Logfile of HijackThis v1.98.2
Scan saved at 15:36:23, on 16-10-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\System32\Ati2evxx.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\slserv.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS.0\system32\wumgrd.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS.0\System32\NDrv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS.0\system32\cisvc.exe
C:\WINDOWS.0\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADMINS~1\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mhhqdtjsyrkcrdaukirkmms....k2F9u0pipGjXBVqjvKeh/0SJJBIWTdVFf8T_WPBgF.jpg
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ppswkxylbmhmivznzztg.net/NlUAieq7/D1WX9LR7qC8On6DJznu_1_sMxtyGOtIn10.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS.0\System32\NDrv.dll
O2 - BHO: (no name) - {3B011135-DC78-951F-3718-7163D59805FB} - C:\PROGRA~1\SPAMCA~1\Third memo.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINDOWS.0\System32\NDrv.dll
O2 - BHO: (no name) - {DC2B6369-A4D4-4DBF-9AB2-75C7241E5924} - C:\DOCUME~1\ADMINS~1\APPLIC~1\SPAMCA~1\Third memo.exe
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft DirectX] wuamgrd.exe
O4 - HKLM\..\Run: [Microsoft Update] wumgrd.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS.0\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Microsoft Update] wumgrd.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] wuamgrd.exe
O4 - HKCU\..\Run: [Microsoft Update] wumgrd.exe
O4 - HKCU\..\Run: [Microsoft DirectX] wuamgrd.exe
O4 - HKCU\..\Run: [Bird Four] C:\DOCUME~1\ADMINS~1\APPLIC~1\CREATI~1\01 Admin.exe
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O18 - Filter: text/html - {89B8D1C7-3C7A-4D21-8A64-C16F156109A2} - C:\Documents and Settings\adminstrator\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat
Heb startpagina als searcweb wat ik kan er niet uit kan krijgen wie weet hoe ik dat kan doen, ik heb alles al geprobeerd?!!
en hoe krijg je dat weg bij veilige mode?!
Of wat ik hier allemaal weg kan krijgen!?
Ik heb windows en internet cleaner gedownload kan dat daar ook mee?!
alvast bedankt.
Scan saved at 15:36:23, on 16-10-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\System32\Ati2evxx.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\slserv.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS.0\system32\wumgrd.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS.0\System32\NDrv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS.0\system32\cisvc.exe
C:\WINDOWS.0\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADMINS~1\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mhhqdtjsyrkcrdaukirkmms....k2F9u0pipGjXBVqjvKeh/0SJJBIWTdVFf8T_WPBgF.jpg
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ppswkxylbmhmivznzztg.net/NlUAieq7/D1WX9LR7qC8On6DJznu_1_sMxtyGOtIn10.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS.0\System32\NDrv.dll
O2 - BHO: (no name) - {3B011135-DC78-951F-3718-7163D59805FB} - C:\PROGRA~1\SPAMCA~1\Third memo.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINDOWS.0\System32\NDrv.dll
O2 - BHO: (no name) - {DC2B6369-A4D4-4DBF-9AB2-75C7241E5924} - C:\DOCUME~1\ADMINS~1\APPLIC~1\SPAMCA~1\Third memo.exe
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft DirectX] wuamgrd.exe
O4 - HKLM\..\Run: [Microsoft Update] wumgrd.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS.0\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Microsoft Update] wumgrd.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] wuamgrd.exe
O4 - HKCU\..\Run: [Microsoft Update] wumgrd.exe
O4 - HKCU\..\Run: [Microsoft DirectX] wuamgrd.exe
O4 - HKCU\..\Run: [Bird Four] C:\DOCUME~1\ADMINS~1\APPLIC~1\CREATI~1\01 Admin.exe
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O18 - Filter: text/html - {89B8D1C7-3C7A-4D21-8A64-C16F156109A2} - C:\Documents and Settings\adminstrator\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat
Heb startpagina als searcweb wat ik kan er niet uit kan krijgen wie weet hoe ik dat kan doen, ik heb alles al geprobeerd?!!
en hoe krijg je dat weg bij veilige mode?!
Of wat ik hier allemaal weg kan krijgen!?
Ik heb windows en internet cleaner gedownload kan dat daar ook mee?!
alvast bedankt.
Laatst bewerkt: