Logje

[anoniem]

Logfile of HijackThis v1.98.2 Scan saved at 0:18:16, on 15-10-2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\avgserv.exe F:\WINDOWS\System32\nvsvc32.exe G:\Shit\Serv-U\ServUDaemon.exe F:\WINDOWS\System32\svchost.exe C:\Programma's\MSG\MsgPlus.exe F:\WINDOWS\anvshell.exe F:\WINDOWS\system32\wscntfy.exe F:\Program Files\MSN Messenger\msnmsgr.exe F:\Program Files\MSN Messenger\msnmsgr.exe F:\Program Files\Messenger\msmsgs.exe F:\PROGRA~1\eZula\mmod.exe F:\PROGRA~1\WEBOFF~1\wo.exe F:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AVG\AVGCC32.EXE F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Programma's\AVG\avgw.exe F:\DOCUME~1\Jayday\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe F:\Program Files\Windows NT\Bureau-accessoires\wordpad.exe F:\DOCUME~1\Jayday\LOCALS~1\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.computertotaal.nl/phpBB R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=runonce&pver=6.0&plcid=0x0413 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\AVG\avgcc32.exe /startup O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programma's\MSG\MsgPlus.exe" O4 - HKLM\..\Run: [Anvshell] anvshell.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LiveNote] livenote.exe O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o O4 - HKCU\..\Run: [eZmmod] F:\PROGRA~1\ezula\mmod.exe O4 - HKCU\..\Run: [eZWO] F:\PROGRA~1\Web Offer\wo.exe O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Gelijkwaardige pagina's - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - G:\Shit\IFview\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096716190215 Thnz Dion.. :wink:

[anoniem]

ben ff bezig. Edit: Post even die log na een reboot en zet hjt ff in een eigen map. edit2: Op MSN van hem vernomen dat hij de nieuwe in z'n bovenste post heeft gezet (post dus geedit), ik fix alleen niet via msn icm notepad oid omdat ik het hier op de een of andere manier fijner vind (waarom weet ik ook niet maar goed)

[anoniem]

Open taakbeheer en kill deze processen even: [list:5fdc7c024d][b:5fdc7c024d]mmod.exe wo.exe[/b:5fdc7c024d][/list:u:5fdc7c024d] Sluit ff alle vensters en dan mag je deze repareren, [list:5fdc7c024d][b:5fdc7c024d]O4 - HKCU\..\Run: [eZmmod] F:\PROGRA~1\ezula\mmod.exe O4 - HKCU\..\Run: [eZWO] F:\PROGRA~1\Web Offer\wo.exe[/b:5fdc7c024d][/list:u:5fdc7c024d] Daarna even in de veilige modus gaan en alle bestanden laten weergeven op deze manier: http://users.pandora.be/marcvn/spyware/1117602.htm Herstarten en nieuw logje plaatsen.

[anoniem]

Logfile of HijackThis v1.98.2 Scan saved at 0:28:47, on 15-10-2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\avgserv.exe F:\WINDOWS\System32\nvsvc32.exe G:\Shit\Serv-U\ServUDaemon.exe F:\WINDOWS\System32\svchost.exe C:\Programma's\MSG\MsgPlus.exe F:\WINDOWS\anvshell.exe F:\WINDOWS\system32\wscntfy.exe F:\Program Files\MSN Messenger\msnmsgr.exe F:\Program Files\MSN Messenger\msnmsgr.exe F:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\AVG\AVGCC32.EXE F:\DOCUME~1\Jayday\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe F:\DOCUME~1\Jayday\LOCALS~1\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe F:\WINDOWS\system32\NOTEPAD.EXE F:\WINDOWS\explorer.exe F:\Program Files\Internet Explorer\iexplore.exe F:\DOCUME~1\Jayday\LOCALS~1\Temp\Tijdelijke map 3 voor hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.computertotaal.nl/phpBB R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=runonce&pver=6.0&plcid=0x0413 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\AVG\avgcc32.exe /startup O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programma's\MSG\MsgPlus.exe" O4 - HKLM\..\Run: [Anvshell] anvshell.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LiveNote] livenote.exe O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o O4 - HKLM\..\RunOnce: [AAW] "F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1" O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Gelijkwaardige pagina's - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - G:\Shit\IFview\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096716190215 Alsje

[anoniem]

Logje lijkt me in orde hoor, :wink: