Logfile!

[Önder]

Het is een logfile vaneen vriend, succes met helpeL

ogfile of HijackThis v1.98.2
Scan saved at 13:03:55, on 17-10-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\ngsrv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\win32usb.exe
C:\WINDOWS\System32\msdrvs32.exe
C:\WINDOWS\System32\windnsd.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\mzwirj.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINDOWS\ewupdater.exe
C:\windows\redirect9a.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
C:\WINDOWS\System32\msdns.exe
c:\windows\system32\winclk.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe
C:\kkk.exe
C:\WINDOWS\System32\pidserv.exe
C:\windows\system32\wintme.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\System Soap Pro\soap.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avant Browser\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Winad Client\Winad.exe
C:\Program Files\Winad Client\WinClt.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\Documents and Settings\hanif bayani\Mijn documenten\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.zestyfind.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.googel.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
O1 - Hosts: 80.69.74.15 auto.search.msn.com
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteBar\ELITEB~2.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteBar\ELITEB~2.DLL
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lpistc] C:\WINDOWS\System32\mzwirj.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [msbb] c:\windows\msbb.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [easywww] C:\windows\easywww2.exe
O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe
O4 - HKLM\..\Run: [pghsp] C:\WINDOWS\pghsp.exe
O4 - HKLM\..\Run: [redirect] C:\windows\redirect9a.exe
O4 - HKLM\..\Run: [SysA] C:\windows\system32\winamp32.exe
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winpax32.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
O4 - HKLM\..\Run: [Search-Exe] "C:\Program Files\se\v11\se.EXE" /H
O4 - HKLM\..\Run: [USB Device] win32usb.exe
O4 - HKLM\..\Run: [Microsoft DNS Query] msdns.exe
O4 - HKLM\..\Run: [Windows Driver Services] msdrvs32.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
O4 - HKLM\..\Run: [Windows DNS Daemon] windnsd.exe
O4 - HKLM\..\Run: [Services] C:\kkk.exe
O4 - HKLM\..\Run: [Process Session Manager] pidserv.exe
O4 - HKLM\..\Run: [Printer] C:\windows\system32\wintme.exe
O4 - HKLM\..\RunServices: [USB Device] win32usb.exe
O4 - HKLM\..\RunServices: [Windows Driver Services] msdrvs32.exe
O4 - HKLM\..\RunServices: [Windows DNS Daemon] windnsd.exe
O4 - HKLM\..\RunServices: [Process Session Manager] pidserv.exe
O4 - HKLM\..\RunOnce: [USB Device] win32usb.exe
O4 - HKLM\..\RunOnce: [Windows Driver Services] msdrvs32.exe
O4 - HKLM\..\RunOnce: [Windows DNS Daemon] windnsd.exe
O4 - HKCU\..\Run: [STManager] C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\Program Files\System Soap Pro\soap.exe min
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\mscif.exe
O4 - HKCU\..\Run: [USB Device] win32usb.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows Driver Services] msdrvs32.exe
O4 - HKCU\..\Run: [Windows DNS Daemon] windnsd.exe
O4 - HKCU\..\Run: [Process Session Manager] pidserv.exe
O4 - HKCU\..\RunOnce: [USB Device] win32usb.exe
O4 - HKCU\..\RunOnce: [Windows DNS Daemon] windnsd.exe
O4 - HKCU\..\RunOnce: [Windows Driver Services] msdrvs32.exe
O8 - Extra context menu item: &RSDN Search - res://c:\windows\toolbar_nieuw14.dll/GoRSDN.dll.htm
O8 - Extra context menu item: Alle links in deze pagina openen... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Blokkeer alle plaatjes afkomstig van dezelfde server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Markeren - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Toevoegen aan Reclame Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Zoeken - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://www.advnt01.com/dialer/olanda_ver3.CAB
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...7650ecea87f9:207b8bbba6efe004661d0d88309f9efb
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {3F2705D0-C9D8-4020-A15C-E495A0050EC6} (Easywebinstaller Control) - http://s7.blingblingcontent.com/toolbarcash/activex/easywebinstaller.ocx
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pptproactauthsmakamai/systemsoappro.cab
O16 - DPF: {68E53982-CCCE-48C2-89B9-C3C97638F9B4} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games6.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/BM2/BM2.cab
O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\System32\msehek.dll

