Vraag & Antwoord

Beveiliging & privacy

log controle aub

5 antwoorden
  • wie wil mijn hijacklog contoleren op spyware en dergelijke. Alvast bedankt Logfile of HijackThis v1.99.0 Scan saved at 15:55:17, on 16-1-2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ewupdater.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\Program Files\Windows ServeAd\WinServAd.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Shareaza\Shareaza.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows ServeAd\WinServSuit.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Norman\NVC\BIN\Zanda.exe C:\WINDOWS\System32\nvsvc32.exe C:\Documents and Settings\Mesut\Local Settings\Temporary Internet Files\Content.IE5\X8HKHVMI\HijackThis[1].exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best-search.cc/search.php?v=6&aff=7288861 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.galatasaray.org/default.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStart2Page/Portal/portal.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts O1 - Hosts: 82.179.166.164 lender-search.com O1 - Hosts: 82.179.166.165 hot-searches.com O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PopupKillerIEDLL.CPopupKillerIEDLL - {A09790E7-DD00-4A83-B632-5B563423CFBB} - C:\Program Files\PopupKillerTracksEraser\PopupKillerIEDLL.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm732YYNL O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: Corel Network monitor worker - {24A9E126-15C5-4971-81F9-4948E5F3FD1F} - C:\WINDOWS\System32\intlmain.dll O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {24A9E126-15C5-4971-81F9-4948E5F3FD1F} - C:\WINDOWS\System32\intlmain.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O9 - Extra button: Corel Network monitor worker - {24A9E126-15C5-4971-81F9-4948E5F3FD1F} - C:\WINDOWS\System32\intlmain.dll (HKCU) O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {24A9E126-15C5-4971-81F9-4948E5F3FD1F} - C:\WINDOWS\System32\intlmain.dll (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/tr/big/1.1.62-big/GoogleNav.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games4.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - (no file) O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: COM+ Extensions Services - Unknown - C:\:comxt.exe (file missing) O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown - C:\NORMAN\nvc\BIN\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown - C:\Norman\NVC\BIN\Zanda.exe O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\nvc\BIN\nvcoas.exe O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Power Manager - Unknown - C:\WINDOWS\svchost.exe (file missing)
  • Een paar problemen gevonden. Voordat je gaat fixen plaats hijackthis in een aparte directory bijv C:\Program Files\Hijackthis Beeindig de volgende programma's (CTRL-ALT-DEL) WinServAd.exe ewupdater.exe Verwijder software (Configuratiescherm-software) Zoek naar: EasyWebSearch Windows ServeAd 180 solutions verwijder deze. Start hijackthis en fix de volgende items: [b:e3f27d1449]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best-search.cc/search.php?v=6&aff=7288861 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.co m R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStart2Page/Portal/portal.html R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts O1 - Hosts: 82.179.166.164 lender-search.com O1 - Hosts: 82.179.166.165 hot-searches.com O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm732YYNL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - (no file) O23 - Service: COM+ Extensions Services - Unknown - C:\:comxt.exe (file missing [/b:e3f27d1449] Herstart je computer en verwijder de volgende directories C:\WINDOWS\ewupdater.exe c:\program files\180solutions\ C:\Program Files\Common Files\tsa\ C:\WINDOWS\nsdb\hosts (staan er nog meer bestanden in nsdb directory?) Start hijackthis opnieuw en gebruik <Misc tools> Controleer hosts file met optie <open hosts file manager> Normaal staat hier de volgende regel zonder # 127.0.0.1 localhost Scan opnieuw en post een log Sjaak
  • Sla HijackThis op in een eigen map. Niet op je bureaublad of in je Temp-files. HijackThis maakt namelijk backups in de map waar het opgestart wordt. Zorg dat alle [url=http://users.pandora.be/marcvn/spyware/1117602.htm]verborgen bestanden weergegeven worden[/url]. Download [url=http://users.telenet.be/marcvn/regfiles/BestsearchXPfix.zip]deze[/url] regfile. Unzip het naar je burobled. Nog niet gebruiken. Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig de volgende programma's: Windows ServeAd uninstall 1890 solutions Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:1b8ad144bf] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best-search.cc/search.php?v=6&aff=7288861 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStart2Page/Portal/portal.html R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts O1 - Hosts: 82.179.166.164 lender-search.com O1 - Hosts: 82.179.166.165 hot-searches.com O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm732YYNL O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games4.cab O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - (no file) O23 - Service: COM+ Extensions Services - Unknown - C:\:comxt.exe (file missing) O23 - Service: Power Manager - Unknown - C:\WINDOWS\svchost.exe (file missing) [/b:1b8ad144bf] Verwijder de volgende bestanden indien aanwezig: C:\WINDOWS\ewupdater.exe C:\Windows\scvhost.exe. C:\Windows\windbg.exe. C:\Windows\Teens Anal Fucking.url. C:\Windows\SEXXX.url. C:\Windows\Online Porn.url. C:\WINDOWS\nsdb\hosts Verwijder de volgende mappen indien aanwezig: C:\Program Files\Windows ServeAd C:\PROGRA~1\COMMON~1\tsa c:\program files\180solutions c:\program files\MStart2Page Dubbelklik op BestSearchXPfix.reg en laat de wijzingen aan het register toevoegen. Reboot de computer, run HijackThis opnieuw en post een nieuwe log.
  • oops te laat ... Steggel is me voor.
  • @:m@rc je bent iets later dan steggel, maar vind jouw fix iets beter dan van steggel vond eigenlijk al vaker dat steggel zijn fix vaak niet geheel kompleet heeft ik heb zelf niks tegen steggel, maar hij moet wel vaker beter uitpluizen voor hij een fix geeft hier heb je dus een goed voorbeeld tussen een beginneling en een langer werkende

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.