Vraag & Antwoord

Beveiliging & privacy

Last van virus. Wie wil er even naar mijn log kijken?

6 antwoorden
  • Hoi, Wie van jullie wil even meekijken naar mijn log? heb wel vermoeden dat e.e.a niet thuishoort op pc, maar deskundige ben ik niet. bedankt alvast. ============================ Logfile of HijackThis v1.97.7 Scan saved at 22:45:44, on 15-1-2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\WINNT\system32\usrshutd.exe C:\WINNT\system32\vwipxspnt.exe C:\WINNT\system32\tlntadmnx.exe C:\WINNT\system32\control.exe C:\Program Files\Hijack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\mcicdb.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\mcicdb.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\mcicdb.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\mcicdb.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\mcicdb.dll/sp.html (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\mcicdb.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {87D4D8DD-95F2-4777-AB8F-EC1C2162CE5F} - C:\WINNT\system32\mcicdb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - Startup: Reboot.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Create Mobile Favorite (HKLM) O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0384202E-E496-4AB4-AA0E-51803EFB8779}: NameServer = 69.50.188.178,69.31.80.244 O17 - HKLM\System\CCS\Services\Tcpip\..\{EC346AC0-1C0F-4EB0-814F-5522FCF105C6}: NameServer = 69.50.188.178,69.31.80.244 O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.188.178,69.31.80.244 O17 - HKLM\System\CS1\Services\Tcpip\..\{0384202E-E496-4AB4-AA0E-51803EFB8779}: NameServer = 69.50.188.178,69.31.80.244 O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.188.178,69.31.80.244
  • maak een nieuwe log met deze http://www.spywareinfo.com/~merijn/files/HijackThis.exe bvd
  • draai eerst eens CWShredder. [url]http://www.intermute.com/spysubtract/cwshredder_download.html[/url] Post daarna een nieuw log. Sjaak
  • Kijk ook nog eens op de site van marc: [url]http://users.telenet.be/marcvn/spyware/1690483.htm[/url] Is dus een lastige hijack. Sjaak
  • ik heb jullie tips gevolgd en na het draaien van de laatste versies van Hijack This en CwShredder ben ik nog een paar posts gaan lezen. Ik heb een aantal zaken via HijackThis al verwijderd, omdat in andere posts dit werd geadviseerd. Onderstaand de nieuwe post. Zitten er nu nog vreemde zaken bij? de meldingen bij nummers 09 en 017 doen me vreemd aan. Ook de bijbehorende ip-adressen. Graag jullie advies. bedankt alvast harold ===== Logfile of HijackThis v1.99.0 Scan saved at 14:08:48, on 17-1-2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe C:\downloads\aiepk2.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\Hijack this\HijackThis II.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM\..\Run: [aiepk] C:\downloads\aiepk2.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O17 - HKLM\System\CCS\Services\Tcpip\..\{0384202E-E496-4AB4-AA0E-51803EFB8779}: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CS1\Services\Tcpip\..\{0384202E-E496-4AB4-AA0E-51803EFB8779}: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CS2\Services\Tcpip\..\{0384202E-E496-4AB4-AA0E-51803EFB8779}: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.188.180,195.225.176.31 O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Logical Disk Manager Administrative-service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe =======
  • Volgende mag je nog fixen: [b:d8032c5459]O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O17 - HKLM\System\CCS\Services\Tcpip\..\{0384202E-E496-4AB4-AA0E-51803EFB8779}: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CS1\Services\Tcpip\..\{0384202E-E496-4AB4-AA0E-51803EFB8779}: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CS2\Services\Tcpip\..\{0384202E-E496-4AB4-AA0E-51803EFB8779}: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.188.180,195.225.176.31 [/b:d8032c5459] Dan is het helemaal in orde. Sjaak

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.