log

Status
Niet open voor verdere reacties.
S

stevendemunter

Gebruiker
Lid geworden
24 jul 2002
Berichten
704
Logfile of HijackThis v1.97.7
Scan saved at 7:04:04, on 28/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SCARDS32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\shicoxp.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\admin\Bureaublad\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infozone.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-siemens.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.fujitsu-siemens.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe
O4 - HKLM\..\Run: [lauchsrv] C:\WINDOWS\lauchsrv.exe i
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsu-siemens.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 
Hierbij de nieuwe log.

Alvast bedankt.

Logfile of HijackThis v1.98.2
Scan saved at 0:34:41, on 30-9-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Panda Software\Panda Antivirus 6.0\Pavsrv51.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\Panda Software\Panda Antivirus 6.0\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus 6.0\apvxdwin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe
D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\System32\serm32.exe
C:\sp2update.exe
D:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
D:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\Explorer.EXE
D:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [zSPGuard] d:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 6.0\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ScanInicio] "C:\Program Files\Panda Software\Panda Antivirus 6.0\Inicio.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DVDTray] d:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [DVDBitSet] d:\PROGRA~1\HPDVD~1\Umbrella\DVDBitSet.exe /NOUI
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "d:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [Microsoft WinUpdates] serm32.exe
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\nxctbi.exe
O4 - HKLM\..\Run: [MS FIREWALL] msfrewall.exe
O4 - HKLM\..\Run: [sdfsdfsdf] C:\sp2update.exe
O4 - HKLM\..\Run: [Ad-Aware] "D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [AWMON] "D:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKLM\..\RunServices: [Microsoft WinUpdates] serm32.exe
O4 - HKLM\..\RunServices: [MS FIREWALL] msfrewall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MS FIREWALL] msfrewall.exe
O4 - HKCU\..\RunServices: [MS FIREWALL] msfrewall.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
 
Geplaatst door bruggeling

O4 - HKLM\..\Run: [Microsoft WinUpdates] serm32.exe
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\nxctbi.exe
O4 - HKLM\..\Run: [MS FIREWALL] msfrewall.exe
O4 - HKLM\..\Run: [sdfsdfsdf] C:\sp2update.exe
O4 - HKLM\..\RunServices: [Microsoft WinUpdates] serm32.exe
O4 - HKLM\..\RunServices: [MS FIREWALL] msfrewall.exe
O4 - HKCU\..\Run: [MS FIREWALL] msfrewall.exe
O4 - HKCU\..\RunServices: [MS FIREWALL] msfrewall.exe
Klik om te vergroten...

Hoi Bruggeling,


1. Vink bovenstaande aan in HijackThis, sluit alle andere vensters en browsers, en klik op Fix Checked.

2. Start opnieuw op in veilige modus.
Zorg ervoor dat verborgen bestanden en mappen zichtbaar zijn: Verkenner > Extra > Mapopties > Tablad Weergave > scroll naar beneden en vink het vakje voor "Verborgen bestanden en mappen weergeven" aan.

Verwijder, in veilige modus:
C:\WINDOWS\System32\nxctbi.exe
C:\sp2update.exe


3. Start opnieuw op in normale modus, maak een nieuw logje aan met HijackThis, en post dat hier :)
 
Bedankt voor het nakijken,

Hierbij opnieuw mijn gecorrigeeerde log.

Op het moment, dat ik dit schrijf, werden er weer allerlei files geladen, dus hij is nog niet in orde denk.

Ik zal voor de zekerheid nog een keer mijn log opnieuw onder deze log plaatsen.

Je krijgt mijn log dus 2 keer.

Logfile of HijackThis v1.98.2
Scan saved at 19:32:37, on 30-9-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Panda Software\Panda Antivirus 6.0\APVXDWIN.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe
D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
D:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\msfrewall.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Panda Software\Panda Antivirus 6.0\Pavsrv51.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\Panda Software\Panda Antivirus 6.0\AVENGINE.EXE
D:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [zSPGuard] d:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 6.0\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ScanInicio] "C:\Program Files\Panda Software\Panda Antivirus 6.0\Inicio.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DVDTray] d:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [DVDBitSet] d:\PROGRA~1\HPDVD~1\Umbrella\DVDBitSet.exe /NOUI
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "d:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [Ad-Aware] "D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [AWMON] "D:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKLM\..\Run: [MS FIREWALL] msfrewall.exe
O4 - HKLM\..\RunServices: [MS FIREWALL] msfrewall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MS FIREWALL] msfrewall.exe
O4 - HKCU\..\RunServices: [MS FIREWALL] msfrewall.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll


Logfile of HijackThis v1.98.2
Scan saved at 19:39:20, on 30-9-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Panda Software\Panda Antivirus 6.0\APVXDWIN.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe
D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
D:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Panda Software\Panda Antivirus 6.0\Pavsrv51.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\Panda Software\Panda Antivirus 6.0\AVENGINE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
c:\sp2update.exe
D:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [zSPGuard] d:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 6.0\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ScanInicio] "C:\Program Files\Panda Software\Panda Antivirus 6.0\Inicio.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DVDTray] d:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [DVDBitSet] d:\PROGRA~1\HPDVD~1\Umbrella\DVDBitSet.exe /NOUI
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "d:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [Ad-Aware] "D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [AWMON] "D:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKLM\..\Run: [MS FIREWALL] msfrewall.exe
O4 - HKLM\..\Run: [sdfsdfsdf] C:\sp2update.exe
O4 - HKLM\..\RunServices: [MS FIREWALL] msfrewall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MS FIREWALL] msfrewall.exe
O4 - HKCU\..\RunServices: [MS FIREWALL] msfrewall.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
 
Geplaatst door bruggeling

O4 - HKLM\..\Run: [MS FIREWALL] msfrewall.exe
O4 - HKLM\..\Run: [sdfsdfsdf] C:\sp2update.exe
O4 - HKLM\..\RunServices: [MS FIREWALL] msfrewall.exe
O4 - HKCU\..\Run: [MS FIREWALL] msfrewall.exe
O4 - HKCU\..\RunServices: [MS FIREWALL] msfrewall.exe
Klik om te vergroten...

Hoi Bruggeling,

Klopt het dat je SpyGuard geinstalleerd hebt?

1. Start opnieuw op in veilige modus, en fix bovenstaande.

2. Start opnieuw op, en draai:
- BitDefender >> zorg ervoor dat “AutoClean” aangevinkt is
- Trend Micro >> zorg ervoor dat “AutoClean” aangevinkt is

3. Start opnieuw op, maak een nieuw logje aan met HijackThis, en post dat hier.
 
Nee, ik heb spywareblaster geinstalleerd.

Ik ga nu de programma's draaien, die je hebt aanbevolen en dan kijk ik wel verder.
 
Virusscanners in veilige modus gedraaid.
Hij heeft dezelfde files gevonden en iets van het Backdoor.Botget.FTPB en Backdoor.RBot.MJ, deze kon hij niet verwijderen.

Hierbij nogmaals mijn log:

Logfile of HijackThis v1.98.2
Scan saved at 1:05:55, on 4-10-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 6.0\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ScanInicio] "C:\Program Files\Panda Software\Panda Antivirus 6.0\Inicio.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DVDTray] d:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [DVDBitSet] d:\PROGRA~1\HPDVD~1\Umbrella\DVDBitSet.exe /NOUI
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "d:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [Ad-Aware] "D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [AWMON] "D:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: v2cab - http://14097.searchmiracle.com/cab/v2cab.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan