Mijn Hijackthis

Status
Niet open voor verdere reacties.
Dutchbull

Dutchbull

Terugkerende gebruiker
Lid geworden
10 jan 2002
Berichten
1.014
Hallo,

Zou je deze ook even na kunnen kijken, alvast bedankt!!

Logfile of HijackThis v1.98.2
Scan saved at 11:06:35, on 5-11-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\WINDOWS.000\SYSTEM\MSTASK.EXE
C:\WINDOWS.000\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\TASKMON.EXE
C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
C:\WINDOWS.000\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\SCM\LEDTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE
C:\TEMP\MSBB.EXE
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 98\DMHKEY.EXE
C:\PROGRAM FILES\WINDOWS ADTOOLS\WINRATCHET.EXE
C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
C:\WINDOWS.000\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS.000\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES0.EXE
E:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50145
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50145
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50145
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\PROGRAM FILES\NAVEXCEL\NAVHELPER\V2.0.4C\NHELPER.DLL
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS.000\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS.000\rundll32.exe C:\WINDOWS.000\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [LEDTRAY] C:\PROGRA~1\COMMON~1\SCM\LEDTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS.000\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Microsoft Tray] E:\CURSUS\GAMES (1) (1).EXE
O4 - HKLM\..\Run: [Windows AdTools] C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [enmpml] C:\enmpml.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS.000\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE /boot
O4 - HKCU\..\Run: [areslite] "E:\CURSUS\ARES LITE EDITION\ARESLITE.EXE" -h
O4 - HKCU\..\RunServices: [areslite] "E:\CURSUS\ARES LITE EDITION\ARESLITE.EXE" -h
O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 98\dmhkey.exe
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS.000\Application Data\Microsoft\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\misc.exe
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .pdf: C:\PROGRA~1\Intern~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin.dll
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) - http://63.219.181.7/cax.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...7b2a5905c689:24515e734f677cac594f3fdc891b75c6
 
Bedeankt voor je reactie!!

Hier is de nieuwe:

Logfile of HijackThis v1.98.2
Scan saved at 17:21:53, on 5-11-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\WINDOWS.000\SYSTEM\MSTASK.EXE
C:\WINDOWS.000\SYSTEM\SSDPSRV.EXE
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\TASKMON.EXE
C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
C:\WINDOWS.000\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\SCM\LEDTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 98\DMHKEY.EXE
C:\PROGRAM FILES\WINDOWS ADTOOLS\WINRATCHET.EXE
C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
E:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS.000\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS.000\rundll32.exe C:\WINDOWS.000\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [LEDTRAY] C:\PROGRA~1\COMMON~1\SCM\LEDTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS.000\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Microsoft Tray] E:\CURSUS\GAMES (1) (1).EXE
O4 - HKLM\..\Run: [Windows AdTools] C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS.000\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKCU\..\Run: [areslite] "E:\CURSUS\ARES LITE EDITION\ARESLITE.EXE" -h
O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 98\dmhkey.exe
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS.000\Application Data\Microsoft\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\misc.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .pdf: C:\PROGRA~1\Intern~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin.dll
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
 
Mooi zo, AdAware SE heeft het meeste werk al gedaan.:)


1. Scan met HijackThis en vink de volgende items aan:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)

O4 - HKLM\..\Run: [Windows AdTools] C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
Klik om te vergroten...
Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Herstart de pc in veilige modus en verwijder:

C:\PROGRAM FILES\WINDOWS ADTOOLS <- die map
C:\PROGRAM FILES\COMMON FILES\WINTOOLS <- die map (indien nog aanwezig)

3. Herstart de pc in 'normale modus'.

4. Maak een nieuw log en plaats dat hier.
 
Bij deze:

Logfile of HijackThis v1.98.2
Scan saved at 18:29:38, on 5-11-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\WINDOWS.000\SYSTEM\MSTASK.EXE
C:\WINDOWS.000\SYSTEM\SSDPSRV.EXE
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\TASKMON.EXE
C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
C:\WINDOWS.000\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\SCM\LEDTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES0.EXE
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 98\DMHKEY.EXE
C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
E:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS.000\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS.000\rundll32.exe C:\WINDOWS.000\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [LEDTRAY] C:\PROGRA~1\COMMON~1\SCM\LEDTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS.000\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Microsoft Tray] E:\CURSUS\GAMES (1) (1).EXE
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
O4 - HKLM\..\Run: [Windows AdTools] C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS.000\SYSTEM\ssdpsrv.exe
O4 - HKCU\..\Run: [areslite] "E:\CURSUS\ARES LITE EDITION\ARESLITE.EXE" -h
O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 98\dmhkey.exe
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS.000\Application Data\Microsoft\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\misc.exe
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .pdf: C:\PROGRA~1\Intern~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\Intern~1\PLUGINS\npqtplugin.dll
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
 
1. Scan met HijackThis en vink de volgende items aan:
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
O4 - HKLM\..\Run: [Windows AdTools] C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE

O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
Klik om te vergroten...

Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Herstart de pc in veilige modus en verwijder:

C:\PROGRAM FILES\WEB_REBATES <- die map

3. Herstart de pc in 'normale modus'.


Ben je gehecht aan de RealBar of wil je die ook wel kwijt?
 
Nee, heb die Realbar ook verwijderd.

De computer was heel erg traag, maar nu zit er weer schot in.

Heel erg bedankt!! :thumb:
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan Onderaan