Vraag & Antwoord

Beveiliging & privacy

Verzoek HiJack check svp

4 antwoorden
  • Hallo, Ik ben doende met een PC van een kennis en daar zit nogal wat vuiligheid op. Hij komt zelfs het internet niet meer op. Ik heb al met VirusScan een aantal Trojans eruit gemikt, maar er is vast meer... Ik zie tenminste een hoop rare %% tekens en finders , die er vast niet thuis horen... Kan iemand mij helpen met deze schoonmaak? Alvast bedankt, Zabadak Logfile of HijackThis v1.97.7 Scan saved at 19:38:54, on 6-10-04 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v5.00 SP2 (5.00.3314.2100) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE DESKTOP FIREWALL FOR WINDOWS 98\FIRESVC.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\WEBSCANX.EXE C:\WINDOWS\STARTER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\ATITASK.EXE C:\WINDOWS\SYSTEM\ATICWD32.EXE C:\PROGRAM FILES\MEDIASCAPE\TOUCH MANAGER\MEDIACTR.EXE C:\PROGRAM FILES\MOUSE\SYSTEM\EM_EXEC.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE C:\PROGRAM FILES\MEDIASCAPE\TOUCH MANAGER\TOUCHMGR.EXE C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE C:\PROGRAM FILES\MSWORKS\AGENDA\WKCALREM.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE DESKTOP FIREWALL FOR WINDOWS 98\FIRETRAY.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\_ZABADAK\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com%00@www.e-finder.cc/hp/ (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com%00@www.e-finder.cc/hp/ (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) F1 - win.ini: load=C:\OPLIMIT\ocraware.exe O2 - BHO: (no name) - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\DPE.DLL (file missing) O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Atikey] Atitask.exe O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [KBD MediaCenter] C:\Program Files\Mediascape\Touch Manager\MediaCtr.exe O4 - HKLM\..\Run: [EM_EXEC] c:\progra~1\mouse\system\em_exec.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE O4 - HKLM\..\RunServices: [FireService] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 98\FireSvc.exe O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\MSXMIDI.EXE O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Startup: Microsoft Works Agenda-herinneringen.lnk = C:\Program Files\MSWorks\Agenda\WKCALREM.EXE O4 - Startup: Corel Family and Friends Reminders.LNK = C:\Program Files\Corel\Print House Magic\cffrem.exe O4 - Startup: McAfee Desktop Firewall Tray.lnk = C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 98\FireTray.exe O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O11 - Options group: [TOEGANKELIJKHEID] Toegankelijkheid O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O13 - DefaultPrefix: http://%65%68%74%74%70%2E%63%63/? O13 - WWW Prefix: http://%65%68%74%74%70%2E%63%63/? O14 - IERESET.INF: START_PAGE_URL=http://www.msn.nl O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.nl O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  • Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig het volgende programma: Spykiller Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:962472347a]R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com%00@www.e-finder.cc/hp/ (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com%00@www.e-finder.cc/hp/ (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) O2 - BHO: (no name) - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\DPE.DLL (file missing) O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\MSXMIDI.EXE O13 - DefaultPrefix: http://%65%68%74%74%70%2E%63%63/? O13 - WWW Prefix: http://%65%68%74%74%70%2E%63%63/? [/b:962472347a] Als je dit gedaan hebt [url=http://users.pandora.be/marcvn/spyware/1378056.htm]start je de computer op in veilige modus[/url]. Zorg dat alle [url=http://users.pandora.be/marcvn/spyware/1117602.htm]verborgen bestanden weergegeven worden[/url], en verwijder de volgende bestanden of mappen indien aanwezig: C:\Program Files\SpyKiller <--deze map C:\WINDOWS\MSXMIDI.EXE <--dit bestand Reboot de computer. Ga naar de windows Update site. Alleen zo ben je zeker dat je de nieuwste patches voor je besturingssysteem geïnstalleerd hebt. Als er nieuwe updates beschikbaar zijn, dan dowload en installeer je alle essentiële updates en service packs. Reboot je computer en controleer opnieuw. Herhaal deze procedure tot dat er geen essentiële updates meer zijn. Reboot de computer, run HijackThis opnieuw en post een nieuwe log. Download wel eerst de nieuwste versie van Hijackthis.
  • Ik heb geen Win98 updates gedaan omdat ik met de besmette PC alleen via inbellen kan updaten. Dat doe ik later bij de eigenaar zelf. De logs wordt met een floppy effe overgezet en dan hier geplaatst. Overigens merk ik op dat zodra ik deze CT-pagina open er een melding verschijnt dat een trojan in mijn TempInternetFiles verschijnt. Heb ik CT besmet door het plaatsen van deze logs? Hier een nieuwe log Alvast dank voor de check.. Zabadak Logfile of HijackThis v1.97.7 Scan saved at 21:24:15, on 6-10-04 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v5.00 SP2 (5.00.3314.2100) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE DESKTOP FIREWALL FOR WINDOWS 98\FIRESVC.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\STARTER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\ATITASK.EXE C:\WINDOWS\SYSTEM\ATICWD32.EXE C:\PROGRAM FILES\MEDIASCAPE\TOUCH MANAGER\MEDIACTR.EXE C:\PROGRAM FILES\MOUSE\SYSTEM\EM_EXEC.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE C:\PROGRAM FILES\MEDIASCAPE\TOUCH MANAGER\TOUCHMGR.EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE C:\PROGRAM FILES\MSWORKS\AGENDA\WKCALREM.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE DESKTOP FIREWALL FOR WINDOWS 98\FIRETRAY.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\WEBSCANX.EXE C:\_ZABADAK\HIJACKTHIS.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Atikey] Atitask.exe O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [KBD MediaCenter] C:\Program Files\Mediascape\Touch Manager\MediaCtr.exe O4 - HKLM\..\Run: [EM_EXEC] c:\progra~1\mouse\system\em_exec.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE O4 - HKLM\..\RunServices: [FireService] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 98\FireSvc.exe O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Startup: Microsoft Works Agenda-herinneringen.lnk = C:\Program Files\MSWorks\Agenda\WKCALREM.EXE O4 - Startup: Corel Family and Friends Reminders.LNK = C:\Program Files\Corel\Print House Magic\cffrem.exe O4 - Startup: McAfee Desktop Firewall Tray.lnk = C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 98\FireTray.exe O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O11 - Options group: [TOEGANKELIJKHEID] Toegankelijkheid O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O14 - IERESET.INF: START_PAGE_URL=http://www.msn.nl O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.nl O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  • Ledig de map met tijdelijke internetbestanden: Configuratiescherm - Internetopties - tabblad Algemeen - klik bij Tijdelijke internetbestanden op Bestanden Verwijderen. Dit logje ziet er goed uit. Volgende keer de nieuwe versie van hijackthis gebruiken.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.