 

[buffy]

Op deze manier is er voor ons natuurlijk geen beginnen aan. Eerst moet je zelf aan de slag, Önder:



1. Installeer AdAware SE 1.05, als die nog niet op de pc staat: http://www.majorgeeks.com/download506.html
(Gebruik geen oudere versie van AdAware!)

2. Installeer CleanUp!: http://downloads.stevengould.org/cleanup/CleanUp312.exe

3. Start de pc in veilige modus.

- Draai CleanUp (in veilige modus dus); simpelweg op de knop "CleanUp!" klikken en geduldig wachten tot het programma klaar is.

- Doe een volledige scan met AdAware SE (nog steeds in veilige modus dus), laat alles verwijderen wat wordt gevonden.

4. Herstart de pc in 'normale modus'.

5. Scan online op virussen en trojans bij Housecall: http://housecall.trendmicro.com/
Start na de scan de pc opnieuw op.

6. Scan online op virussen en trojans bij BitDefender: http://www.bitdefender.com/scan/licence.php
Start na de scan de pc opnieuw op.

7. Doe een volledige scan met Spybot - Search & Destroy 1.3: http://www.majorgeeks.com/download2471.html
Zorg dat het programma up-to-date is. Laat alle in rood weergegeven items fixen (die worden automatisch geselecteerd). Start daarna de pc opnieuw op.

8. Download, unzip en draai CWShredder: http://www.majorgeeks.com/download4086.html
Gebruik de Fix knop.
Start daarna de pc opnieuw op.

9. Draai CleanUp! nog een keertje.

10. Maak een nieuw HijackThis-log en plaats dat hier.

 

[Önder]

Echt waar de meeste van die dingen heb ik gedaan. Housecall doet het niet Adaware loopt vast SPybot heb ik wel gedaan. Echt waar bijna alle progjes behalve hijack en en Spybot lopen vast zelfs internet explorer.\

ps; het is niet mijn pc maar van een vriend. Mijn logje volgt later nog

 

[buffy]

Voer alsjeblieft die tien stappen uit, in die volgorde. Ik laat bij stap 3 CleanUp! en AdAware draaien in veilige modus, de kans is klein dat het dan ook vastloopt. Daarna zullen de volgende stappen ook wel lukken. Dus voer nu alsjeblieft die tien stappen uit, in die volgorde, precies zoals ik het adviseer. Is dat jou te veel moeite, dan kun je die pc maar beter meteen gaan formatteren.

 

[Önder]

Nee tuurlijk niet,
Je moet niet denken dat ik niks doe aan die pc.
Ik heb er afgelopen zondag 3uren aan besteeds steeds liep hij weer vast ik zal het doen als ik naar hem ga. En bedankt voor je advies.

 

[buffy]

Okee. Mocht Spybot toch nog weer vastlopen, draai ook Spybot dan in veilige modus. En wat de online scans betreft: loopt er één vast, probeer dan een andere. Keuze genoeg:

- Panda: http://www.pandasoftware.com/activescan/com/activescan_principal.htm
- BitDefender: http://www.bitdefender.com/scan/licence.php
- Symantec: http://security.symantec.com/ssc/vc...nl&venid=sym&plfid=23&pkj=VRVMFVTEYCUMMGLKAHT
- McAfee: http://www.mcafee.com/myapps/mfs/default.asp
- RAV: http://www.ravantivirus.com/scan/

Probeer ten minste twee online scans te doen, want de virusellende op die pc is enorm.