Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Wederom een HiJack logje. Rootzooi blijft terugkomen!!

miekiemoes
1 antwoord
  • Logfile of HijackThis v1.97.7
    Scan saved at 6:58:11 PM, on 10/20/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Win Comm\WinComm.exe
    C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
    C:\Program Files\Win Comm\WinLock.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    G:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    G:\Program Files\Photolightning\autodetect.exe
    G:\Program Files\Sony Handheld\HOTSYNC.EXE
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender8\vsserv.exe
    C:\Program Files\HiJack\HijackThis.exe

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe
    O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Acrobat Assistant.lnk = G:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Autodetect.lnk = G:\Program Files\Photolightning\autodetect.exe
    O4 - Global Startup: HotSync Manager.lnk = G:\Program Files\Sony Handheld\HOTSYNC.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    Ondanks Adaware, Registry mechanic e.d. blijft het terugkomen.
    Hier ook de adwatch log:

    Ad-Watch Logfile, exported on 10/20/2004
    Total number of events:9
    ===============================================
    10/20/2004 6:55:22 PM - Definitions file SE1R13 16.10.2004 loaded successfully.
    Build:SE1R13 16.10.2004
    Total Signatures :30610
    Target Families :589
    Target Categories :6
    CSI data Size :19788

    File Size :1150665

    ===============================================
    10/20/2004 6:55:22 PM - User preferences file loaded.
    Ad-Watch preference file loaded.
    Applying user settings
    C:\Documents and Settings\Danny\Application Data\Lavasoft\Ad-Aware\awsettings.awc
    Initialization complete.




    ===============================================
    10/20/2004 6:55:22 PM - Sites file loaded.
    Sites file loaded successfully.
    C:\PROGRA~1\Lavasoft\AD-AWA~1\sites.txt
    Total entries : 3229





    ===============================================
    10/20/2004 6:55:24 PM - Harmful process identified(PID:528)
    Object:lc.exe
    Path:C:\temp\
    Category:Malware
    Vendor:VX2
    Comment:

    This object was found active in memory

    ===============================================
    10/20/2004 6:55:24 PM - Harmful process identified(PID:1112)
    Object:lc.exe
    Path:C:\temp\
    Category:Malware
    Vendor:VX2
    Comment:

    This object was found active in memory

    ===============================================
    10/20/2004 6:55:24 PM - Harmful process identified(PID:1172)
    Object:lc.exe
    Path:C:\temp\
    Category:Malware
    Vendor:VX2
    Comment:

    This object was found active in memory

    ===============================================
    10/20/2004 6:55:28 PM - Harmful process identified(PID:1652)
    Object:INSTAL~1.EXE
    Path:C:\temp\
    Category:Malware
    Vendor:BlazeFind
    Comment:

    This object was found active in memory

    ===============================================
    10/20/2004 6:55:29 PM - Harmful process identified(PID:1308)
    Object:INSTAL~1.EXE
    Path:C:\temp\
    Category:Malware
    Vendor:BlazeFind
    Comment:

    This object was found active in memory

    ===============================================
    10/20/2004 6:55:31 PM - Registry modification detected
    Root:HKEY_LOCAL_MACHINE
    Key:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    Value:AppInit_DLLs
    Data:
    New Data:sockspy.dll



    ===============================================

    P.s. als iemand de laatste restjes mcafee kan verwijderen GRAAG!! :D

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.