dennis19802379
Nieuwe gebruiker
- Lid geworden
- 17 jun 2004
- Berichten
- 1
Ik heb sinds een aantal dagen een rare startpagina(res://qrjhv.dll/index.html#1144202596),die ik niet wegkrijg.Heb spybot,adaware en cwschredder geprobeerd,lukt niet.
Hieronder mijn hijack log.Kan iemand mij helpen?(graag uitgebreide instructie,stap voor stap)Dankjewel
Logfile of HijackThis v1.97.7
Scan saved at 11:14:55, on 17-6-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ntst32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\appnd.exe
C:\WINDOWS\System32\jvicedit.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\mfcupdll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn video's\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qrjhv.dll/sp.html#1144202596
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://qrjhv.dll/index.html#1144202596
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://qrjhv.dll/index.html#1144202596
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qrjhv.dll/sp.html#1144202596
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://qrjhv.dll/index.html#1144202596
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qrjhv.dll/sp.html#1144202596
O2 - BHO: (no name) - {4233B9AB-2CE7-4CAE-2E43-97BACA2EFF77} - C:\WINDOWS\winil.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AutoLoader4sr01YYfNaXP] "C:\WINDOWS\System32\jvicedit.exe" /PC="AM.ALGX" /HideUninstall /HideDir
O4 - HKLM\..\Run: [appnd.exe] C:\WINDOWS\appnd.exe
O4 - HKLM\..\Run: [4F8i3sl] jvicedit.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LorsRiJtW] mfcupdll.exe
O4 - HKLM\..\RunOnce: [ntbc.exe] C:\WINDOWS\system32\ntbc.exe
O4 - HKLM\..\RunOnce: [ntst32.exe] C:\WINDOWS\ntst32.exe
O4 - HKLM\..\RunOnce: [crrr.exe] C:\WINDOWS\system32\crrr.exe
O4 - HKLM\..\RunOnce: [msrc32.exe] C:\WINDOWS\system32\msrc32.exe
O4 - HKLM\..\RunOnce: [iptf.exe] C:\WINDOWS\system32\iptf.exe
O4 - HKLM\..\RunOnce: [apiaa32.exe] C:\WINDOWS\system32\apiaa32.exe
O4 - HKLM\..\RunOnce: [appcu.exe] C:\WINDOWS\system32\appcu.exe
O4 - HKLM\..\RunOnce: [javazt32.exe] C:\WINDOWS\system32\javazt32.exe
O4 - HKLM\..\RunOnce: [addtg.exe] C:\WINDOWS\addtg.exe
O4 - HKLM\..\RunOnce: [ipfg32.exe] C:\WINDOWS\system32\ipfg32.exe
O4 - HKLM\..\RunOnce: [msho32.exe] C:\WINDOWS\msho32.exe
O4 - HKLM\..\RunOnce: [netsu32.exe] C:\WINDOWS\system32\netsu32.exe
O4 - HKLM\..\RunOnce: [ipsi.exe] C:\WINDOWS\system32\ipsi.exe
O4 - HKLM\..\RunOnce: [ievr.exe] C:\WINDOWS\ievr.exe
O4 - HKLM\..\RunOnce: [iejg32.exe] C:\WINDOWS\iejg32.exe
O4 - HKLM\..\RunOnce: [appni32.exe] C:\WINDOWS\system32\appni32.exe
O4 - HKLM\..\RunOnce: [appjp32.exe] C:\WINDOWS\system32\appjp32.exe
