficeTemplate] C:\PROGRA~1\Invensys\CRM\Shared\BDASetOfficeTemplate.exe
O4 - HKLM\..\Run: [Bakra] C:\WINNT\system32\IEHost.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINNT\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [88ccccd4c459] C:\WINNT\system32\auxlwb14.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PsiWin 2.3 Connection Server.lnk = C:\Program Files\Psion\PsiWin\Psconsv.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.logicacmg.com/
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://portal.logicacmg.nl/Citrix/ICAWEB/en/ica32/wficac.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://lara.global.logica.com/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab

buffy · 29 sep 2004

Geplaatst door Badjas

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32\SearchBar.htm

O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\system32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\system32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\system32\msbe.dll

O4 - HKLM\..\Run: [Bakra] C:\WINNT\system32\IEHost.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINNT\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [88ccccd4c459] C:\WINNT\system32\auxlwb14.exe

1. Scan met HijackThis, vink de bovenstaande items (zie quote) aan, sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Herstart de pc in veilige modus.
Mocht je niet weten hoe dat moet, kijk dan hier even: http://www.virushelp.nl/veilige_modus.htm

Zorg ervoor dat verborgen bestanden en mappen worden weergegeven.
Hier kun je lezen hoe dat moet: http://users.telenet.be/marcvn/spyware/1117602.htm

Verwijder nu, in veilige modus dus, de volgende bestanden en mappen:

C:\WINNT\system32\IEHost.exe <- dat bestand
C:\WINNT\system32\auxlwb14.exe <- dat bestand
C:\WINNT\system32\SearchBar.htm <- dat bestand (zou al verdwenen kunnen zijn)
C:\WINNT\system32\pcs <- die map

3. Herstart de pc in 'normale modus'.

4. Maak een nieuw log en plaats dat hier.

Badjas · 29 sep 2004

OK,

Alles is gelukt. Hierbij de log en ik laat weten vandaag of het geholpen heeft.

Alvast heeeeel hartelijk bedankt!! Ik vind het echt een topsite!

Logfile of HijackThis v1.98.2
Scan saved at 14:50:30, on 29-9-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\WINNT\System32\TVD_Update_Agent.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Psion\PsiWin\Psconsv.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
C:\PROGRA~1\Psion\PsiWin\Elogerr.exe
C:\Program Files\Psion\PsiWin\Prc32Eng.Exe
C:\Program Files\Psion\PsiWin\COPYANY.EXE
C:\Program Files\Psion\PsiWin\wprntsvr.exe
C:\WINNT\MS\SMS\CORE\BIN\Launch32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\RoHuisman\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.logicacmg.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.logicacmg.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 145.26.106.211:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Helper Class - {451650B0-444B-11d2-BEB9-00600892E26F} - C:\PROGRA~1\Invensys\CRM\Shared\AUIEHE~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [Synchro] Synchro.exe
O4 - HKLM\..\Run: [TVD_Update_Agent] C:\WINNT\System32\TVD_Update_Agent.exe
O4 - HKLM\..\Run: [BDASetOfficeTemplate] C:\PROGRA~1\Invensys\CRM\Shared\BDASetOfficeTemplate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PsiWin 2.3 Connection Server.lnk = C:\Program Files\Psion\PsiWin\Psconsv.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.logicacmg.com/
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://portal.logicacmg.nl/Citrix/ICAWEB/en/ica32/wficac.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://lara.global.logica.com/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab

Badjas · 29 sep 2004

Helaas.....

Nog steeds popups!

Nogmaals de laatste log:

Logfile of HijackThis v1.98.2
Scan saved at 15:05:57, on 29-9-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\WINNT\System32\TVD_Update_Agent.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Psion\PsiWin\Psconsv.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
C:\PROGRA~1\Psion\PsiWin\Elogerr.exe
C:\Program Files\Psion\PsiWin\Prc32Eng.Exe
C:\Program Files\Psion\PsiWin\COPYANY.EXE
C:\Program Files\Psion\PsiWin\wprntsvr.exe
C:\WINNT\MS\SMS\CORE\BIN\Launch32.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\RoHuisman\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.logicacmg.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.logicacmg.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 145.26.106.211:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Helper Class - {451650B0-444B-11d2-BEB9-00600892E26F} - C:\PROGRA~1\Invensys\CRM\Shared\AUIEHE~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [Synchro] Synchro.exe
O4 - HKLM\..\Run: [TVD_Update_Agent] C:\WINNT\System32\TVD_Update_Agent.exe
O4 - HKLM\..\Run: [BDASetOfficeTemplate] C:\PROGRA~1\Invensys\CRM\Shared\BDASetOfficeTemplate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PsiWin 2.3 Connection Server.lnk = C:\Program Files\Psion\PsiWin\Psconsv.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.logicacmg.com/
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://portal.logicacmg.nl/Citrix/ICAWEB/en/ica32/wficac.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://lara.global.logica.com/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab

buffy · 1 okt 2004

Ik heb mijn twijfels over de volgende items:

O2 - BHO: Helper Class - {451650B0-444B-11d2-BEB9-00600892E26F} - C:\PROGRA~1\Invensys\CRM\Shared\AUIEHE~1.DLL

O4 - HKLM\..\Run: [Synchro] Synchro.exe
O4 - HKLM\..\Run: [TVD_Update_Agent] C:\WINNT\System32\TVD_Update_Agent.exe

Kun jij ze thuisbrengen?

Badjas · 2 okt 2004

Even uitleg:

De eerste regel (CRM) heb ik nodig om mijn CRM pakket te laten werken. Haal ik hem weg, dan start die niet meer op.

De 2 regel (synchro) had ik al uitgeschakeld door synchro weg te gooien, hij komt ook niet meer voor op mijn harde schijf.

Laatste regel is een auto updateprg voor mcafee.

Dus aan die regels ligt het niet. Ik moet wel zeggen dat de frequentie nihil is geworden (2x per dag of zo), dus e.e.a. heeft wel geholpen.

Maar wat is:
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx ?

buffy · 2 okt 2004

Geplaatst door Badjas
Maar wat is:
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx ?

Dat hoort bij Windows Media Player: http://www.liutilities.com/products/wintaskspro/dlllibrary/msdxm/

Hijack

Badjas

Gebruiker

H@ns

Terugkerende gebruiker

Badjas

Gebruiker

Badjas

Gebruiker

buffy

Meubilair

Badjas

Gebruiker

buffy

Meubilair

Badjas

Gebruiker

Badjas

Gebruiker

buffy

Meubilair

Badjas

Gebruiker

buffy

Meubilair

Nieuwste berichten

Wij waarderen jouw privacy