29-08-2005, 17:36
|
|
|
Hallo,
sinds een paar uur heb ik last van iets genaamd SIXA, dat mij van internet afgooit en op mijn pc verbinding maakt waardoor ik het internet niet meer op kan (ik zit nu bij een vriend) dit is mn hijacklog: Logfile of HijackThis v1.99.1 Scan saved at 17:42:29, on 29-8-2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\netinfo.exe D:\WINDOWS\ntfsprotect.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Winamp\winampa.exe C:\Program Files\MsgPlus.exe D:\WINDOWS\vsnpstd.exe D:\Program Files\Softwin\BitDefender8\bdmcon.exe D:\Program Files\Softwin\BitDefender8\bdnagent.exe D:\WINDOWS\System32\ctfmon.exe D:\Program Files\stad\epae.exe D:\Program Files\MSN Messenger\msnmsgr.exe D:\Program Files\Internet Explorer\iexplore.exe C:\Mijn Documenten\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O1 - Hosts: 141.225.152.142 onlineaccounts2.abbeynational.co.uk O1 - Hosts: 141.225.152.142 www3.aibgbonline.co.uk O1 - Hosts: 141.225.152.142 www.bank.alliance-leicester.co.uk O1 - Hosts: 141.225.152.142 login.iblogin.com O1 - Hosts: 141.225.152.142 ww2.bankofscotlandhalifax-online.co.uk O1 - Hosts: 141.225.152.142 inet.barclays.co.uk O1 - Hosts: 141.225.152.142 iibank.barclays.co.uk O1 - Hosts: 141.225.152.142 iibank.cahoot.com O1 - Hosts: 141.225.152.142 www3.coventrybuildingsociety.co.uk O1 - Hosts: 141.225.152.142 ww.hsbc.co.uk O1 - Hosts: 141.225.152.142 login.ebank.offshore.hsbc.co.je O1 - Hosts: 141.225.152.142 ww3.online-offshore.lloydstsb.com O1 - Hosts: 141.225.152.142 ww3.online-business.lloydstsb.co.uk O1 - Hosts: 141.225.152.142 ww3.online.lloydstsb.co.uk O1 - Hosts: 141.225.152.142 ww3.online.lloydstsb.co.uk O1 - Hosts: 141.225.152.142 ww3.online-business.lloydstsb.co.uk O1 - Hosts: 141.225.152.142 ob2.nationet.com O1 - Hosts: 141.225.152.142 ww3.onlinebanking.natwestoffshore.com O1 - Hosts: 141.225.152.142 ww1.nwolb.com O1 - Hosts: 141.225.152.142 ww1.onlinebanking.iombank.com O1 - Hosts: 141.225.152.142 ww1.www.rbsdigital.com O1 - Hosts: 141.225.152.142 welcome.smile.co.uk O1 - Hosts: 141.225.152.142 login.365online.com O1 - Hosts: 141.225.152.142 wvw.citizensbankonline.com O1 - Hosts: 141.225.152.142 esecure.regionsnet.com O1 - Hosts: 141.225.152.142 rollb.associatedbank.com O1 - Hosts: 141.225.152.142 upb.unionplanters.com O1 - Hosts: 141.225.152.142 www.onlinebanking.huntington.com O1 - Hosts: 141.225.152.142 inet.southtrustonlinebanking.com O1 - Hosts: 141.225.152.142 logon.personal.wamu.com O1 - Hosts: 141.225.152.142 login.compassweb.com O1 - Hosts: 141.225.152.142 logon.firstmeritib.com O1 - Hosts: 141.225.152.142 login.ccfcuonline.org O1 - Hosts: 141.225.152.142 ww3.etimebanker.bankofthewest.com O1 - Hosts: 141.225.152.142 ww2.onlinebanking.lasallebank.com O1 - Hosts: 141.225.152.142 wvw.totallyfreebanking.com O1 - Hosts: 141.225.152.142 www.online.wellsfargo.com O1 - Hosts: 141.225.152.142 www.onlinebanking.bankofoklahoma.com O1 - Hosts: 141.225.152.142 accounts4.keybank.com O1 - Hosts: 141.225.152.142 logon.bankone.com O1 - Hosts: 141.225.152.142 www.secure.tdbanknorth.com O1 - Hosts: 141.225.152.142 www.secure.mvnt4.com O1 - Hosts: 141.225.152.142 ww.mynfbonline.com O1 - Hosts: 141.225.152.142 login.forumcuonline.com O1 - Hosts: 141.225.152.142 www.eds.usersonlnet.com O1 - Hosts: 141.225.152.142 www.onlineid.bankofamerica.com O1 - Hosts: 141.225.152.142 wvw.e-gold.com O1 - Hosts: 141.225.152.142 pcbs.peoples.com O1 - Hosts: 141.225.152.142 www.global1.onlinebank.com O1 - Hosts: 141.225.152.142 ww2.mybranch.lafcu.com O1 - Hosts: 141.225.152.142 login.webbanking.comerica.com O1 - Hosts: 141.225.152.142 web.banking.firsttennessee.com O1 - Hosts: 141.225.152.142 logon.members1st.org O1 - Hosts: 141.225.152.142 www.cib.ibanking-services.com O1 - Hosts: 141.225.152.142 www.miwebbusbank.ebanking-services.com O1 - Hosts: 141.225.152.142 wvw.paypal.com O1 - Hosts: 141.225.152.142 www.signin.ebay.com O1 - Hosts: 141.225.152.142 wvw.etrade.com O1 - Hosts: 141.225.152.142 ww4.fleethomelink.fleet.com O1 - Hosts: 141.225.152.142 ww3.connect.skyfi.com O1 - Hosts: 141.225.152.142 www6.usbank.com