O4 - HKLM\..\RunOnce: [cryn32.exe] C:\WINDOWS\cryn32.exe
O4 - HKLM\..\RunOnce: [apibg.exe] C:\WINDOWS\apibg.exe
O4 - HKLM\..\RunOnce: [atlum32.exe] C:\WINDOWS\atlum32.exe
O4 - HKLM\..\RunOnce: [ntcz32.exe] C:\WINDOWS\ntcz32.exe
O4 - HKLM\..\RunOnce: [appfs.exe] C:\WINDOWS\system32\appfs.exe
O4 - HKLM\..\RunOnce: [netwz32.exe] C:\WINDOWS\netwz32.exe
O4 - HKLM\..\RunOnce: [iecu32.exe] C:\WINDOWS\iecu32.exe
O4 - HKLM\..\RunOnce: [ntcb.exe] C:\WINDOWS\ntcb.exe
O4 - HKLM\..\RunOnce: [addpq.exe] C:\WINDOWS\addpq.exe
O4 - HKLM\..\RunOnce: [apivb.exe] C:\WINDOWS\apivb.exe
O4 - HKLM\..\RunOnce: [windn.exe] C:\WINDOWS\system32\windn.exe
O4 - HKLM\..\RunOnce: [javasl.exe] C:\WINDOWS\system32\javasl.exe
O4 - HKLM\..\RunOnce: [atldq.exe] C:\WINDOWS\atldq.exe
O4 - HKLM\..\RunOnce: [appnu32.exe] C:\WINDOWS\system32\appnu32.exe
O4 - HKLM\..\RunOnce: [addha32.exe] C:\WINDOWS\system32\addha32.exe
O4 - HKLM\..\RunOnce: [mfcvy.exe] C:\WINDOWS\mfcvy.exe
O4 - HKLM\..\RunOnce: [appzh32.exe] C:\WINDOWS\system32\appzh32.exe
O4 - HKLM\..\RunOnce: [apipp.exe] C:\WINDOWS\system32\apipp.exe
O4 - HKLM\..\RunOnce: [mfczt32.exe] C:\WINDOWS\mfczt32.exe
O4 - HKLM\..\RunOnce: [sysvz.exe] C:\WINDOWS\system32\sysvz.exe
O4 - HKLM\..\RunOnce: [netoz32.exe] C:\WINDOWS\system32\netoz32.exe
O4 - HKLM\..\RunOnce: [winnh32.exe] C:\WINDOWS\system32\winnh32.exe
O4 - HKLM\..\RunOnce: [sdkcf.exe] C:\WINDOWS\sdkcf.exe
O4 - HKLM\..\RunOnce: [ipvb.exe] C:\WINDOWS\ipvb.exe
O4 - HKLM\..\RunOnce: [javalj32.exe] C:\WINDOWS\javalj32.exe
O4 - HKLM\..\RunOnce: [ieby.exe] C:\WINDOWS\ieby.exe
O4 - HKLM\..\RunOnce: [msve.exe] C:\WINDOWS\msve.exe
O4 - HKLM\..\RunOnce: [d3fa32.exe] C:\WINDOWS\system32\d3fa32.exe
O4 - HKLM\..\RunOnce: [addml32.exe] C:\WINDOWS\addml32.exe
O4 - HKLM\..\RunOnce: [winhs32.exe] C:\WINDOWS\winhs32.exe
O4 - HKLM\..\RunOnce: [iedc32.exe] C:\WINDOWS\system32\iedc32.exe
O4 - HKLM\..\RunOnce: [javacp32.exe] C:\WINDOWS\javacp32.exe
O4 - HKLM\..\RunOnce: [addgx.exe] C:\WINDOWS\system32\addgx.exe
O4 - HKLM\..\RunOnce: [apiix.exe] C:\WINDOWS\system32\apiix.exe
O4 - HKLM\..\RunOnce: [atlez.exe] C:\WINDOWS\atlez.exe
O4 - HKLM\..\RunOnce: [ipsk.exe] C:\WINDOWS\system32\ipsk.exe
O4 - HKLM\..\RunOnce: [ipgz.exe] C:\WINDOWS\system32\ipgz.exe
O4 - HKLM\..\RunOnce: [addfz32.exe] C:\WINDOWS\system32\addfz32.exe
O4 - HKLM\..\RunOnce: [sysqt32.exe] C:\WINDOWS\sysqt32.exe
O4 - HKLM\..\RunOnce: [wincp.exe] C:\WINDOWS\system32\wincp.exe
O4 - HKLM\..\RunOnce: [sdkhp.exe] C:\WINDOWS\sdkhp.exe
O4 - HKLM\..\RunOnce: [iedz.exe] C:\WINDOWS\iedz.exe
