PDA

Volledige versie bekijken : Loggie



Devestator
30 mei 2005, 21:10
Klopt het dat ik in veilige modus moet opstarten als ik de slechten eraf wil gooien ?
alvast bdankt,
deb


Logfile of HijackThis v1.99.1
Scan saved at 21:10:54, on 30/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
G:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hercules\Audio\Hercules DJ Console\DJConsoleMixer.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\ipjb.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\mfcwa.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\DSX9RD1R\HijackThis1991[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {2CEBB91F-EABF-58A6-AA19-3091211BC15C} - C:\WINDOWS\system32\ipqt.dll
O2 - BHO: Class - {6D224D6C-9CD9-244E-1651-BCB09374072E} - C:\WINDOWS\system32\syshs32.dll
O2 - BHO: Class - {F5FBE36A-E5CC-4D27-3198-38004C97A97B} - C:\WINDOWS\system32\winqu32.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [d3cx.exe] C:\WINDOWS\system32\d3cx.exe
O4 - HKLM\..\Run: [AdobeVersionCue] G:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DJ Console] C:\Program Files\Hercules\Audio\Hercules DJ Console\DJConsoleMixer.exe -hide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [mfcwa.exe] C:\WINDOWS\mfcwa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC5BAD37-7871-4C60-840F-8E1B5B744C29}: NameServer = 195.130.131.6,195.130.130.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE8EFF6E-16CA-45C7-9258-34D8827D06A4}: NameServer = 195.130.131.6,195.130.130.1
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipjb.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - G:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Preske
30 mei 2005, 22:50
HJT in een apparte map zetten.

volgende items verwijderen in veilige modus

C:\WINDOWS\system32\ipjb.exe
C:\WINDOWS\mfcwa.exe

rebooten, en volgende verwijderen

O2 - BHO: Class - {2CEBB91F-EABF-58A6-AA19-3091211BC15C} - C:\WINDOWS\system32\ipqt.dll
O2 - BHO: Class - {6D224D6C-9CD9-244E-1651-BCB09374072E} - C:\WINDOWS\system32\syshs32.dll
O2 - BHO: Class - {F5FBE36A-E5CC-4D27-3198-38004C97A97B} - C:\WINDOWS\system32\winqu32.dll
O4 - HKLM\..\Run: [d3cx.exe] C:\WINDOWS\system32\d3cx.exe
O4 - HKLM\..\Run: [mfcwa.exe] C:\WINDOWS\mfcwa.exe
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipjb.exe

optioneel
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime