Hijackthis log, willen jullie die eens bekijken

[anoniem]

Logfile of HijackThis v1.98.0 Scan saved at 21:52:01, on 23-9-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE C:\Program Files\ahead\InCD\InCD.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE c:\progra~1\intern~1\iexplore.exe C:\WINDOWS\System32\int1.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Download\HijackThis.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sasuttkkepixnsdw.us/fceL7TnwHNI/IJw/9Cvqv_Z0WhXmLHz2FlVcjDvy7Og.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cghzvmmtzcpxijg.net/fceL7TnwHNJceg4aunZEJNEQoM1JKYID/3XdayyT_d7BKEjjtxAi_Zw_UveB15He.html F0 - system.ini: Shell= F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe O4 - HKLM\..\Run: [hpsjbmgr] C:\SCANJET\PrecisionScanLT\hpsjbmgr.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - HKLM\..\Run: [beep2] C:\PROGRA~1\TRAYLO~1\ATOMAXIS.exe O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe O4 - HKLM\..\Run: [Classes] C:\WINDOWS\System32\int1.exe O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe O4 - Startup: Microsoft Office Werkbalk.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab

[anoniem]

ben bezig

[anoniem]

Open taakbeheer (ctrl + alt + del) en kill dit process: [list:c92f6fa745][b:c92f6fa745]int1.exe[/b:c92f6fa745][/list:u:c92f6fa745] Sluit alle vensters en laat deze fixen: [list:c92f6fa745][b:c92f6fa745]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sasuttkkepixnsdw.us/fceL7TnwHNI/IJw/9Cvqv_Z0WhXmLHz2FlVcjDvy7Og.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cghzvmmtzcpxijg.net/fceL7TnwHNJceg4aunZEJNEQoM1JKYID/3XdayyT_d7BKEjjtxAi_Zw_UveB15He.html O4 - HKLM\..\Run: [Classes] C:\WINDOWS\System32\int1.exe[/b:c92f6fa745][/list:u:c92f6fa745] Scan deze even bij kaspersky:[list:c92f6fa745][b:c92f6fa745]C:\PROGRA~1\TRAYLO~1\ATOMAXIS.exe[/b:c92f6fa745][/list:u:c92f6fa745] Herstart in veilige modus, laat [url=http://users.pandora.be/marcvn/spyware/1117602.htm]alle verborgen bestanden weergeven[/url] en verwijder indien nog aanwezig: [list:c92f6fa745][b:c92f6fa745]C:\WINDOWS\System32\int1.exe <--- deze file[/b:c92f6fa745][/list:u:c92f6fa745] Herstart en post een nieuwe log.

[anoniem]

Nieuwe log trouwens met deze versie: http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13