Vraag & Antwoord

Beveiliging & privacy

hijackthis log

3 antwoorden
  • Wie kan mijn Hijackthis logfile bekijken en beoordelen Logfile of HijackThis v1.97.7 Scan saved at 21:53:01, on 22-9-2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\mqsvc.exe C:\WINDOWS\System32\mqtgsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\P2P Networking\P2P Networking.exe D:\Program Files\SETI@home\SETI@home.exe C:\Program Files\Messenger\msmsgs.exe D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Program Files\wincmd\WinCmd32.exe D:\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zdefkwabpiakwnbgtaqjpt.uk/yUq1XmuWftIWuLS7MU58ndh_aCpQhABfYIk3c19e_II.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.pvxmxvkobiavckjcqetnnc.net/yUq1XmuWftLdwKZSeCzH813GPwDYAGJ7V5P699V_oZd0CGU35g9OKsF1CpRfbaiq.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Plus18Point/Portal/portal.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://zznvpkocjuxpeb.com/yUq1XmuWftIWuLS7MU58ncmbLYFdzIVWYIk3c19e_II.html R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.rujzyrgqkzdvhxenf.org/yUq1XmuWftIWuLS7MU58nVdF_5BKecB_YIk3c19e_II.jpg"); (C:\Program Files\Netscape\Users\kielman\prefs.js) N3 - Netscape 7: user_pref("browser.startup.homepage", "http://start.home.nl"); (C:\Documents and Settings\Bert\Application Data\Mozilla\Profiles\default\q5np22jl.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Bert\Application Data\Mozilla\Profiles\default\q5np22jl.slt\prefs.js) O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {DCF7B65F-D35E-CA8B-903C-5FC5CA8EC0DA} - C:\PROGRA~1\DATAVG~1\Live roam.exe O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\nl\msntb.dll O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKCU\..\Run: [seticlient] D:\Program Files\SETI@home\SETI@home.exe -min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: ZoneAlarm.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: ICQ 4 (HKLM) O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095186354592 O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  • Deze fixen in hijackthis R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zdefkwabpiakwnbgtaqjpt.uk/yUq1XmuWftIWuLS7MU58ndh_aCpQhABfYIk3c19e_II.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.pvxmxvkobiavckjcqetnnc.net/yUq1XmuWftLdwKZSeCzH813GPwDYAGJ7V5P699V_oZd0CGU35g9OKsF1CpRfbaiq.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Plus18Point/Portal/portal.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://zznvpkocjuxpeb.com/yUq1XmuWftIWuLS7MU58ncmbLYFdzIVWYIk3c19e_II.html R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL O2 - BHO: (no name) - {DCF7B65F-D35E-CA8B-903C-5FC5CA8EC0DA} - C:\PROGRA~1\DATAVG~1\Live roam.exe O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx Hmmm.. ik mis hier wel iets, nl. de exe die verantwoordelijk is voor je plus18point, tenzij het weer een nieuwe variant is.. en ik die blijkbaar over het hoofd zie.. Verder pc in veilige mode rebooten en volgende wissen: C:\WINDOWS\System32\P2P Networking\ <== deze map C:\PROGRA~1\DATAVG~1\Live roam.exe C:\Program Files\MyWay\ <== deze map
  • Probeer van tevoren switch te deinstaleren in software in het configuratiescherm, Volg de instructies van Miekiemoes op, daarna even herstarten en een nieuwe log posten met deze versie: http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13 @Miekiemoes, ik zie ook geen ander item van switch, probeer trouwens wel altijd switch in het configuratiescherm onder software eruit te gooien, Edit: deze ook fixen, is pretpakket van msn+ in netscape versie, [list:6c8def0961][b:6c8def0961] N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.rujzyrgqkzdvhxenf.org/yUq1XmuWftIWuLS7MU58nVdF_5BKecB_YIk3c19e_II.jpg"); (C:\Program Files\Netscape\Users\kielman\prefs.js)[/b:6c8def0961][/list:u:6c8def0961]

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.