Hijackthis log

lizzie23 · 8 nov 2004

Hoi,

Ik heb vermoedelijk al heel lang een trojan op mn pc staan. Wanneer ik deze scan met ad aware herkent ie hem wel maar gooit het niet van mijn pc af, want na 10 minuten staat het er weer, alleen onder een andere naam.
Ik heb nu de tip van iemand gekregen om mijn pc te scannen met hijackthis en de log hier op het forum te zetten. Kunnen jullie mij helpen?
Wat mag er af en vooral HOE haal ik dat ding eraf, zodat het niet meer terug komt??

Alvast super bedankt!
Groetjes Lizzie

Hier is ie:

Logfile of HijackThis v1.98.2
Scan saved at 9:03:01, on 8-11-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\chello\ChelloMessenger.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
D:\Ad Aware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lxabvkiroroidzgxu.com/HQ...nGsACtSJcvTSMzTeNhEG8uwwKQrEkplR2zsDKD6Z3.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.nld.chello.nl/ssi/welcome/welcome.php?url=home&src=ie
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.brabant.chello.nl:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2322F405-C963-E2BC-6C42-ADA18EB3C810} - D:\DOCUME~1\LISETT~1\APPLIC~1\SIGNBU~1\ArmyBook.exe
O2 - BHO: IEHelper - {4ab44d37-8cd7-4135-8abc-fb9723f900af} - C:\WINDOWS\System32\Q9698265.dll (file missing)
O2 - BHO: OpinionBar IE monitor - {6607C683-AE7C-11D4-ACD7-0050DAC291A2} - C:\PROGRA~1\OPINIO~1\MYIEMO~1.DLL
O2 - BHO: (no name) - {78E101A3-54BD-E6E4-3A7B-B6474A6650DC} - D:\DOCUME~1\LISETT~1\APPLIC~1\SIGNBU~1\ArmyBook.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {E5A2678F-DA83-4D2E-BA85-6236E90098FA} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WorksFUD] D:\Microsoft works 2002\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] D:\Microsoft works 2002\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ChelloBackground] C:\Program Files\chello\\ChelloMessenger.exe
O4 - HKLM\..\Run: [aciditchsendwma] D:\Documenten en Settings\All Users\Application Data\MAGS DEFY ACID ITCH\winbash.exe
O4 - HKLM\..\Run: [xyrifulrtke] C:\WINDOWS\System32\myftzgzs.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [OSS] c:\windows\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [Uplitethunkactive] D:\Documenten en Settings\All Users\Application Data\move bin up lite\rule tons.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Typebags] D:\DOCUME~1\LISETT~1\APPLIC~1\TITLEI~1\1chin.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

H@ns · 13 nov 2004

Hoi Lizzie,

1. Start HijackThis, en vink onderstaande regels aan:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lxabvkiroroidzgxu.com/HQ...nGsACtSJcvTSMzTeNhEG8uwwKQrEkplR2zsDKD6Z3.htm

R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)

O2 - BHO: (no name) - {2322F405-C963-E2BC-6C42-ADA18EB3C810} - D:\DOCUME~1\LISETT~1\APPLIC~1\SIGNBU~1\ArmyBook.exe
O2 - BHO: IEHelper - {4ab44d37-8cd7-4135-8abc-fb9723f900af} - C:\WINDOWS\System32\Q9698265.dll (file missing)
O2 - BHO: OpinionBar IE monitor - {6607C683-AE7C-11D4-ACD7-0050DAC291A2} - C:\PROGRA~1\OPINIO~1\MYIEMO~1.DLL
O2 - BHO: (no name) - {78E101A3-54BD-E6E4-3A7B-B6474A6650DC} - D:\DOCUME~1\LISETT~1\APPLIC~1\SIGNBU~1\ArmyBook.exe
O3 - Toolbar: (no name) - {E5A2678F-DA83-4D2E-BA85-6236E90098FA} - (no file)

O4 - HKLM\..\Run: [aciditchsendwma] D:\Documenten en Settings\All Users\Application Data\MAGS DEFY ACID ITCH\winbash.exe
O4 - HKLM\..\Run: [xyrifulrtke] C:\WINDOWS\System32\myftzgzs.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [OSS] c:\windows\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [Uplitethunkactive] D:\Documenten en Settings\All Users\Application Data\move bin up lite\rule tons.exe
O4 - HKCU\..\Run: [Typebags] D:\DOCUME~1\LISETT~1\APPLIC~1\TITLEI~1\1chin.exe

2. Sluit alle andere vensters en browsers, en klik op de knop “Fix Checked”.

3. Start opnieuw op in veilige modus.
Zorg ervoor dat verborgen bestanden en mappen zichtbaar zijn: Verkenner > Extra > Mapopties > Tablad Weergave > scroll naar beneden en vink het vakje voor "Verborgen bestanden en mappen weergeven" aan.

4. Ga naar Windows Verkenner (Rechtsklikken op Start - Verkennen). Zoek en verwijder het volgende:
Mappen:
D:\Documenten en Settings\LISETT~1\Application Data\SIGNBU...
C:\PROGRA~1\OPINIO...
D:\Documenten en Settings\All Users\Application Data\MAGS DEFY ACID ITCH
c:\program files\180solutions
D:\Documenten en Settings\All Users\Application Data\move bin up lite
D:\Documenten en Settings\LISETT~1\Application DataTITLEI...