O1 - Hosts: 141.225.152.142 www.bvi.bancodevalencia.es O1 - Hosts: 141.225.152.142 extrant.banesto.es O1 - Hosts: 141.225.152.142 banesnt.banesto.es O1 - Hosts: 141.225.152.142 activia.caixagalicia.es O1 - Hosts: 141.225.152.142 www.bancae.caixapenedes.com O1 - Hosts: 141.225.152.142 login.caixasabadell.net O1 - Hosts: 141.225.152.142 oii.cajamadrid.es O1 - Hosts: 141.225.152.142 login.cajamar.es O1 - Hosts: 141.225.152.142 login.ccm.es O1 - Hosts: 141.225.152.142 ww.unicaja.es O1 - Hosts: 141.225.152.142 www5.bancopopular.es O1 - Hosts: 141.225.152.142 ww3.bbvanet.com O1 - Hosts: 141.225.152.142 ww.bayernlb.de O1 - Hosts: 141.225.152.142 ww2.berliner-volksbank.de O1 - Hosts: 141.225.152.142 ww7.homebanking-berlin.de O1 - Hosts: 141.225.152.142 portal09.commerzbanking.de O1 - Hosts: 141.225.152.142 www.meine.deutsche-bank.de O1 - Hosts: 141.225.152.142 ww2.dresdner-privat.de O1 - Hosts: 141.225.152.142 ww.e-banking.helaba.de O1 - Hosts: 141.225.152.142 ww.hsh-nordbank.de O1 - Hosts: 141.225.152.142 www.my.hypovereinsbank.de O1 - Hosts: 141.225.152.142 ww3.homebanking-berlin.de O1 - Hosts: 141.225.152.142 ww3.homebanking-berlin.de O1 - Hosts: 141.225.152.142 www.banking.lbbw.de O1 - Hosts: 141.225.152.142 lrp.sparkasse-banking.de O1 - Hosts: 141.225.152.142 ww3.homebanking-niedersachsen.de O1 - Hosts: 141.225.152.142 www.onlinebanking.norisbank.de O1 - Hosts: 141.225.152.142 www.banking.postbank.de O1 - Hosts: 141.225.152.142 wvw.internetbanking.gad.de O1 - Hosts: 141.225.152.142 ww1.portal.izb.de O1 - Hosts: 141.225.152.142 wvw.kunden-service.lbs.de O1 - Hosts: 141.225.152.142 ibanking.seb.de O1 - Hosts: 141.225.152.142 bw7.sparkasse-banking.de O1 - Hosts: 141.225.152.142 ww2.homebanking-sparkasse.de O1 - Hosts: 141.225.152.142 ww2.vr-networld-ebanking.de O1 - Hosts: 141.225.152.142 ww.bics.fr O1 - Hosts: 141.225.152.142 www.co.caixabank.fr O1 - Hosts: 141.225.152.142 ww.creditmutuel.fr O1 - Hosts: 141.225.152.142 internetbank.intesabci.it O1 - Hosts: 141.225.152.142 ww.extensive.bancalombarda.it O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Microsoft Javascript Class - {6E28339B-7A2A-47B6-AEB2-46BA53782373} - D:\WINDOWS\System32\dllcache\javascript.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MsgPlus.exe" O4 - HKLM\..\Run: [Microsoft Windows Game Updater] msgame32.exe O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [snpstd] D:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [BDMCon] "D:\Program Files\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [BDNewsAgent] "D:\Program Files\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe O4 - HKLM\..\RunServices: [Microsoft Windows Game Updater] msgame32.exe O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe O4 - HKCU\..\Run: [Oaco] D:\Program Files\stad\epae.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2C78C086-7A09-45D7-AB5E-9B6A99F3F284}: NameServer = 194.134.5.5 194.134.5.55 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: netinfo - Unknown owner - D:\WINDOWS\netinfo.exe O23 - Service: NTFSprotect (ntfsdiscman) - Unknown owner - D:\WINDOWS\ntfsprotect.exe O23 - Service: Performance Logs (Perfhmon) - Unknown owner - D:\WINDOWS\System32\Perfhmon.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
__________________
i was everything you wanted until i quit
|
| Advertentie | |
|
|
|
|
29-08-2005, 18:08
|
|
|
Doe het volgende:
Wat ik ook een beetje verdacht vond is D:\Program Files\stad\epae.exe Als dit je niet bekend voor komt, fix dit met hijackthis, beindig het proces en verwijder dit dan.
__________________
"Typefouten zijn gratis" | "Daar is vast wel een knopje voor" | "Ik weet, want ik zoek" | Powered by Firefox, Chromium, Mac OS X, OpenSuse, and Google.
Laatst gewijzigd op 29-08-2005 om 18:22. |
|
29-08-2005, 22:51
|
|
|
 Heb je nog verdere vragen, stel ze dan in het centrale spyware topic: http://forum.scholieren.com/showthre...readid=1040501
__________________
Per undas adversas (tegen de stroom in)
|
| Advertentie |
|
|
 |
«
Vorige topic
|
Volgende topic
»
|
|
Alle tijden zijn GMT +1. Het is nu 14:30.
Adverteren