virus
Moderator: MandersOnline
-
MandersOnline
- Manders Online
- Berichten: 23688
- Lid geworden op: zo 03 aug 2003, 1:12
- Locatie: Amsterdam
- Contacteer:
En nu enkel nog een Hijackthis log er achteraan dan kan ik even melden wat er nog meer weg kan, zit nog ergens een verwijzing naar iets wat weg mag
Bezoek ook gerust de website https://mandersonline.nl
-
MandersOnline
- Manders Online
- Berichten: 23688
- Lid geworden op: zo 03 aug 2003, 1:12
- Locatie: Amsterdam
- Contacteer:
Nee ben bang van niet aangezien er nog wel ergens wat staat in C:\WINDOWS\System32
Alleen daarvoor heb ik echt een Hijackthis log nodig daar staan te veel bestanden.
Hijackthis download en informatie
Alleen daarvoor heb ik echt een Hijackthis log nodig daar staan te veel bestanden.
Hijackthis download en informatie
Bezoek ook gerust de website https://mandersonline.nl
Logfile of HijackThis v1.99.1
Scan saved at 23:33:43, on 21/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Borland\Interbase\Bin\ibguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Borland\Interbase\Bin\ibserver.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Tweak-XP\tranicon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\MSNmsgr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IExpLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\neper\LOCALS~1\Temp\Rar$EX00.734\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = eetcaf
Scan saved at 23:33:43, on 21/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Borland\Interbase\Bin\ibguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Borland\Interbase\Bin\ibserver.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Tweak-XP\tranicon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\MSNmsgr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IExpLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\neper\LOCALS~1\Temp\Rar$EX00.734\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = eetcaf
-
MandersOnline
- Manders Online
- Berichten: 23688
- Lid geworden op: zo 03 aug 2003, 1:12
- Locatie: Amsterdam
- Contacteer:
Deze jongens hebben nog van doen met het betreffende virus wat er binnen gekomen was lijkt er op dat ze van de PC verwijderd zijn.neper110 @ Do 21 Jun 2007, 23:34 schreef:Logfile of HijackThis v1.99.1
Scan saved at 23:33:43, on 21/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\urqnkhh.dll (file missing)
O2 - BHO: (no name) - {9E6D6900-8BC9-4100-BDB8-CF38A6870602} - C:\WINDOWS\system32\ssqrq.dll (file missing)
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\tuvtsro.dll (file missing)
O20 - Winlogon Notify: ssqrq - C:\WINDOWS\system32\ssqrq.dll (file missing)
O20 - Winlogon Notify: tuvtsro - tuvtsro.dll (file missing)
O20 - Winlogon Notify: urqnkhh - urqnkhh.dll (file missing)
Verder wil ik wel even Advies geven om Java bij te werken en mocht je willen dat ik de rest van de Log nog even na check er zit nog wel wat tussen wat ook weg mag.
Bezoek ook gerust de website https://mandersonline.nl
-
MandersOnline
- Manders Online
- Berichten: 23688
- Lid geworden op: zo 03 aug 2003, 1:12
- Locatie: Amsterdam
- Contacteer:
[quote]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = eetcaf
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = eetcaf
Bezoek ook gerust de website https://mandersonline.nl