Vraag & Antwoord

Beveiliging & privacy

Graag Hijack-log beoordelen

2 antwoorden
  • Hallo, graag even deze log beoordelen; verder krijg ik op die PC Windows Messenger niet uitgeschakeld (XP Pro), ook al heb ik 'm in msconfig uitgeschakeld. Hier de log: Logfile of HijackThis v1.98.2 Scan saved at 19:30:41, on 4-11-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\arsetup.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\ISTsvc\istsvc.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Internet Optimizer\optimize.exe C:\WINDOWS\System32\mxfmdcdo.exe C:\Program Files\BullsEye Network\bin\bargains.exe C:\WINDOWS\System32\wmplayer.exe C:\WINDOWS\System32\Longhorn.exe C:\WINDOWS\System32\ctfmon.exe C:\Documents and Settings\Gebruiker\Application Data\tsce.exe C:\WINDOWS\System32\prltusr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HijackThis\HijackThis1982.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=152854 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=152854 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pipa.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hetnet.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=152854 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hetnet.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer van Het Net R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\hrbvmyh.exe O4 - HKLM\..\Run: [Microsoft-Updates] svxhost.exe O4 - HKLM\..\Run: [Microsoft--Updates] sxvhost.exe O4 - HKLM\..\Run: [Reg Service] REGSRV32.EXE O4 - HKLM\..\Run: [REGRUN] C:\arsetup.exe O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [Windows Registry Scan] regscan.exe O4 - HKLM\..\Run: [teaxnvrpnjpb] C:\WINDOWS\System32\mxfmdcdo.exe O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe O4 - HKLM\..\Run: [Window Monitor] winmon32.exe O4 - HKLM\..\Run: [hwv] C:\WINDOWS\hwv.exe O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe O4 - HKLM\..\Run: [Media Player] wmplayer.exe O4 - HKLM\..\Run: [Windows Messenger] msmsgs.exe O4 - HKLM\..\Run: [Longhorn Firewall] Longhorn.exe O4 - HKLM\..\RunServices: [Microsoft-Updates] svxhost.exe O4 - HKLM\..\RunServices: [Microsoft--Updates] sxvhost.exe O4 - HKLM\..\RunServices: [Reg Service] REGSRV32.EXE O4 - HKLM\..\RunServices: [Windows Registry Scan] regscan.exe O4 - HKLM\..\RunServices: [Window Monitor] winmon32.exe O4 - HKLM\..\RunServices: [Media Player] wmplayer.exe O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe O4 - HKLM\..\RunServices: [Longhorn Firewall] Longhorn.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Iust] C:\Documents and Settings\Gebruiker\Application Data\tsce.exe O4 - HKCU\..\Run: [Lkjqhot] C:\WINDOWS\System32\prltusr.exe O4 - HKCU\..\Run: [Window Monitor] winmon32.exe O4 - HKCU\..\Run: [Windows Messenger] msmsgs.exe O4 - HKCU\..\Run: [Longhorn Firewall] Longhorn.exe O4 - HKCU\..\RunServices: [Window Monitor] winmon32.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: officejet 6100.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://ocx2.advnt01.com/dialer/olanda_ver3.CAB O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=f51f5f7d9953e88d120bbe76626d216b6aa0d0c86c1c7553d908fdb3cf77dea46c69543ae036297cb8c8295a0583f4e9e0d9f3cc06177c20529b7e302932b2ac:e499d6ceeb9210b67f4b7fd0ca72c814 O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games4.cab O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O18 - Filter: text/html - {EED2B459-62A5-4636-87EA-2ED4DB4C5D5F} - C:\Documents and Settings\Gebruiker\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat Alvast bedankt, Peter.
  • Hallo Peter, Doe eerst een online-scan (liefst beiden): http://www.pandasoftware.com/activescan/com/activescan_principal.htm http://housecall.trendmicro.com/housecall/start_corp.asp Nadien scan je met een geupdate ad-Aware SE. Instructies vind je [url=http://users.pandora.be/marcvn/spyware/1414188.htm]hier[/url]. Download nadien voor Ad-aware SE de VX2 plugin en installeer deze: http://download.lavasoft.de.edgesuite.net/public/plvx2cleaner.exe Start Ad-aware. Klik op de knop "Add-ons". Selecteer de VX2 Cleaner en klik op de knop "Uitvoeren". Als de computer niet geïnfecteerd is met deze malware, klik je op de knop "Close". Als de computer wel geïnfecteerd is doe je het volgende: Klik op de knop "Clean System". Start de computer opnieuw. Scan de computer met een geupdate Ad-Aware. Verwijder alle VX2 objecten die gevonden worden. Start de computer opnieuw. Gebruik opnieuw de VX2 Cleaner om te controleren of alle bestanden verwijderd zijn. Reboot de computer; run Hijackthis nog een keer en maak een nieuwe log. Post deze. Succes. Marc

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.