Mijn reactie ik hoop voor de koffie.
Ik heb in ieder geval mijn eerste bakkie naast mij staan
vanmorgen start ik op en ja hoor internet gaat naar
http://scrk.com/passthrough/index.html?http://country.pagina.nl/
Bovenin het scherm weer een menubalk die ik uit moet vinken met de naam NSHBRBLFRDI
Inderdaad als ik ergens op klik krijg ik de site van lop.com in beeld.
Dus
onderstaand nogmaals de hijjack startup list di hij nu aanmaakt. want ik heb inmiddels al veel verijderd maar..
ik stuur ook als bijll deze startup van hijjack
StartupList report, 1-3-2003, 10:17:28
StartupList version: 1.51
Started from : C:\Documents and Settings\White Eagle\Local Settings\Temp\Tijdelijke map 8 voor hijackthis191.zip\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee\QuickClean\PlgUni.exe
C:\DOCUME~1\WHITEE~1\APPLIC~1\frnglldq.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\DOCUME~1\WHITEE~1\LOCALS~1\Temp\pgt1.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\lotus\wordpro\ltsstart.exe
C:\lotus\smartctr\suitest.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Filter\server.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\White Eagle\Local Settings\Temp\Tijdelijke map 8 voor hijackthis191.zip\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\White Eagle\Menu Start\Programma's\Opstarten]
DLHelperEXE.exe
Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
WebServer.lnk = C:\Program Files\Pinnacle\Pinnacle PCTV\TeleText\WebServer.exe
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
HPAiODevice(hp officejet k series) - 2.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
washindex = C:\Program Files\Washer\washidx.exe "White Eagle"
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe
BPMInit = BpmInit.exe C:\PROGRA~1\ALCATech\BPM-ST~2
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
DivXOP =
McAfee.InstantUpdate.Monitor = "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\E-Book Systems\FlipAlbum 4.0\FpLaunch.dll - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE =
http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
[PowerDrag Edit Module]
InProcServer32 = C:\WINDOWS\DOWNLO~1\POWERD~1.DLL
CODEBASE =
http://activeisp.powerdrag.com/download/powerdrag.cab
[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE =
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37588.1801967593
[WebHandler Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\dlhelper.dll
CODEBASE =
http://activex.microgaming.com/DLhelper/version6/dlhelper.cab
[{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE =
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[FlashXControl Object]
InProcServer32 = C:\WINDOWS\System32\FlashAX\FlashAX.ocx
CODEBASE =
https://casinokingdom.microgaming.com/casinokingdom/FlashAX.cab
--------------------------------------------------
End of report, 6.743 bytes
Report generated in 0,330 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only