Vraag & Antwoord

Beveiliging & privacy

hijackthis wie wil dit controleren?

3 antwoorden
  • Ik heb last van vervelende banners onder in beeld: Logfile of HijackThis v1.97.7 Scan saved at 17:09:28, on 19/11/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ltmoh\Ltmoh.exe C:\Program Files\Acer\Notebook Manager\almxptray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\PowerKey.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\CtrlVol.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\WANADOO\CnxMon.exe C:\PROGRA~1\MESSAG~1\StartMessager.exe C:\PROGRA~1\WANADOO\TaskbarIcon.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\documents and settings\karima\local settings\temp\1s.exe C:\WINDOWS\System32\zdablpu.exe C:\documents and settings\karima\local settings\temp\uc6s.exe C:\WINDOWS\System32\vga07702.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe C:\WINDOWS\System32\wsxsvc\wsxsvc.exe C:\documents and settings\karima\local settings\temp\Xnkq1.exe C:\WINDOWS\System32\calsh.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\ctfmon.exe C:\PROGRA~1\Web Offer\wo.exe C:\Documents and Settings\Karima\Application Data\ut?i.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\System32\Fqwd.exe C:\WINDOWS\System32\Fqwd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\CxtPls\CxtPls.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\wuauclt.exe C:\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tttekdhjayqnnvmoqqthc.com/MoG3Rx88WduSOtVtxnmOdd9zy3ZX6BubYPw6wUmjLbpRJgtHvzBCuZo95tKC2Im7.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://xgqesbmlvhdkzrdo.biz/MoG3Rx88WdvXy3uf1g1_Jur/A3YUKiXdUTtlMIeLXp0.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file) R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll O2 - BHO: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_18_0.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\FICHIE~1\WinTools\WToolsB.dll (file missing) O2 - BHO: (no name) - {8DA4E4D4-D061-4580-5E9E-08DC82838AA2} - C:\DOCUME~1\Karima\APPLIC~1\TRUSTT~1\flaw upload.exe O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file) O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Karima\Local Settings\Temp\fkIl.dll O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file) O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Compagnon - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_18_0.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\MCAGENT.EXE O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\Cmgrdian.exe" /SU O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [ChkMail] C:\Program Files\Launch Manager\ChkMail.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\Run: [1s] C:\documents and settings\karima\local settings\temp\1s.exe O4 - HKLM\..\Run: [cdfhiz] C:\WINDOWS\System32\zdablpu.exe O4 - HKLM\..\Run: [uc6s] C:\documents and settings\karima\local settings\temp\uc6s.exe O4 - HKLM\..\Run: [4W3G6DP46F6C52] C:\WINDOWS\System32\Fya24W.exe O4 - HKLM\..\Run: [4c997a6e5a74] C:\WINDOWS\System32\vga07702.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\Kazaa.exe /SYSTRAY O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe O4 - HKLM\..\Run: [ace seek ref poke] C:\Documents and Settings\All Users\Application Data\tickpingaceseek\mp3lies.exe O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe O4 - HKLM\..\Run: [Xnkq1] C:\documents and settings\karima\local settings\temp\Xnkq1.exe O4 - HKLM\..\Run: [r58O36Q] calsh.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor O4 - HKCU\..\Run: [ChkMail] C:\Program Files\Launch Manager\ChkMail.exe O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe O4 - HKCU\..\Run: [OnlineCdrom] C:\DOCUME~1\Karima\APPLIC~1\ATOMDE~1\32third.exe O4 - HKCU\..\Run: [Sabn] C:\Documents and Settings\Karima\Application Data\ut?i.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O9 - Extra 'Tools' menuitem: Console Java (Sun) (HKLM) O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O9 - Extra button: Wanadoo (HKCU) O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
  • Download eerst even de nieuwste versie van [url=http://www.hardware.info/forum/viewtopic.php?p=559248#559248]hijack this[/url] Groetjes Esther
  • jah en ga ook naar configuratiescherm en uninstalleer dit: MSN PLUS P2P NETWORKING KAZAA deze draagen de meeste zooi die je hebt.. je kan altijd nog wel instaleren maar dan ZONDER SPONZORS.. en voor kazaa er zijn genoeg betere alternatieven die zonder spyware werken... 8)

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.