Bestanden:
C:\WINDOWS\System32\myftzgzs.exe
c:\windows\system32\ossproxy.exe

5. Start opnieuw op in normale modus, maak een nieuw logje aan met HijackThis, en post dat hier

lizzie23 · 13 nov 2004

Hoi Hans,

Bedankt voor je hulp! Ik heb alles weg gehaald en hijackthis opnieuw laten scannen.
Dit is het resultaat:

Logfile of HijackThis v1.98.2
Scan saved at 16:36:08, on 13-11-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\chello\ChelloMessenger.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Ad Aware\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wrbjyxiarjlnozunjj.com/H...GsACtSJcvTSMzTeNhEF3uGPrgyYSTVR2zsDKD6Z3.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arshwlupuntpuvkspkog.com/HQEHFVL7JkbDQidOimq87yzQYn1ka8v1vSXltK/wA1M.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.nld.chello.nl/ssi/welcome/welcome.php?url=home&src=ie
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.brabant.chello.nl:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2322F405-C963-E2BC-6C42-ADA18EB3C810} - D:\DOCUME~1\LISETT~1\APPLIC~1\SIGNBU~1\ArmyBook.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WorksFUD] D:\Microsoft works 2002\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] D:\Microsoft works 2002\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ChelloBackground] C:\Program Files\chello\\ChelloMessenger.exe
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Uplitethunkactive] D:\Documenten en Settings\All Users\Application Data\move bin up lite\CoalUp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Typebags] D:\DOCUME~1\LISETT~1\APPLIC~1\TITLEI~1\1chin.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe
O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: MyCom - {21487E43-34B1-4127-B06B-7D1B361D4BCB} - http://www.mycom.nl (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.nld.chello.nl/ssi/welcome/welcome.php?url=home&src=ie
O16 - DPF: {A9FD89D6-C839-11D3-B0FE-0050044B8FE9} (OBInstallRunner Control) - http://www.opinionbar.com/download/resources/OBInstallCabinet.CAB

Groetjes Lizzie

H@ns · 14 nov 2004

Hoi Lizzie,

1. Vink onderstaande regels aan in HijackThis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wrbjyxiarjlnozunjj.com/H...GsACtSJcvTSMzTeNhEF3uGPrgyYSTVR2zsDKD6Z3.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arshwlupuntpuvkspkog.com/HQEHFVL7JkbDQidOimq87yzQYn1ka8v1vSXltK/wA1M.htm

O2 - BHO: (no name) - {2322F405-C963-E2BC-6C42-ADA18EB3C810} - D:\DOCUME~1\LISETT~1\APPLIC~1\SIGNBU~1\ArmyBook.exe

O4 - HKLM\..\Run: [Uplitethunkactive] D:\Documenten en Settings\All Users\Application Data\move bin up lite\CoalUp.exe
O4 - HKCU\..\Run: [Typebags] D:\DOCUME~1\LISETT~1\APPLIC~1\TITLEI~1\1chin.exe

2. Sluit alle andere vensters en browsers, en klik op de knop “Fix Checked”.

3. Start opnieuw op in veilige modus.
Zorg ervoor dat verborgen bestanden en mappen zichtbaar zijn: Verkenner > Extra > Mapopties > Tablad Weergave > scroll naar beneden en vink het vakje voor "Verborgen bestanden en mappen weergeven" aan.

4. Ga naar Windows Verkenner (Rechtsklikken op Start - Verkennen). Zoek en verwijder het volgende:
Mappen:
D:\Documenten en Settings\LISETT~1\Application Data\SIGNBU...
D:\Documenten en Settings\All Users\Application Data\move bin up lite
D:\Documenten en Settings\LISETT~1\Application Data\TITLEI...

5. Start opnieuw op in normale modus, maak een nieuw logje aan met HijackThis, en post dat hier .

lizzie23 · 14 nov 2004

Hoi hoi,

Hier nogmaals mijn Log. Enigste vraag die ik heb: hoe start ik de pc opnieuw op in de veilige modus? Ik heb XP, maar weet niet hoe ik dit moet doen, misschien dat ik er daarom niet alles afkrijg?

Hier is mijn log weer:

Logfile of HijackThis v1.98.2
Scan saved at 14:00:10, on 14-11-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\chello\ChelloMessenger.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\Ad Aware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.nld.chello.nl/ssi/welcome/welcome.php?url=home&src=ie
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.brabant.chello.nl:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WorksFUD] D:\Microsoft works 2002\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] D:\Microsoft works 2002\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ChelloBackground] C:\Program Files\chello\\ChelloMessenger.exe
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe
O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: MyCom - {21487E43-34B1-4127-B06B-7D1B361D4BCB} - http://www.mycom.nl (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.nld.chello.nl/ssi/welcome/welcome.php?url=home&src=ie
O16 - DPF: {A9FD89D6-C839-11D3-B0FE-0050044B8FE9} (OBInstallRunner Control) - http://www.opinionbar.com/download/resources/OBInstallCabinet.CAB

Groetjes Lizzie

H@ns · 14 nov 2004

Hoe op te starten in veilige modus:
http://www.virushelp.nl/veilige_modus.htm

Je logje is in ieder geval weer schoon

Bekijk het even, en als het terugkomt, mag je altijd een nieuw logje plaatsen

Hijackthis log

lizzie23

Gebruiker

H@ns

Terugkerende gebruiker

lizzie23

Gebruiker

H@ns

Terugkerende gebruiker

lizzie23

Gebruiker

H@ns

Terugkerende gebruiker

Nieuwste berichten

Wij waarderen jouw privacy