Vraag & Antwoord

Beveiliging & privacy

Hijack log... hulp a.u.b.

10 antwoorden
  • Kan iemand me aangeven wat ik kan verwijderen uit onderstaande log? Bij voorbaat dank! Groet Sven ==== Log ==== Logfile of HijackThis v1.97.7 Scan saved at 10:01:07, on 8-7-04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MDM.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\SYSDPT.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPZTSB04.EXE C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPLORER 7.0\MONITOR.EXE C:\WINDOWS\SYSTEM\SNCNTR.EXE C:\WINDOWS\TEMP\MCN.EXE C:\WINDOWS\TEMP\MCN.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\JSL5QY.EXE C:\WINDOWS\SYSTEM\LUS22B.EXE C:\SPYWARE\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nkvd.us (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM/left.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nkvd.us (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us (obfuscated) R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = C:\WINDOWS\SYSTEM\ms7531.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://nkvd.us (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us (obfuscated) R3 - URLSearchHook: (no name) - _{4FC95EDD-4796-4966-9049-29649C80111D} - (no file) F1 - win.ini: run=c:\windows\system\sysdpt.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\PROGRAM FILES\E-BOOK SYSTEMS\FLIPALBUM 5 SUITE\FPLAUNCH.DLL O2 - BHO: (no name) - {E468CF21-C488-11D8-9D2A-00508CB9D908} - C:\WINDOWS\SYSTEM\DAFI.DLL O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file) O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM219.DLL (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Mscnt] c:\windows\system\mscnt.exe /noconnect O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe O4 - HKLM\..\Run: [sncntr] c:\windows\system\sncntr.exe /nocomm O4 - HKLM\..\Run: [SexCams_be] C:\Program Files\SCom\Dialers\SexCams_be\SexCams_be.exe /dontdial O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [Mcn] C:\WINDOWS\TEMP\MCN.EXE O4 - HKLM\..\Run: [5WA8T4B4CFWFT9] C:\WINDOWS\SYSTEM\CipIX.exe O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [29L38SG44G2C2T] C:\WINDOWS\SYSTEM\EVV85L.EXE O4 - HKLM\..\Run: [AutoLoaderqwo51IIlaKLM] "C:\WINDOWS\SYSTEM\MTXDIAL.EXE" /PC="AM.WILD" /HideUninstall O4 - HKLM\..\Run: [q37f36V] MTXDIAL.EXE O4 - HKLM\..\Run: [Mcn.exe] C:\WINDOWS\TEMP\MCN.EXE O4 - HKLM\..\Run: [DVQ] C:\WINDOWS\SYSTEM\DVQ.exe O4 - HKLM\..\Run: [Prein] C:\WINDOWS\TEMP\APP40F3.TMP O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [Sysdpt] c:\windows\system\sysdpt.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [b0opRWZnl] MBSODEMX.EXE O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: VanBredaOnline Security Applet - https://www.vanbredaonline.be/applets/ema.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37661.1243055556 O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
  • zal even kijken voor je
  • graag
  • oeps dubbel post :oops:
  • fix de volgende items indien aanwezig R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nkvd.us (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM/left.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nkvd.us (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = C:\WINDOWS\SYSTEM\ms7531.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://nkvd.us (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us (obfuscated) R3 - URLSearchHook: (no name) - _{4FC95EDD-4796-4966-9049-29649C80111D} - (no file) O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file) O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM219.DLL (file missing) O4 - HKLM\..\Run: [Mscnt] c:\windows\system\mscnt.exe /noconnect O4 - HKLM\..