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4323/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7E22DFA-68D9-4FA6-B6FB-0C31DDFF2241}: NameServer = 194.134.5.5 194.134.5.55
Hieronder mijn hijack log.Kan iemand mij helpen?(graag uitgebreide instructie,stap voor stap)Dankjewel
Logfile of HijackThis v1.97.7
Scan saved at 11:14:55, on 17-6-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ntst32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\appnd.exe
C:\WINDOWS\System32\jvicedit.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\mfcupdll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn video's\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qrjhv.dll/sp.html#1144202596
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://qrjhv.dll/index.html#1144202596
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://qrjhv.dll/index.html#1144202596
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qrjhv.dll/sp.html#1144202596
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://qrjhv.dll/index.html#1144202596
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qrjhv.dll/sp.html#1144202596
O2 - BHO: (no name) - {4233B9AB-2CE7-4CAE-2E43-97BACA2EFF77} - C:\WINDOWS\winil.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AutoLoader4sr01YYfNaXP] "C:\WINDOWS\System32\jvicedit.exe" /PC="AM.ALGX" /HideUninstall /HideDir
O4 - HKLM\..\Run: [appnd.exe] C:\WINDOWS\appnd.exe
O4 - HKLM\..\Run: [4F8i3sl] jvicedit.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LorsRiJtW] mfcupdll.exe
O4 - HKLM\..\RunOnce: [ntbc.exe] C:\WINDOWS\system32\ntbc.exe
O4 - HKLM\..\RunOnce: [ntst32.exe] C:\WINDOWS\ntst32.exe
O4 - HKLM\..\RunOnce: [crrr.exe] C:\WINDOWS\system32\crrr.exe
O4 - HKLM\..\RunOnce: [msrc32.exe] C:\WINDOWS\system32\msrc32.exe
O4 - HKLM\..\RunOnce: [iptf.exe] C:\WINDOWS\system32\iptf.exe
O4 - HKLM\..\RunOnce: [apiaa32.exe] C:\WINDOWS\system32\apiaa32.exe
O4 - HKLM\..\RunOnce: [appcu.exe] C:\WINDOWS\system32\appcu.exe
O4 - HKLM\..\RunOnce: [javazt32.exe] C:\WINDOWS\system32\javazt32.exe
O4 - HKLM\..\RunOnce: [addtg.exe] C:\WINDOWS\addtg.exe
O4 - HKLM\..\RunOnce: [ipfg32.exe] C:\WINDOWS\system32\ipfg32.exe
O4 - HKLM\..\RunOnce: [msho32.exe] C:\WINDOWS\msho32.exe
O4 - HKLM\..\RunOnce: [netsu32.exe] C:\WINDOWS\system32\netsu32.exe
O4 - HKLM\..\RunOnce: [ipsi.exe] C:\WINDOWS\system32\ipsi.exe
O4 - HKLM\..\RunOnce: [ievr.exe] C:\WINDOWS\ievr.exe
O4 - HKLM\..\RunOnce: [iejg32.exe] C:\WINDOWS\iejg32.exe
O4 - HKLM\..\RunOnce: [appni32.exe] C:\WINDOWS\system32\appni32.exe
O4 - HKLM\..\RunOnce: [appjp32.exe] C:\WINDOWS\system32\appjp32.exe
O4 - HKLM\..\RunOnce: [cryn32.exe] C:\WINDOWS\cryn32.exe
O4 - HKLM\..\RunOnce: [apibg.exe] C:\WINDOWS\apibg.exe
