Vraag & Antwoord

Beveiliging & privacy

hijack.log en nu????

5 antwoorden
  • hallo hier mijn hijack log hoe nu verder ?? Running processes: C:\WINXP\System32\smss.exe C:\WINXP\system32\winlogon.exe C:\WINXP\system32\services.exe C:\WINXP\system32\lsass.exe C:\WINXP\system32\svchost.exe C:\WINXP\System32\svchost.exe C:\WINXP\Explorer.EXE C:\WINXP\system32\spoolsv.exe C:\WINXP\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\PROGRA~1\DAP\DAP.EXE C:\WINXP\System32\rmctrl.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINXP\System32\hphmon04.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\STOPzilla!\Stopzilla.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINXP\System32\nvsvc32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINXP\System32\svchost.exe C:\WINXP\system32\ZONELABS\vsmon.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\Program Files\Shareaza\Shareaza.exe C:\Program Files\eMule\emule.exe C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\WINXP\System32\HPHipm11.exe C:\Program Files\Overnet\overnet.exe C:\WINXP\system32\ntvdm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe E:\downloaded\HijackThis.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Windows Commander\WINCMD32.EXE -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Johan & Bianca.PRIVE-JOBI\Menu Start\Programma's\Opstarten] lan-verbinding.lnk = ? Overnet.lnk = C:\Program Files\Overnet\overnet.exe Shell folders Common Startup: [C:\Documents and Settings\All Users.WINXP\Menu Start\Programma's\Opstarten] ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINXP\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run HPDJ Taskbar Utility = C:\WINXP\System32\spool\drivers\w32x86\3\hpztsb05.exe Share-to-Web Namespace Daemon = C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe NvCplDaemon = RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup AVGCtrl = "C:\Program Files\AVPersonal\AVGNT.EXE" /min DownloadAccelerator = C:\PROGRA~1\DAP\DAP.EXE /STARTUP RemoteControl = C:\WINXP\System32\rmctrl.exe NeroCheck = C:\WINXP\system32\NeroCheck.exe zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe HPHmon04 = C:\WINXP\System32\hphmon04.exe HPHUPD04 = "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" IncrediMail = C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime STOPzilla = C:\Program Files\STOPzilla!\Stopzilla.exe /autorun TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0\bin\jusched.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run McAfee.InstantUpdate.Monitor = "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR IncrediMail = C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c LDM = \Program\BackWeb-8876480.exe Shareaza = "C:\Program Files\Shareaza\Shareaza.exe" -tray eMuleAutoStart = C:\Program Files\eMule\emule.exe -AutoStart msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background -------------------------------------------------- Shell & screensaver key from C:\WINXP\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll - {0EEDB912-C5FA-486F-8334-57288578C627} (no name) - C:\PROGRA~1\ACID1~1\DASH AUDIO.dll (file missing) - {670C7474-0820-0FC8-D713-53A9986CBA61} (no name) - C:\DOCUME~1\JOHAN&~1.PRI\APPLIC~1\ACID1~1\Stopspam.exe - {73E9919C-4060-9A9F-E254-788697891984} (no name) - C:\DOCUME~1\JOHAN&~1.PRI\APPLIC~1\ACID1~1\Stopspam.exe - {9131F2A5-3B8A-BE2B-6066-CF5C58EA5351} CSBrBHO - (no file) - {96DA5BEE-4ACC-476C-B3EC-54C6730C4293} (no name) - C:\WINXP\system32\StopzillaBHO.dll - {E3215F20-3212-11D6-9F8B-00D0B743919D} -------------------------------------------------- Enumerating Task Scheduler jobs: AEDF4B0A941CFBF2.job AC9F76A79180E917.job A954DC4A92AB52EE.job AF172FE79180A1DF.job AE17547C91D8C920.job -------------------------------------------------- Enumerating Download Program Files: [{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}] CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [{086A694F-91FB-4068-B44C-124FB69BF05D}] [Shockwave ActiveX Control] InProcServer32 = C:\WINXP\system32\Macromed\Director\SwDir.dll CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab [DialXSCtl Object] InProcServer32 = C:\WINXP\Downloaded Program Files\dialxs.ocx CODEBASE = http://dialxs.nl/install/dialxs.ocx [{9F1C11AA-197B-4942-BA54-47A8489BB47F}] CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38110.246875 [Downloader Class] InProcServer32 = C:\WINXP\DOWNLO~1\dwnldr.dll CODEBASE = http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab [IMDownloader Class] CODEBASE = http://www2.incredimail.com/contents/setup/downloader/imloader.cab [MSN Chat Control 4.5] InProcServer32 = C:\WINXP\Downloaded Program Files\MSNChat45.ocx CODEBASE = http://chat.msn.com/bin/msnchat45.cab [Info Class] InProcServer32 = C:\WINXP\System32\IDTool.dll CODEBASE = http://www0.spelpunt.nl/dev/toepen//lib/javachecker/idtool.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINXP\system32\SHELL32.dll CDBurn: C:\WINXP\system32\SHELL32.dll WebCheck: C:\WINXP\System32\webcheck.dll SysTray: C:\WINXP\System32\stobject.dll groetjes Johan
  • owk.. ik check wel ffies.. :roll: :P
  • [quote:5826f846db="Johan_024"] DownloadAccelerator = C:\PROGRA~1\DAP\DAP.EXE /STARTUP IncrediMail = C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (no name) - C:\Program Files\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\PROGRA~1\ACID1~1\DASH AUDIO.dll (file missing) - {670C7474-0820-0FC8-D713-53A9986CBA61} (CSBrBHO - (no file) - {96DA5BEE-4ACC-476C-B3EC-54C6730C4293} [DialXSCtl Object] InProcServer32 = C:\WINXP\Downloaded Program Files\dialxs.ocx CODEBASE = http://dialxs.nl/install/dialxs.ocx [/quote:5826f846db] dit kan dus weg!!! 8) (maar een log ziet er meestal zoiets uit..: [code:1:5826f846db]ogfile of HijackThis v1.98.2 Scan saved at 21:47:10, on 7/11/04 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE C:\MOUSE\SYSTEM\EM_EXEC.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\SYSTEM\SXGDSENU.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE C:\MIJN DOCUMENTEN\MARK\GA\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F1 - win.ini: run=hpfsched O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~2\FRESHD~1\FDCATCH.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [CPQEASYACC] "C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe" O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE -4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab [/code:1:5826f846db]) :roll: jij hebt een uitgerekte.. is een beetje onoverzichtelijk.. :-?
  • Tha Odie, dat is zo te zien een startuplistlog. @Ts, post even een gewone hijackthislog: http://members.lycos.nl/pinoroeltgewoon/nl.htm
  • jah.. zoiets leek het wel.. daarom had ik ook mijn log als voorbeeld neergezet.. :wink: download Hijackthis hier: http://computercops.biz/downloads-file-328.html

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.