Hijackthislog..ff voor de zekerheid

The Disciple

16-10-2005 19:56

Die TCPIP dinge bij 017…wat zijn dat? Ik heb net een hele rits virusmeldinge gehad en alles sloeg vast enzo..dus ik heb ff Hijackthis gedraait om te kijke of ik wat vreemds zag..deze TCPIP dinge staan er normaal nooit.
Kunne deze weg?
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\System32\navshext1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: “C:\Program Files\AVPersonal\AVGNT.EXE” /min
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: CUseeMe Conferencing Companion - {44EFB53C-C965-43CF-9F45-52242D134187} - C:\Program Files\CUseeMe\Amigo.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://bitdefender.secyber.net/BITDEFENDER/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106518423469
O17 - HKLM\System\CCS\Services\Tcpip\..\{13671D02-31FC-487A-85E0-B3DD97418241}: NameServer = 85.255.113.149,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E75238E-EC82-447D-967D-72F0C8D14DB5}: NameServer = 85.255.113.149,85.255.112.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{13671D02-31FC-487A-85E0-B3DD97418241}: NameServer = 85.255.113.149,85.255.112.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{13671D02-31FC-487A-85E0-B3DD97418241}: NameServer = 85.255.113.149,85.255.112.11
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
lucas

16-10-2005 21:07

Ik adviseer je om na het uitvoeren van de stappen bij LEES DIT EERST (rode linkje bovenin je scherm). Een volledige log te plaatsen.
Lucas
The Disciple

16-10-2005 21:15

Alle stappen had ik al gedaan ja.
Voor de rest is er hoogstwaarschijnlijk nx mis…alleen die 017 tcpip dinge staan er ineens..ik vraag me af wat dit is en of het weg kan.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinTV\WinTV2K.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\System32\navshext1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: “C:\Program Files\AVPersonal\AVGNT.EXE” /min
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: CUseeMe Conferencing Companion - {44EFB53C-C965-43CF-9F45-52242D134187} - C:\Program Files\CUseeMe\Amigo.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://bitdefender.secyber.net/BITDEFENDER/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106518423469
O17 - HKLM\System\CCS\Services\Tcpip\..\{13671D02-31FC-487A-85E0-B3DD97418241}: NameServer = 85.255.113.149,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E75238E-EC82-447D-967D-72F0C8D14DB5}: NameServer = 85.255.113.149,85.255.112.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{13671D02-31FC-487A-85E0-B3DD97418241}: NameServer = 85.255.113.149,85.255.112.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{13671D02-31FC-487A-85E0-B3DD97418241}: NameServer = 85.255.113.149,85.255.112.11
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
killerbee

16-10-2005 21:27

Doe nou ff wat Lukas vraagt:
Plaats een heel log.
Dus ook de bovenste regels..
The Disciple

16-10-2005 21:33

Logfile of HijackThis v1.99.1
Scan saved at 21:30:35, on 16-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\System32\navshext1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: “C:\Program Files\AVPersonal\AVGNT.EXE” /min
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: CUseeMe Conferencing Companion - {44EFB53C-C965-43CF-9F45-52242D134187} - C:\Program Files\CUseeMe\Amigo.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://bitdefender.secyber.net/BITDEFENDER/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106518423469
O17 - HKLM\System\CCS\Services\Tcpip\..\{13671D02-31FC-487A-85E0-B3DD97418241}: NameServer = 85.255.113.149,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E75238E-EC82-447D-967D-72F0C8D14DB5}: NameServer = 85.255.113.149,85.255.112.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{13671D02-31FC-487A-85E0-B3DD97418241}: NameServer = 85.255.113.149,85.255.112.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{13671D02-31FC-487A-85E0-B3DD97418241}: NameServer = 85.255.113.149,85.255.112.11
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
lucas

16-10-2005 21:56

Ik geloof er helemaal niets van dat dit eem volledige log is
Als je hulp wilt hebben doe dan eens wat je gezegd wordt of ga ff ergens anders vragen :o
Lucas
killerbee

16-10-2005 22:03

download ff winsockfix
Maar doe er nog niets mee
Start alleen HJT op en vink de volgende regels aan en klik op fix checked:
O17 - HKLM\System\CCS\Services\Tcpip\..\{13671D02-31FC-487A-85E0-B3DD97418241}: NameServer = 85.255.113.149,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E75238E-EC82-447D-967D-72F0C8D14DB5}: NameServer = 85.255.113.149,85.255.112.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{13671D02-31FC-487A-85E0-B3DD97418241}: NameServer = 85.255.113.149,85.255.112.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{13671D02-31FC-487A-85E0-B3DD97418241}: NameServer = 85.255.113.149,85.255.112.11
Mocht je daarna problemen krijgen met internet dan gebruik je de winsockfix.
suc6 en vertel je bevindingen
The Disciple

16-10-2005 22:09

Uhm…waarom zou ik dinge weglate? Daar heb ik toch alleen mezelf mee? Dit is ECHT een VOLLEDIGE log…
lucas

16-10-2005 22:15

En toch mis ik wat maar goed, volg de raad van Killerbee maar op.
Lucas
The Disciple

16-10-2005 22:20

Wat mis je dan?
Waar heb je het over?

Hijackthislog..ff voor de zekerheid

The Disciple

lucas

The Disciple

killerbee

The Disciple

lucas

killerbee

The Disciple

lucas

The Disciple