Vraag & Antwoord

Beveiliging & privacy

HijackThis Log

4 antwoorden
  • Hoi, Zou iemand onderstaande log willen controleren en willen aangeven wat er uit moet. Heb sinds vanavond een kleine advertentiebanner in de msn messenger staan terwijl ik in de msn messenger en via messenger plus heb aangegeven dat de advertentie banner uitgeschakeld moet zijn. Dit is de log: Logfile of HijackThis v1.97.7 Scan saved at 23:36:55, on 26-08-2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe C:\WINDOWS\System32\GEARSEC.EXE C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE C:\Program Files\Common Files\Stardock\SDMCP.exe C:\Program Files\Object Desktop\WindowBlinds\wbload.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Iomega\AutoDisk\ADService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Object Desktop\ObjectBar\ObjectBar.exe C:\Program Files\Common Files\stardock\TrayServer.exe C:\Program Files\Object Desktop\klp\Keys.exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Stardock\CursorXP\CursorXP.exe C:\Program Files\Weather Watcher\ww.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\World Time\worldtime.exe C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\Program Files\BHODemon 2.0\BHODemon.exe C:\Program Files\Object Desktop\ControlCenter\controlcenter.exe C:\WINDOWS\Sunplus Camera\DSC Camera.exe C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\Object Desktop\Tab LaunchPad\TabLaunchpad.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\VIAhm\viahm.exe C:\WINDOWS\webshots.scr C:\PROGRA~1\MI43DA~1\BLUETO~1\BTSTAC~1.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Avant Browser\iexplore.exe C:\Program Files\totalcmd\TOTALCMD.EXE H:\Diverse software\Software tbv FTP Server\Hijack This Anti Trojan\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: SYSTRAN Premium 4.0 - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\PROGRA~1\Systran\4_0\Premium\IEPlugin.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe" O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CursorXP] C:\Program Files\Stardock\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2.0\BHODemon.exe O4 - Startup: default - ControlCenter.lnk = C:\Program Files\Object Desktop\ControlCenter\controlcenter.exe O4 - Startup: DSC Camera.lnk = C:\WINDOWS\Sunplus Camera\DSC Camera.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Startup: Tab Launchpad.lnk = C:\Program Files\Object Desktop\Tab LaunchPad\TabLaunchpad.exe O4 - Startup: Task Manager.lnk = C:\WINDOWS\system32\taskmgr.exe O4 - Startup: Via Hardware Monitor.lnk = C:\Program Files\VIAhm\viahm.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: World Time.lnk = ? O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: Alle links in deze pagina openen... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Blokkeer alle plaatjes afkomstig van dezelfde server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Markeren - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: Save Picture - res://C:\Program Files\UnH Solutions\SavePicNoAsk Light\spnal.exe/130 O8 - Extra context menu item: Toevoegen aan Reclame Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Zoeken - C:\Program Files\Avant Browser\Search.htm O9 - Extra button: Trace (HKLM) O9 - Extra 'Tools' menuitem: VisualRoute Trace (HKLM) O9 - Extra 'Tools' menuitem: TurboDownload (HKLM) O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Onderzoek (HKLM) O9 - Extra button: Video Ads Blocker v1.0b Personal (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O9 - Extra 'Tools' menuitem: SavePicNoAsk Light (HKCU) O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092151635757 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37896.5911111111 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (MovieSystem WAY) - http://services.moviesystem.com/cabs/msway.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7C097449-B4CA-4493-B0CB-2949504212BD}: NameServer = 62.251.0.6,62.251.0.7 Alvast bedankt voor de moeite!
  • na paar dagen nog niemand gekeken, dan doe ik het wel even voor je.
  • Deinstalleer webshots. Laat hijackthis daarna deze items fixen:[b:55e0d211e4][list:55e0d211e4] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe[/list:u:55e0d211e4][/b:55e0d211e4] Daarna gooi je onderstaande items weg: [list:55e0d211e4][b:55e0d211e4]C:\Program Files\Webshots <---- deze map C:\WINDOWS\webshots.scr <---- deze file En die map in mijn documenten waar hij foto's in bewaart. [/b:55e0d211e4][/list:u:55e0d211e4] Reboot en download de nieuwste versie van hijackthis: http://computercops.biz/downloads-file-328.html Post daarmee een nieuwe log.
  • Hoi, Dank voor je reactie. Ik ben er ondertussen achter wat het probleem is. M$ heeft de advertentiebanner op een iets andere plaats geplaats in de messenger en daardoor kan messenger plus de banner niet meer onderdrukken. Met een update van messenger plus (in september te verwachten) zal het bannertje weer verdwenen zijn. Webshots gooi ik er niet uit aangezien ik daar een account heb.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.