O4 - HKLM\..\RunOnce: [atlum32.exe] C:\WINDOWS\atlum32.exe
O4 - HKLM\..\RunOnce: [ntcz32.exe] C:\WINDOWS\ntcz32.exe
O4 - HKLM\..\RunOnce: [appfs.exe] C:\WINDOWS\system32\appfs.exe
O4 - HKLM\..\RunOnce: [netwz32.exe] C:\WINDOWS\netwz32.exe
O4 - HKLM\..\RunOnce: [iecu32.exe] C:\WINDOWS\iecu32.exe
O4 - HKLM\..\RunOnce: [ntcb.exe] C:\WINDOWS\ntcb.exe
O4 - HKLM\..\RunOnce: [addpq.exe] C:\WINDOWS\addpq.exe
O4 - HKLM\..\RunOnce: [apivb.exe] C:\WINDOWS\apivb.exe
O4 - HKLM\..\RunOnce: [windn.exe] C:\WINDOWS\system32\windn.exe
O4 - HKLM\..\RunOnce: [javasl.exe] C:\WINDOWS\system32\javasl.exe
O4 - HKLM\..\RunOnce: [atldq.exe] C:\WINDOWS\atldq.exe
O4 - HKLM\..\RunOnce: [appnu32.exe] C:\WINDOWS\system32\appnu32.exe
O4 - HKLM\..\RunOnce: [addha32.exe] C:\WINDOWS\system32\addha32.exe
O4 - HKLM\..\RunOnce: [mfcvy.exe] C:\WINDOWS\mfcvy.exe
O4 - HKLM\..\RunOnce: [appzh32.exe] C:\WINDOWS\system32\appzh32.exe
O4 - HKLM\..\RunOnce: [apipp.exe] C:\WINDOWS\system32\apipp.exe
O4 - HKLM\..\RunOnce: [mfczt32.exe] C:\WINDOWS\mfczt32.exe
O4 - HKLM\..\RunOnce: [sysvz.exe] C:\WINDOWS\system32\sysvz.exe
O4 - HKLM\..\RunOnce: [netoz32.exe] C:\WINDOWS\system32\netoz32.exe
O4 - HKLM\..\RunOnce: [winnh32.exe] C:\WINDOWS\system32\winnh32.exe
O4 - HKLM\..\RunOnce: [sdkcf.exe] C:\WINDOWS\sdkcf.exe
O4 - HKLM\..\RunOnce: [ipvb.exe] C:\WINDOWS\ipvb.exe
O4 - HKLM\..\RunOnce: [javalj32.exe] C:\WINDOWS\javalj32.exe
O4 - HKLM\..\RunOnce: [ieby.exe] C:\WINDOWS\ieby.exe
O4 - HKLM\..\RunOnce: [msve.exe] C:\WINDOWS\msve.exe
O4 - HKLM\..\RunOnce: [d3fa32.exe] C:\WINDOWS\system32\d3fa32.exe
O4 - HKLM\..\RunOnce: [addml32.exe] C:\WINDOWS\addml32.exe
O4 - HKLM\..\RunOnce: [winhs32.exe] C:\WINDOWS\winhs32.exe
O4 - HKLM\..\RunOnce: [iedc32.exe] C:\WINDOWS\system32\iedc32.exe
O4 - HKLM\..\RunOnce: [javacp32.exe] C:\WINDOWS\javacp32.exe
O4 - HKLM\..\RunOnce: [addgx.exe] C:\WINDOWS\system32\addgx.exe
O4 - HKLM\..\RunOnce: [apiix.exe] C:\WINDOWS\system32\apiix.exe
O4 - HKLM\..\RunOnce: [atlez.exe] C:\WINDOWS\atlez.exe
O4 - HKLM\..\RunOnce: [ipsk.exe] C:\WINDOWS\system32\ipsk.exe
O4 - HKLM\..\RunOnce: [ipgz.exe] C:\WINDOWS\system32\ipgz.exe
O4 - HKLM\..\RunOnce: [addfz32.exe] C:\WINDOWS\system32\addfz32.exe
O4 - HKLM\..\RunOnce: [sysqt32.exe] C:\WINDOWS\sysqt32.exe
O4 - HKLM\..\RunOnce: [wincp.exe] C:\WINDOWS\system32\wincp.exe
O4 - HKLM\..\RunOnce: [sdkhp.exe] C:\WINDOWS\sdkhp.exe
O4 - HKLM\..\RunOnce: [iedz.exe] C:\WINDOWS\iedz.exe
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4323/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7E22DFA-68D9-4FA6-B6FB-0C31DDFF2241}: NameServer = 194.134.5.5 194.134.5.55
