Vraag & Antwoord

Beveiliging & privacy

Nog een keer: hijackthis

6 antwoorden
  • Hallo mensen, Ik ben bezig met het "schoonvegen"van de pc van mijn ouders. Met AdAware etc. heb ik al het een en ander eruit kunnen halen. Ik ben nog niet zeker of ik alles al heb. Wie is zo aardig om de volgende log te bekijken? Alvast bedankt! M. Logfile of HijackThis v1.97.7 Scan saved at 13:54:18, on 20-6-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\svchost.exe D:\Mijn documenten\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic Agent\Web\SearchBar.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O1 - Hosts: 216.93.168.167 auto.search.msn.com O1 - Hosts: 216.93.168.167 sitefinder.verisign.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\RunServices: [CMD] cmd32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\programfiles\zip\WZQKPICK.EXE O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM) O9 - Extra button: PopupPopper Configuratiescherm (HKLM) O9 - Extra button: Copernic Agent (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2A51BC6B-38B6-40F3-9594-F033353938BC}: NameServer = 62.251.0.6 62.251.0.7 O17 - HKLM\System\CCS\Services\Tcpip\..\{4141EB90-78BB-40D9-9B5E-59AB67AEDF2F}: NameServer = 62.251.0.6,62.251.0.7 O17 - HKLM\System\CS1\Services\Tcpip\..\{2A51BC6B-38B6-40F3-9594-F033353938BC}: NameServer = 62.251.0.6 62.251.0.7 :wink:
  • Hallo Maarten81, Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:c2125d0ff7] O1 - Hosts: 216.93.168.167 auto.search.msn.com O1 - Hosts: 216.93.168.167 sitefinder.verisign.com O4 - HKLM\..\RunServices: [CMD] cmd32.exe [/b:c2125d0ff7] Doe een online scan: http://housecall.trendmicro.com/housecall/start_corp.asp groeten,
  • Hallo M@rc, Dit is het resultaat. De virusscan heeft er een Trojan uitgehaald. Logfile of HijackThis v1.97.7 Scan saved at 21:57:39, on 20-6-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Mijn documenten\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic Agent\Web\SearchBar.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\programfiles\zip\WZQKPICK.EXE O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM) O9 - Extra button: PopupPopper Configuratiescherm (HKLM) O9 - Extra button: Copernic Agent (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab [color=red:1f17ba4777]O17 - HKLM\System\CCS\Services\Tcpip\..\{2A51BC6B-38B6-40F3-9594-F033353938BC}: NameServer = 62.251.0.6 62.251.0.7 O17 - HKLM\System\CS1\Services\Tcpip\..\{2A51BC6B-38B6-40F3-9594-F033353938BC}: NameServer = 62.251.0.6 62.251.0.7[/color:1f17ba4777] Weet jij toevallig waar de laatste 2 regels voor dienen (de rode)? Momenteel moet ik via een omweg verbinding maken met het internet, en ik vraag me af of deze regels daar mee te maken hebben. Alvast bedankt, M PS super dat je je hiervoor inzet!!!!!!!! Geldt ook voor de anderen zoals de huismeester en quasi etc.!!
  • NameServers zijn vermoedelijk van je ISP. Welke is dat?
  • 017 is je provider. Kijk even bij deze link: http://www.weethet.nl/dutch/adsl_mxstream_dns.php
  • Als die rode (O17 items) niet aan je ISP behoren of aan je eigen netwerk, kan je deze laten repareren. Maar volgens mij behoren ze bij HCCNet. Log ziet er goed uit.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.