Vraag & Antwoord

Beveiliging & privacy

gesplitst: HJT log:

24 antwoorden
  • dit is mijn logfile na een scan van hijackthis.. ik zou niet weten wat wel en wat niet veiig is, dus bij deze, hoop datj ullie me kunnen ehlpen! Logfile of HijackThis v1.99.1 Scan saved at 11:33:51, on 17-2-2005 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\Explorer.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\WINNT\loadqm.exe C:\Documents and Settings\Marjon\Mijn documenten\MsgPlus.exe D:\qttask.exe C:\WINNT\System32\RUNDLL32.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINNT\System32\rundll32.exe C:\WINNT\System32\internat.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.EXE C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\WINNT\System32\LVComS.exe C:\Program Files\Internet Explorer\iexplore.exe c:\docume~1\marjon\applic~1\interd~1\audiobeepdrive.exe C:\PROGRA~1\Logitech\Video\FxSvr2.exe c:\Program Files\interMute\SpySubtract\SpySub.exe C:\Documents and Settings\Marjon\Mijn documenten\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Marjon\LOCALS~1\Temp\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Marjon\LOCALS~1\Temp\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {0B0F9EEB-7A0D-7BA7-5705-CF5BB0C73674} - C:\DOCUME~1\Marjon\APPLIC~1\SOFTME~1\Sixth Lies.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Marjon\Mijn documenten\MsgPlus.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\winnt\aelvmmreg32.dll,_mainRD O4 - HKLM\..\Run: [ownsglobaljunkcoal] C:\Documents and Settings\All Users\Application Data\SettingsMeowOwnsGlobal\CURB CREATIVE.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Marjon\LOCALS~1\Temp\se.dll,DllInstall O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Documents and Settings\Marjon\Mijn documenten\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [team this] C:\DOCUME~1\Marjon\APPLIC~1\INTERD~1\doesarmy.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe O4 - Global Startup: Trust 730S LCD PowerC@M ZOOM Monitor.lnk = C:\Program Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5631/PageDive5.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://asp02.photoprintit.de/microsite/5/defaults/activex/XUpload.ocx O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
  • Zorg dat alle [url=http://users.pandora.be/marcvn/spyware/1117602.htm]verborgen bestanden weergegeven worden[/url]. Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig de volgende programma's: SPyware Begone Spyware Vanisher Messengerplus. (later gaan we deze terug installeren) Run nadien deze uninstallers: http://lop.com/new_uninstall.exe http://lop.com/toolbar_uninstall.exe Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:a214187914] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Marjon\LOCALS~1\Temp\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Marjon\LOCALS~1\Temp\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {0B0F9EEB-7A0D-7BA7-5705-CF5BB0C73674} - C:\DOCUME~1\Marjon\APPLIC~1\SOFTME~1\Sixth Lies.exe O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\winnt\aelvmmreg32.dll,_mainRD O4 - HKLM\..\Run: [ownsglobaljunkcoal] C:\Documents and Settings\All Users\Application Data\SettingsMeowOwnsGlobal\CURB CREATIVE.exe O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Marjon\LOCALS~1\Temp\se.dll,DllInstall O4 - HKCU\..\Run: [team this] C:\DOCUME~1\Marjon\APPLIC~1\INTERD~1\doesarmy.exe O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5631/PageDive5.cab O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab [/b:a214187914] Verwijder de volgende bestanden indien aanwezig: c:\winnt\aelvmmreg32.dll Verwijder de volgende mappen indien aanwezig: C:\DOCUME~1\Marjon\APPLIC~1\SOFTME~1 C:\DOCUME~1\Marjon\APPLIC~1\INTERD~1 c:\freescan c:\spywarevanisher-free Ge naar Start - uitvoeren en tik : %TEMP% Verwijder alle bestanden in de Temp-map die zal openen. Reboot de computer, run HijackThis opnieuw en post een nieuwe log.
