Vraag & Antwoord

Beveiliging & privacy

Hijackthis logfile

6 antwoorden
  • Ik ben vandaag maar eens begonnen met het opruimen van spyware aangezien mijn startpagina niet meer werkt en er allerlei ongewenste taakbalken in beeld komen. Inmiddels heb ik Ad -aware, Spybot S&D en het shredder programma gedraaid. Een hoop troep is verdwenen maar het startpaginaprobleem (searchweb2.com) blijft. Voorzichtig (ik ben op dit gebied uiterst onervaren) Hijackthis gedraaid met onderstaande logfile als resultaat. Hoe nu verder???? Logfile of HijackThis v1.98.2 Scan saved at 13:49:03, on 3-10-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Nhksrv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe D:\Norton Antivirus\navapsvc.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\DELLMMKB.EXE C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE C:\WINDOWS\System32\devldr32.exe C:\Program Files\Messenger Plus! 2\MsgPlus.exe C:\Program Files\QuickTime\qttask.exe D:\Ahead\InCD\InCD.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\WINDOWS\System32\ctfmon.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe C:\Program Files\Psion\PsiWin\Psconsv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Psion\PsiWin\Elogerr.exe D:\Norton Internet Security\NISUM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe D:\Norton Internet Security\ccPxySvc.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\HJT\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gctpxpsjxhkgzafd.com/0qQjreZa4lJT07OQ7KmEdrq02wFhjmvXzRs9p02ZQaM.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.obxsacstodmbeiqfhbim.info/0qQjreZa4lIKc7C8b3GgkzhOheZ5xHlHpDoWc7oQKStMvfYPXDgNiCegNb7wdnO7.jpg R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {43B45950-6CEB-E959-5DF1-B71BF51D99F3} - C:\PROGRA~1\GLOBAL~1\supportmess.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Norton Antivirus\NavShExt.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\nl\msntb.dll O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [vga enc] C:\PROGRA~1\JUMPMI~1\balm stupid.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] D:\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [AudioExitSupportAim] C:\Documents and Settings\All Users\Application Data\CakeFlagAudioExit\FUNKLESS.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe O4 - Global Startup: Microsoft Office.lnk = D:\MicrosoftOffice\Office10\OSA.EXE O4 - Global Startup: Nuria.lnk = D:\Nuria\Nuria.exe O4 - Global Startup: PsiWin 2.3 Connection Server.lnk = C:\Program Files\Psion\PsiWin\Psconsv.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {B3E451DC-DD2B-4ECD-B226-08FF692024B1} (Installer Control) - http://62.26.118.201/en/download/bin/webinstaller.cab O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (MovieSystem WAY) - http://services.moviesystem.com/cabs/msway.cab [/quote]
  • [quote:c43cecfdc1]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gctpxpsjxhkgzafd.com/0qQjreZa4lJT07OQ7KmEdrq02wFhjmvXzRs9p02ZQaM.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.obxsacstodmbeiqfhbim.info/0qQjreZa4lIKc7C8b3GgkzhOheZ5xHlHpDoWc7oQKStMvfYPXDgNiCegNb7wdnO7.jpg O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\nl\msntb.dll O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O16 - DPF: {B3E451DC-DD2B-4ECD-B226-08FF692024B1} (Installer Control) - http://62.26.118.201/en/download/bin/webinstaller.cab O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (MovieSystem WAY) - http://services.moviesystem.com/cabs/msway.cab [/quote:c43cecfdc1] msn plus zonder sponzors geinstalleerd??
  • Dat zou best eens kunnen. Ikzelf doe niets met MSN maar mijn neefjes komen regelmatig langs om te chatten. Het zou mij niets verbazen als zij dit ge-installeerd hebben. Hoe kom ik daar achter?
  • ThaOdie heeft al een deel aangegeven die je moet verwijderen, doch er zijn nog items. Deïnstalleer eerst msnplus.. installeer die dan terug achteraf zonder sponsers. Doe dan de [url=http://users.pandora.be/bluepatchy/www/new_uninstall.exe]lop.com uninstall[/url] Zorg ervoor dat je verborgen mappen en bestanden weergegeven zijn. Dit doe je via je verkenner>extra>mapopties>weergave>verborgen bestanden en mappen weergeven aanvinken. Start je pc daarna op in VEILIGE MODE, run hijackthis en verwijder volgende items: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gctpxpsjxhkgzafd.com/0qQjreZa4lJT07OQ7KmEdrq02wFhjmvXzRs9p02ZQaM.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.obxsacstodmbeiqfhbim.info/0qQjreZa4lIKc7C8b3GgkzhOheZ5xHlHpDoWc7oQKStMvfYPXDgNiCegNb7wdnO7.jpg O2 - BHO: (no name) - {43B45950-6CEB-E959-5DF1-B71BF51D99F3} - C:\PROGRA~1\GLOBAL~1\supportmess.exe O4 - HKLM\..\Run: [vga enc] C:\PROGRA~1\JUMPMI~1\balm stupid.exe O4 - HKLM\..\Run: [AudioExitSupportAim] C:\Documents and Settings\All Users\Application Data\CakeFlagAudioExit\FUNKLESS.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O16 - DPF: {B3E451DC-DD2B-4ECD-B226-08FF692024B1} (Installer Control) - http://62.26.118.201/en/download/bin/webinstaller.cab O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (MovieSystem WAY) - http://services.moviesystem.com/cabs/msway.cab Zoek daarna via verkenner naar volgende items en verwijder die manueel: (nog steeds in veilige mode dus) C:\PROGRAM FILES\GLOBAL~1\<== deze map C:\PROGRAM FILES\JUMPMI~1\ <==deze map C:\Documents and Settings\All Users\Application Data\CakeFlagAudioExit <== deze map Start je pc terug normaal op en post een nieuw logje.
  • Nou, ik heb jullie instructies nauwgezet gevolgd en de eerste resultaten zijn al merkbaar: de computer start veel sneller op en die vervelende stratpagina en taskbars ben ik kwijt! Alvast hardstikke bedankt! Ik kon echter een aantal regels in het logfile niet meer vinden. Ook de verborgen bestanden die ik moest verwijderen waren al weg. Hieronder de logfile na het opschonen van de computer. Logfile of HijackThis v1.98.2 Scan saved at 20:35:29, on 4-10-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Nhksrv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe D:\Norton Antivirus\navapsvc.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\DELLMMKB.EXE C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\devldr32.exe D:\Ahead\InCD\InCD.exe C:\WINDOWS\System32\ctfmon.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe C:\Program Files\Psion\PsiWin\Psconsv.exe C:\PROGRA~1\Psion\PsiWin\Elogerr.exe D:\Norton Internet Security\NISUM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe D:\Norton Internet Security\ccPxySvc.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\Program Files\Netropa\OSD.exe C:\WINDOWS\System32\hpoipm07.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\WINDOWS\System32\wuauclt.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Norton Antivirus\NavShExt.dll O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] D:\Ahead\InCD\InCD.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe O4 - Global Startup: Microsoft Office.lnk = D:\MicrosoftOffice\Office10\OSA.EXE O4 - Global Startup: Nuria.lnk = D:\Nuria\Nuria.exe O4 - Global Startup: PsiWin 2.3 Connection Server.lnk = C:\Program Files\Psion\PsiWin\Psconsv.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  • Je logje ziet er alvast weer gezond uit. Houden zo! :wink:

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.