Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hijack.log en nu????

pcguy
5 antwoorden
  • hallo

    hier mijn hijack log hoe nu verder ??

    Running processes:

    C:\WINXP\System32\smss.exe
    C:\WINXP\system32\winlogon.exe
    C:\WINXP\system32\services.exe
    C:\WINXP\system32\lsass.exe
    C:\WINXP\system32\svchost.exe
    C:\WINXP\System32\svchost.exe
    C:\WINXP\Explorer.EXE
    C:\WINXP\system32\spoolsv.exe
    C:\WINXP\System32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\PROGRA~1\DAP\DAP.EXE
    C:\WINXP\System32\rmctrl.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINXP\System32\hphmon04.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\STOPzilla!\Stopzilla.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINXP\System32
    vsvc32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINXP\System32\svchost.exe
    C:\WINXP\system32\ZONELABS\vsmon.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
    C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\WINXP\System32\HPHipm11.exe
    C:\Program Files\Overnet\overnet.exe
    C:\WINXP\system32
    tvdm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    E:\downloaded\HijackThis.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Windows Commander\WINCMD32.EXE

    ————————————————–

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Johan & Bianca.PRIVE-JOBI\Menu Start\Programma's\Opstarten]
    lan-verbinding.lnk = ?
    Overnet.lnk = C:\Program Files\Overnet\overnet.exe

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users.WINXP\Menu Start\Programma's\Opstarten]
    ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

    ————————————————–

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINXP\system32\userinit.exe,

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    HPDJ Taskbar Utility = C:\WINXP\System32\spool\drivers\w32x86\3\hpztsb05.exe
    Share-to-Web Namespace Daemon = C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    NvCplDaemon = RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup
    AVGCtrl = "C:\Program Files\AVPersonal\AVGNT.EXE" /min
    DownloadAccelerator = C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    RemoteControl = C:\WINXP\System32\rmctrl.exe
    NeroCheck = C:\WINXP\system32\NeroCheck.exe
    zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe
    HPHmon04 = C:\WINXP\System32\hphmon04.exe
    HPHUPD04 = "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
    IncrediMail = C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    STOPzilla = C:\Program Files\STOPzilla!\Stopzilla.exe /autorun
    TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0\bin\jusched.exe

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    McAfee.InstantUpdate.Monitor = "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
    IncrediMail = C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    LDM = \Program\BackWeb-8876480.exe
    Shareaza = "C:\Program Files\Shareaza\Shareaza.exe" -tray
    eMuleAutoStart = C:\Program Files\eMule\emule.exe -AutoStart
    msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    ————————————————–

    Shell & screensaver key from C:\WINXP\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=*Registry value not found*
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    ————————————————–


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll - {0EEDB912-C5FA-486F-8334-57288578C627}
    (no name) - C:\PROGRA~1\ACID1~1\DASH AUDIO.dll (file missing) - {670C7474-0820-0FC8-D713-53A9986CBA61}
    (no name) - C:\DOCUME~1\JOHAN&~1.PRI\APPLIC~1\ACID1~1\Stopspam.exe - {73E9919C-4060-9A9F-E254-788697891984}
    (no name) - C:\DOCUME~1\JOHAN&~1.PRI\APPLIC~1\ACID1~1\Stopspam.exe - {9131F2A5-3B8A-BE2B-6066-CF5C58EA5351}
    CSBrBHO - (no file) - {96DA5BEE-4ACC-476C-B3EC-54C6730C4293}
    (no name) - C:\WINXP\system32\StopzillaBHO.dll - {E3215F20-3212-11D6-9F8B-00D0B743919D}

    ————————————————–

    Enumerating Task Scheduler jobs:

    AEDF4B0A941CFBF2.job
    AC9F76A79180E917.job
    A954DC4A92AB52EE.job
    AF172FE79180A1DF.job
    AE17547C91D8C920.job

    ————————————————–

    Enumerating Download Program Files:

    [{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [{086A694F-91FB-4068-B44C-124FB69BF05D}]

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINXP\system32\Macromed\Director\SwDir.dll
    CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

    [DialXSCtl Object]
    InProcServer32 = C:\WINXP\Downloaded Program Files\dialxs.ocx
    CODEBASE = http://dialxs.nl/install/dialxs.ocx

    [{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38110.246875

    [Downloader Class]
    InProcServer32 = C:\WINXP\DOWNLO~1\dwnldr.dll
    CODEBASE = http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab

    [IMDownloader Class]
    CODEBASE = http://www2.incredimail.com/contents/setup/downloader/imloader.cab

    [MSN Chat Control 4.5]
    InProcServer32 = C:\WINXP\Downloaded Program Files\MSNChat45.ocx
    CODEBASE = http://chat.msn.com/bin/msnchat45.cab

    [Info Class]
    InProcServer32 = C:\WINXP\System32\IDTool.dll
    CODEBASE = http://www0.spelpunt.nl/dev/toepen//lib/javachecker/idtool.cab

    ————————————————–

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINXP\system32\SHELL32.dll
    CDBurn: C:\WINXP\system32\SHELL32.dll
    WebCheck: C:\WINXP\System32\webcheck.dll
    SysTray: C:\WINXP\System32\stobject.dll

    groetjes Johan
  • owk.. ik check wel ffies.. :roll: :P
  • [quote:5826f846db="Johan_024"]
    DownloadAccelerator = C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    IncrediMail = C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    (no name) - C:\Program Files\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\PROGRA~1\ACID1~1\DASH AUDIO.dll (file missing) - {670C7474-0820-0FC8-D713-53A9986CBA61}
    (CSBrBHO - (no file) - {96DA5BEE-4ACC-476C-B3EC-54C6730C4293}
    [DialXSCtl Object]
    InProcServer32 = C:\WINXP\Downloaded Program Files\dialxs.ocx
    CODEBASE = http://dialxs.nl/install/dialxs.ocx
    [/quote:5826f846db]
    dit kan dus weg!!! 8)
    (maar een log ziet er meestal zoiets uit..:
    [code:1:5826f846db]ogfile of HijackThis v1.98.2
    Scan saved at 21:47:10, on 7/11/04
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
    C:\MOUSE\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\SXGDSENU.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    C:\MIJN DOCUMENTEN\MARK\GA\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F1 - win.ini: run=hpfsched
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~2\FRESHD~1\FDCATCH.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [CPQEASYACC] "C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe"
    O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    -4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    [/code:1:5826f846db])
    :roll: jij hebt een uitgerekte.. is een beetje onoverzichtelijk.. :-?
  • Tha Odie, dat is zo te zien een startuplistlog.

    @Ts, post even een gewone hijackthislog: http://members.lycos.nl/pinoroeltgewoon/nl.htm
  • jah.. zoiets leek het wel.. daarom had ik ook mijn log als voorbeeld neergezet.. :wink:

    download Hijackthis hier:
    http://computercops.biz/downloads-file-328.html

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.