  • owkahj dank je wel, ik zal er morgen even met frisse moed en volop aandacht aan gaan beginnen, alleen die twee programma's. http://lop.com/new.uninstall.exe en toolbar.uninstall.exe kan ik niet downloaden, ik krijg de melding 'dat de huidige beveiligingseisen deze download niet toestaan..' ik zit achter een fire wal van zonealarm, misschien dat dat er iets mee te maken heeft? als je me daar nog even mee zou kunnen helpen, graag, dan kan ik daarna hopelijk me computer weer volop gebruiken :D alvast bedankt en slaap lekker :P
  • ik heb ondertussen (kon effe niet wachten en probeerde het zo) alles verder uitgevoerd, messengerplus verwijderd (spyware vanisher kon op de een of andere manier niet verwijderd worden, waarschijnlijk omdat ik het bestand zelf al weggegooid had). daarna heb ik de computer in de veilige modus gestart, HiJack uitgevoerd en jouw opgegeven 'bestanden' verwijderd. Ook daarna de mappen in de C schijf verwijderd, helaas freescan en spyware vanischer.free vergeten, doordat me computer raar begon te doen. ook de tijdelijke mappen allemaal verwijderd en opnieuw Hijack laten lopen.. dit is mijn log: [code:1:56d2515bfe]Logfile of HijackThis v1.99.1 Scan saved at 0:22:01, on 18-2-2005 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\Explorer.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe D:\qttask.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\WINNT\System32\internat.exe C:\Program Files\interMute\SpySubtract\SpySub.exe C:\Program Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.EXE C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\WINNT\System32\LVComS.exe C:\Documents and Settings\Marjon\Mijn documenten\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Marjon\LOCALS~1\Temp\se.dll,DllInstall O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe O4 - Global Startup: Trust 730S LCD PowerC@M ZOOM Monitor.lnk = C:\Program Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe [/code:1:56d2515bfe] hmm ik hoop dat je dr wat mee kan, en vergeet het berichtje hierboven alsjeblieft niet :lol: ik zal kijken in hoeverre mijn computer het weer goed doet en wacht ondertussen op je antwoord..
  • Deze moet je fixen in veilige modus: [b:702a3753a0] O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Marjon\LOCALS~1\Temp\se.dll,DllInstall [/b:702a3753a0] Herstart de computer en maak een nieuwe log.
  • heej m@rc, hardstike bedankt alvast, ik heb hijack opnieuw laten lopen in de veilige modus, maar tot mijn verbazing kon ik die file of dat ding waar jij het over had, niet weer vinden. hier het log van de scan, zou jij nog even willen kijken of ik er nou over heen kijk, of dat hij echt verdwenen is, en of er nog andere dingen instaan die niet kloppen? alvast heel erg bedankt! [code:1:2e3fa4d408]Logfile of HijackThis v1.99.1 Scan saved at 17:35:54, on 18-2-2005 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.exe C:\Documents and Settings\Marjon\Mijn documenten\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe O4 - Global Startup: Trust 730S LCD PowerC@M ZOOM Monitor.lnk = C:\Program Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe [/code:1:2e3fa4d408] owjah. nog even een vraagje als je het niet erg vindt. ik scan mijn computer ook wel met het programma Spybot, search & destroy. Hoevaak ik hem ook verwijder, ik krijg altijd een melding over een file/programma of bestand : DSO Exploit.. weet jij fwat dit is of wat ik hiermee aan moet?? Bedankt he! grtz Marjon
  • Hallo Marjon, Hij is inderdaad weg. Maak een logje in de normale modus, en kijk of hij dan weer verschijnt. Wat DSO-exploit betreft: http://www.majorgeeks.com/download4392.html groeten, Marc
  • owkahj M@rc, alweer reuze bedankt! Ik heb voorlopig alleen Spybot even geupdate, volgens mij moet het DSO Exploit dan verholpen zijn, andes zoek ikgrondig verder op die site! Hier nog even mijn log van de HiJack-scan (wat een naam :P ) [code:1:8596e1a64c]Logfile of HijackThis v1.99.1 Scan saved at 22:23:41, on 21-2-2005 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\Explorer.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe D:\qttask.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\WINNT\System32\internat.exe C:\Program Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.EXE C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINNT\System32\LVComS.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Marjon\Mijn documenten\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe O4 - Global Startup: Trust 730S LCD PowerC@M ZOOM Monitor.lnk = C:\Program Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe [/code:1:8596e1a64c] ik hoop echt dattie er voorgoed uti is, en dr niet alweer andere rotzooi opstaat! Thanx! groet, Marjon
  • Marjone, Logje ziet er goed uit. Laten we even afwachten wat de toekomst brengt...
