Vraag & Antwoord

Beveiliging & privacy

Wie helpt mij omde log file even door te nemen

6 antwoorden
  • Scan saved at 19:56:52, on 8-11-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\txonex.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Windows SyncroAd\SyncroAd.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Washer\washer.exe C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe C:\Program Files\TS Webclient\torrentsearch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\totalcmd\TOTALCMD.EXE E:\bin\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web--search.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web--search.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - Default URLSearchHook is missing O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll O2 - BHO: Core Library - {A23AB93D-6CFF-442c-BB8A-41F6145F47E7} - C:\WINDOWS\System32\PDF641d.dll O2 - BHO: Popup Blocker Pro - {A44B961C-8C36-470f-8555-EDA0EFC1E710} - C:\Program Files\SafeGuard Pop-up Blocker Pro FREE Edition\popupblocker.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [tshsjyqakx] C:\WINDOWS\System32\txonex.exe O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\PDF641d.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Administrator" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0 O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe O4 - Global Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe O4 - Global Startup: Pinnacle Scheduler.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093901121187 O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games6.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.premiumzone.de/InstallationsAssistent.ocx
  • doe ik wel ff
  • Druk op ctrl+alt+del en ga naar het tabje processen, rechtsklik op onderstaande en kies voor proces beeindigen. [list:d0eac3c2f2][b:d0eac3c2f2]txonex.exe[/b:d0eac3c2f2][/list:u:d0eac3c2f2] Ga naar start -> configuratiescherm -> software en deinstaleer: [list:d0eac3c2f2][b:d0eac3c2f2]SafeGuard Pop-up Blocker[/b:d0eac3c2f2] --> lijkt mooi, is rommel [b:d0eac3c2f2]Windows SyncroAd Spyware Begone[/b:d0eac3c2f2] --> lijkt ook mooi, is ook troep[/list:u:d0eac3c2f2] Scan nog een keer met hijackthis en vink deze items aan: [list:d0eac3c2f2][b:d0eac3c2f2]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web--search.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web--search.com O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll O2 - BHO: Core Library - {A23AB93D-6CFF-442c-BB8A-41F6145F47E7} - C:\WINDOWS\System32\PDF641d.dll O2 - BHO: Popup Blocker Pro - {A44B961C-8C36-470f-8555-EDA0EFC1E710} - C:\Program Files\SafeGuard Pop-up Blocker Pro FREE Edition\popupblocker.dll O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file) O4 - HKLM\..\Run: [tshsjyqakx] C:\WINDOWS\System32\txonex.exe O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\PDF641d.dll O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan[/b:d0eac3c2f2][/list:u:d0eac3c2f2] Sluit alle vensters en klik op fix checked. Herstart naar veilige modus: http://users.pandora.be/marcvn/spyware/1378056.htm Laat alle verborgen bestanden weergeven: http://users.pandora.be/marcvn/spyware/1117602.htm Verwijder indien nog aanwezig: [list:d0eac3c2f2]C:\WINDOWS\[b:d0eac3c2f2]multimpp.dll <--- dit bestand[/b:d0eac3c2f2] C:\WINDOWS\[b:d0eac3c2f2]2_0_1browserhelper2.dll <--- dit bestand[/b:d0eac3c2f2] C:\WINDOWS\[b:d0eac3c2f2]System32\PDF641d.dll <--- dit bestand[/b:d0eac3c2f2] C:\Program Files\[b:d0eac3c2f2]SafeGuard Pop-up Blocker Pro FREE Edition <--- map[/b:d0eac3c2f2] C:\WINDOWS\System32\[b:d0eac3c2f2]txonex.exe <--- dit bestand[/b:d0eac3c2f2] C:\WINDOWS\System32\[b:d0eac3c2f2]PDF641d.dll <--- dit bestand[/b:d0eac3c2f2] C:\Program Files\[b:d0eac3c2f2]Windows SyncroAd <--- deze map[/b:d0eac3c2f2] C:\[b:d0eac3c2f2]freescan <--- deze map[/b:d0eac3c2f2][/list:u:d0eac3c2f2] Herstart in gewone modus en plaats een nieuwe log.
  • Volgende mag ook nog weg dat is een dailer van Netvenda: O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games6.cab
  • Logfile of HijackThis v1.98.2 Scan saved at 21:08:56, on 8-11-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Washer\washer.exe C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Messenger\msmsgs.exe C:\totalcmd\TOTALCMD.EXE C:\WINDOWS\System32\wuauclt.exe C:\totalcmd\TOTALCMD.EXE E:\bin\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Administrator" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0 O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O4 - Global Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe O4 - Global Startup: Pinnacle Scheduler.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk142XXUS O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093901121187 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.premiumzone.de/InstallationsAssistent.ocx
  • Update eerst je windows want je hebt inmiddels al een nieuwe opgelopen. Scan nog een keer met hijackthis en fix deze items: [list:eace983933][b:eace983933]O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab[/b:eace983933][/list:u:eace983933] Herstart nog een keer naar veilige modus en laat weer alle verborgen bestanden en mappen weergeven. Verwijder: [list:eace983933]:\Program Files\[b:eace983933]MyWebSearch <--- deze map[/b:eace983933][/list:u:eace983933] Herstart en plaats een nieuwe log.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.