\Run: [sncntr] c:\windows\system\sncntr.exe /nocomm O4 - HKLM\..\Run: [SexCams_be] C:\Program Files\SCom\Dialers\SexCams_be\SexCams_be.exe /dontdial O4 - HKLM\..\Run: [Mcn] C:\WINDOWS\TEMP\MCN.EXE O4 - HKLM\..\Run: [Prein] C:\WINDOWS\TEMP\APP40F3.TMP reboot in safe mode en verwijder: gooi c:\program files\SCom <---die map weg c:\windows\system\mscnt.exe <--- dat bestand c:\windows\system\sncntr.exe <--- dat bestand gooi daarna c:\windows\temp <--- die map leeg bij deze heb ik m'n twijfels: O4 - HKLM\..\Run: [AutoLoaderqwo51IIlaKLM] "C:\WINDOWS\SYSTEM\MTXDIAL.EXE" /PC="AM.WILD" /HideUninstall O4 - HKLM\..\Run: [q37f36V] MTXDIAL.EXE klinkt als een dialer en aan de rest van de log te zien is dit waarschijnlijk een dialer van een erotische site, als het een dialer is om op je werk in te bellen oid laat je hem staan, als het van een erotische site is, dan eerst MTXDIAL.EXE die in de map c:\windows\system staat weggooien. vervolgens die key ook fixen als hij er nog staat reboot in normale modus en post een nieuwe log
  • Hoeronder de nieuwe log. Krijg overigens nog steeds pop-ups... === log === Logfile of HijackThis v1.97.7 Scan saved at 11:16:23, on 8-7-04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MDM.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\MSMON.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPZTSB04.EXE C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPLORER 7.0\MONITOR.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\LUS22B.EXE C:\WINDOWS\SYSTEM\NUNF7.EXE C:\SPYWARE\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F1 - win.ini: run=c:\windows\system\msmon.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\PROGRAM FILES\E-BOOK SYSTEMS\FLIPALBUM 5 SUITE\FPLAUNCH.DLL O2 - BHO: (no name) - {E468CF21-C488-11D8-9D2A-00508CB9D908} - C:\WINDOWS\SYSTEM\DAFI.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [5WA8T4B4CFWFT9] C:\WINDOWS\SYSTEM\CipIX.exe O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [29L38SG44G2C2T] C:\WINDOWS\SYSTEM\Prdt0XMQ.exe O4 - HKLM\..\Run: [Mcn.exe] C:\WINDOWS\TEMP\MCN.EXE O4 - HKLM\..\Run: [DVQ] C:\WINDOWS\SYSTEM\DVQ.exe O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [Msmon] c:\windows\system\msmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [b0opRWZnl] MBSODEMX.EXE O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: VanBredaOnline Security Applet - https://www.vanbredaonline.be/applets/ema.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37661.1243055556 O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
  • ik kijk nog een keer :wink:
  • doe eens een [url=http://www.kaspersky.com/remoteviruschk.html]online scan[/url]
  • nadat je die online scan hebt gedaan, run je hijackthis opnieuw en laat je de volgende items fixen: [list:5c813099ea] O4 - HKLM\..\Run: [5WA8T4B4CFWFT9] C:\WINDOWS\SYSTEM\CipIX.exe O4 - HKLM\..\Run: [29L38SG44G2C2T] C:\WINDOWS\SYSTEM\Prdt0XMQ.exe O4 - HKLM\..\Run: [Mcn.exe] C:\WINDOWS\TEMP\MCN.EXE [/list:u:5c813099ea] reboot in safe mode en zorg dat hij [url=http://users.pandora.be/marcvn/spyware/1117602.htm]alle verborgen bestanden weergeeft[/url], verwijder vervolgens indien aanwezig: C:\WINDOWS\SYSTEM\CipIX.exe <--- dat bestand C:\WINDOWS\SYSTEM\Prdt0XMQ.exe <--- dat bestand en maak weer de temp folder leeg. reboot in normale modus, maak een nieuwe log en post die weer
  • Hallo sven_van_rijen, Download [url=http://downloads.subratam.org/PeperFix.exe]Peperfix[/url]. Het bestandje opslaan op je desktop. Dubbelklik erop, Klik op Find and Fix. Reboot de computer wanneer je dit gedaan hebt. Run HijackThis nog een keer en post een nieuwe HijackThislog. Groeten, Marc

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.