Vraag & Antwoord

Beveiliging & privacy

Hijackthis log nakijken

13 antwoorden
  • hallo allemaal... Omdat ik last heb van een webpagina die steeds terugkomt als ik naar een internet pagina ga, heb ik hijackthis laten draaien alleen daarna was het nog niet opgelost. Zou misschien iemand even kunnen zeggen welke bestanden ik in deze log kan verwijderen : [code:1:85980fda40] Logfile of HijackThis v1.97.7 Scan saved at 21:47:12, on 16-10-04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.00 (5.00.2614.3500) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\NORMAN\NVC\BIN\ZANDA.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\NORMAN\NVC\BIN\CCLAW.EXE C:\NORMAN\NVC\BIN\NVCSCHED.EXE C:\NORMAN\NVC\BIN\NJEEVES.EXE C:\NORMAN\NVC\BIN\NIP.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE C:\NORMAN\NVC\BIN\ZLH.EXE C:\WINDOWS\SYSTEM\SNT.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\NORMAN\NVC\BIN\NYMSE.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\IPSWITCH\WS_FTP PRO\WSFTPGUI.EXE C:\PROGRAM FILES\KAZAA LITE K++\KAZAALITE.KPP C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dj-inpossible.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.dj-inpossible.nl/ N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\2o75efko.slt\prefs.js) O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM219.DLL O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM302.DLL O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\PROGRAM FILES\IPSWITCH\WS_FTP PRO\WSBHO2K0.DLL O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRAM FILES\ISTBAR\ISTBAR.DLL (file missing) O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [KAZAA] "C:\PROGRAM FILES\KAZAA LITE K++\KPP.EXE" "C:\PROGRAM FILES\KAZAA LITE K++\KAZAALITE.KPP" /SYSTRAY O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [hlnyoyjvm] C:\WINDOWS\SYSTEM\dncohpq.exe O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\NVC\BIN\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [Classes] C:\WINDOWS\SYSTEM\SNT.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe O4 - HKLM\..\RunServices: [Norman ZANDA] C:\NORMAN\NVC\BIN\ZANDA.EXE /LOAD O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL= O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38248.0786226852 O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB [/code:1:85980fda40] Mijn dank is groot Pim
  • Vraag even of deze topic kan verplaats worden of dat ze deze sluiten en zet een nieuw in de sub-topic beveiliging. Daar zitten namelijk de DIE HARD log experts.
  • [quote:ece2c3d18b="evisu"]Vraag even of deze topic kan verplaats worden of dat ze deze sluiten en zet een nieuw in de sub-topic beveiliging. Daar zitten namelijk de DIE HARD log experts.[/quote:ece2c3d18b]het vragen naar verplaatsing doe je niet hietr maar in het stoute foute topic http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=129411
  • Hij staat hier nu. Weet iemand het antwoord misschien?
  • Plaats een log dat is gemaakt met de meest recente HJT. http://computercops.biz/downloads-file-328.html
  • Oke hier is hij : [quote:f4246b8a83] Logfile of HijackThis v1.98.2 Scan saved at 19:07:08, on 17-10-04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.00 (5.00.2614.3500) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\NORMAN\NVC\BIN\ZANDA.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\NORMAN\NVC\BIN\CCLAW.EXE C:\NORMAN\NVC\BIN\NVCSCHED.EXE C:\NORMAN\NVC\BIN\NJEEVES.EXE C:\NORMAN\NVC\BIN\NIP.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE C:\PROGRAM FILES\KAZAA LITE K++\KAZAALITE.KPP C:\NORMAN\NVC\BIN\ZLH.EXE C:\WINDOWS\SYSTEM\SNT.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\NORMAN\NVC\BIN\NYMSE.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\IPSWITCH\WS_FTP PRO\WSFTPGUI.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE C:\WINDOWS\TEMP\RAR$EX00.210\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dj-inpossible.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.dj-inpossible.nl/ R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\2o75efko.slt\prefs.js) O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM219.DLL O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM302.DLL O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\PROGRAM FILES\IPSWITCH\WS_FTP PRO\WSBHO2K0.DLL O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRAM FILES\ISTBAR\ISTBAR.DLL (file missing) O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [KAZAA] "C:\PROGRAM FILES\KAZAA LITE K++\KPP.EXE" "C:\PROGRAM FILES\KAZAA LITE K++\KAZAALITE.KPP" /SYSTRAY O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [hlnyoyjvm] C:\WINDOWS\SYSTEM\dncohpq.exe O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\NVC\BIN\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [Classes] C:\WINDOWS\SYSTEM\SNT.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe O4 - HKLM\..\RunServices: [Norman ZANDA] C:\NORMAN\NVC\BIN\ZANDA.EXE /LOAD O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL= [/quote:f4246b8a83] Zou iemand hem even kunnen opruimen? Pim
