Sitethief
Gebruiker
- Lid geworden
- 25 nov 2004
- Berichten
- 16
Logfile of HijackThis v1.98.2
Scan saved at 2:15:08, on 25-11-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
D:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
D:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
D:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
D:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\SymTray.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\bcmwltry.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\System32\cidaemon.exe
D:\Program Files\Security\Privacy\Ad-Aware\Ad-watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
H:\Michel\Trillian\trillian.exe
E:\HijjackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = :about
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = :about
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/QuickPage/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.252.105.249:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\fam. Everts\Application Data\Mozilla\Profiles\default\1lt3oalh.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CProgram%20Files%5CInternet%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\fam. Everts\Application Data\Mozilla\Profiles\default\1lt3oalh.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\Security\Privacy\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\downloaded program files\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: ProxyReset Class - {FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} - C:\WINNT\SYSTEM32\AHIEHELP.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] D:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] D:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Common Files\Symantec Shared\Security Center\usrprmpt.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\smc.exe -startgui
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] C:\WINNT\system32\Win2K\RemoveCpl.exe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] D:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [RAM Medic] D:\Program Files\Utilities\Memory\Iomatic\RAM Medic\RAMMedic.exe
O4 - HKCU\..\Run: [Lavasoft Adwatch] D:\Program Files\Security\Privacy\Ad-Aware\Ad-watch.exe /min
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\winnt\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\winnt\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\winnt\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\winnt\downloaded program files\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://www.advnt01.com/dialer/olanda_ver3.CAB
O16 - DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} - http://www.silvercrk.com/php/hwsoliii_scecab_213.51.98.151.1264910780075611075_2973446.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game13.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1004a_pack.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
Ter atentie, ik gebruik geen IE/MS based programma's, en daarnaast was het systeem net schoongemaakt (348 critical objects in Ad-Aware, gelukig niet mijn eigen pc.....)
Ik hoop dat er niks meer tussen zit