  • Log is onvolledig?
  • Ik heb nog even ad-ware erdoor heen gehaalt. Die heeft er al 300 bestanden uit gehaalt maar de log blijft hetzelfde. [code:1:0f1425c3c6] Logfile of HijackThis v1.98.2 Scan saved at 19:22:46, on 17-10-04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.00 (5.00.2614.3500) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\NORMAN\NVC\BIN\ZANDA.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\NORMAN\NVC\BIN\CCLAW.EXE C:\NORMAN\NVC\BIN\NVCSCHED.EXE C:\NORMAN\NVC\BIN\NJEEVES.EXE C:\NORMAN\NVC\BIN\NIP.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\NORMAN\NVC\BIN\ZLH.EXE C:\PROGRAM FILES\KAZAA LITE K++\KAZAALITE.KPP C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\NORMAN\NVC\BIN\NYMSE.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dj-inpossible.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.dj-inpossible.nl/ R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\2o75efko.slt\prefs.js) O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file) O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\PROGRAM FILES\IPSWITCH\WS_FTP PRO\WSBHO2K0.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [KAZAA] "C:\PROGRAM FILES\KAZAA LITE K++\KPP.EXE" "C:\PROGRAM FILES\KAZAA LITE K++\KAZAALITE.KPP" /SYSTRAY O4 - HKLM\..\Run: [hlnyoyjvm] C:\WINDOWS\SYSTEM\dncohpq.exe O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\NVC\BIN\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [Classes] C:\WINDOWS\SYSTEM\SNT.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe O4 - HKLM\..\RunServices: [Norman ZANDA] C:\NORMAN\NVC\BIN\ZANDA.EXE /LOAD O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL= [/code:1:0f1425c3c6] Wat is hier tegen te doen?
  • Het is niet zo verstandig allerhande cleanertjes te draaien terwijl hier iemand met je log aan de gang wil gaan. Ik kijk 'm nu na.
  • [code:1:23463c2d7c]Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.00 (5.00.2614.3500)[/code:1:23463c2d7c] Zowel je browser als Windows Update lopen hopeloos achter. Sluit alle browservensters en fix onderstaande items. [code:1:23463c2d7c]R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file) O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\PROGRAM FILES\IPSWITCH\WS_FTP PRO\WSBHO2K0.DLL O4 - HKLM\..\Run: [hlnyoyjvm] C:\WINDOWS\SYSTEM\dncohpq.exe O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe O4 - HKLM\..\Run: [Classes] C:\WINDOWS\SYSTEM\SNT.EXE O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL=[/code:1:23463c2d7c] Boot naar veilige modus en verwijder deze bestanden. [code:1:23463c2d7c]C:\WINDOWS\SYSTEM\dncohpq.exe c:\program files\180solutions (gehele map) C:\WINDOWS\SYSTEM\SNT.EXE[/code:1:23463c2d7c] Boot terug naar winmode en post een nieuwe log.
  • Heb ze allemaal verwijderd. hier komt de nieuwe log : [code:1:104a95b323] Logfile of HijackThis v1.98.2 Scan saved at 20:31:44, on 17-10-04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.00 (5.00.2614.3500) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\NORMAN\NVC\BIN\ZANDA.EXE C:\WINDOWS\EXPLORER.EXE C:\NORMAN\NVC\BIN\CCLAW.EXE C:\NORMAN\NVC\BIN\NVCSCHED.EXE C:\NORMAN\NVC\BIN\NJEEVES.EXE C:\NORMAN\NVC\BIN\NIP.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\NORMAN\NVC\BIN\ZLH.EXE C:\PROGRAM FILES\KAZAA LITE K++\KAZAALITE.KPP C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\NORMAN\NVC\BIN\NYMSE.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dj-inpossible.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.dj-inpossible.nl/ N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\2o75efko.slt\prefs.js) O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [KAZAA] "C:\PROGRAM FILES\KAZAA LITE K++\KPP.EXE" "C:\PROGRAM FILES\KAZAA LITE K++\KAZAALITE.KPP" /SYSTRAY O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\NVC\BIN\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe O4 - HKLM\..\RunServices: [Norman ZANDA] C:\NORMAN\NVC\BIN\ZANDA.EXE /LOAD O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL= [/code:1:104a95b323] Pim
  • Probleem is verholpen?
  • Ja, tot nu toe geen last meer eigenlijk Mega bedankt !! Pim

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.