  • heee M@rc, was ik weer eens, ik kreeg een virus binnen via msn, echt een hele gemene, hij stuurde zich zelf door naar alle gebruikers en kon hem zo niet weg krijgen. Maar even gescand, kwam ook weer allerlei andere vage dingen tegen, dus hier maar weer eens een logje van HiJack, hoop dat je dr even naar kunt kijken?? [code:1:e180a75446]Logfile of HijackThis v1.99.1 Scan saved at 19:07:48, on 7-3-2005 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\Explorer.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe D:\qttask.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\WINNT\System32\formatsys.exe C:\WINNT\System32\internat.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.EXE C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\WINNT\System32\LVComS.exe C:\Documents and Settings\Marjon\Mijn documenten\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl O1 - Hosts: 64.233.167.104 www.symantec.com O1 - Hosts: 64.233.167.104 www.sophos.com O1 - Hosts: 64.233.167.104 www.mcafee.com O1 - Hosts: 64.233.167.104 www.viruslist.com O1 - Hosts: 64.233.167.104 www.f-secure.com O1 - Hosts: 64.233.167.104 www.avp.com O1 - Hosts: 64.233.167.104 www.kaspersky.com O1 - Hosts: 64.233.167.104 www.networkassociates.com O1 - Hosts: 64.233.167.104 www.ca.com O1 - Hosts: 64.233.167.104 www.my-etrust.com O1 - Hosts: 64.233.167.104 www.nai.com O1 - Hosts: 64.233.167.104 www.trendmicro.com O1 - Hosts: 64.233.167.104 www.grisoft.com O1 - Hosts: 64.233.167.104 securityresponse.symantec.com O1 - Hosts: 64.233.167.104 symantec.com O1 - Hosts: 64.233.167.104 sophos.com O1 - Hosts: 64.233.167.104 mcafee.com O1 - Hosts: 64.233.167.104 liveupdate.symantecliveupdate.com O1 - Hosts: 64.233.167.104 viruslist.com O1 - Hosts: 64.233.167.104 f-secure.com O1 - Hosts: 64.233.167.104 kaspersky.com O1 - Hosts: 64.233.167.104 kaspersky-labs.com O1 - Hosts: 64.233.167.104 avp.com O1 - Hosts: 64.233.167.104 networkassociates.com O1 - Hosts: 64.233.167.104 ca.com O1 - Hosts: 64.233.167.104 mast.mcafee.com O1 - Hosts: 64.233.167.104 my-etrust.com O1 - Hosts: 64.233.167.104 download.mcafee.com O1 - Hosts: 64.233.167.104 dispatch.mcafee.com O1 - Hosts: 64.233.167.104 secure.nai.com O1 - Hosts: 64.233.167.104 nai.com O1 - Hosts: 64.233.167.104 update.symantec.com O1 - Hosts: 64.233.167.104 updates.symantec.com O1 - Hosts: 64.233.167.104 us.mcafee.com O1 - Hosts: 64.233.167.104 liveupdate.symantec.com O1 - Hosts: 64.233.167.104 customer.symantec.com O1 - Hosts: 64.233.167.104 rads.mcafee.com O1 - Hosts: 64.233.167.104 trendmicro.com O1 - Hosts: 64.233.167.104 grisoft.com O1 - Hosts: 64.233.167.104 sandbox.norman.no O1 - Hosts: 64.233.167.104 www.pandasoftware.com O1 - Hosts: 64.233.167.104 uk.trendmicro-europe.com O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [ltwob] C:\WINNT\System32\formatsys.exe O4 - HKLM\..\Run: [serpe] C:\WINNT\System32\serbw.exe O4 - HKLM\..\RunServices: [ltwob] C:\WINNT\System32\formatsys.exe O4 - HKLM\..\RunServices: [serpe] C:\WINNT\System32\serbw.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Trust 730S LCD PowerC@M ZOOM Monitor.lnk = C:\Program Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe [/code:1:e180a75446] bedankt he! grtsz Marjon
  • Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:99f4961225] O1 - Hosts: 64.233.167.104 www.symantec.com O1 - Hosts: 64.233.167.104 www.sophos.com O1 - Hosts: 64.233.167.104 www.mcafee.com O1 - Hosts: 64.233.167.104 www.viruslist.com O1 - Hosts: 64.233.167.104 www.f-secure.com O1 - Hosts: 64.233.167.104 www.avp.com O1 - Hosts: 64.233.167.104 www.kaspersky.com O1 - Hosts: 64.233.167.104 www.networkassociates.com O1 - Hosts: 64.233.167.104 www.ca.com O1 - Hosts: 64.233.167.104 www.my-etrust.com O1 - Hosts: 64.233.167.104 www.nai.com O1 - Hosts: 64.233.167.104 www.trendmicro.com O1 - Hosts: 64.233.167.104 www.grisoft.com O1 - Hosts: 64.233.167.104 securityresponse.symantec.com O1 - Hosts: 64.233.167.104 symantec.com O1 - Hosts: 64.233.167.104 sophos.com O1 - Hosts: 64.233.167.104 mcafee.com O1 - Hosts: 64.233.167.104 liveupdate.symantecliveupdate.com O1 - Hosts: 64.233.167.104 viruslist.com O1 - Hosts: 64.233.167.104 f-secure.com O1 - Hosts: 64.233.167.104 kaspersky.com O1 - Hosts: 64.233.167.104 kaspersky-labs.com O1 - Hosts: 64.233.167.104 avp.com O1 - Hosts: 64.233.167.104 networkassociates.com O1 - Hosts: 64.233.167.104 ca.com O1 - Hosts: 64.233.167.104 mast.mcafee.com O1 - Hosts: 64.233.167.104 my-etrust.com O1 - Hosts: 64.233.167.104 download.mcafee.com O1 - Hosts: 64.233.167.104 dispatch.mcafee.com O1 - Hosts: 64.233.167.104 secure.nai.com O1 - Hosts: 64.233.167.104 nai.com O1 - Hosts: 64.233.167.104 update.symantec.com O1 - Hosts: 64.233.167.104 updates.symantec.com O1 - Hosts: 64.233.167.104 us.mcafee.com O1 - Hosts: 64.233.167.104 liveupdate.symantec.com O1 - Hosts: 64.233.167.104 customer.symantec.com O1 - Hosts: 64.233.167.104 rads.mcafee.com O1 - Hosts: 64.233.167.104 trendmicro.com O1 - Hosts: 64.233.167.104 grisoft.com O1 - Hosts: 64.233.167.104 sandbox.norman.no O1 - Hosts: 64.233.167.104 www.pandasoftware.com O1 - Hosts: 64.233.167.104 uk.trendmicro-europe.com O4 - HKLM\..\Run: [ltwob] C:\WINNT\System32\formatsys.exe O4 - HKLM\..\Run: [serpe] C:\WINNT\System32\serbw.exe O4 - HKLM\..\RunServices: [ltwob] C:\WINNT\System32\formatsys.exe O4 - HKLM\..\RunServices: [serpe] C:\WINNT\System32\serbw.exe [/b:99f4961225] Verwijder de volgende bestanden indien aanwezig: C:\WINNT\System32\formatsys.exe C:\WINNT\System32\serbw.exe Herstart de computer en doe een online-scan (liefst beiden): http://housecall.trendmicro.com/housecall/start_corp.asp http://www.pandasoftware.com/activescan/com/activescan_principal.htm Reboot de computer, run HijackThis opnieuw en post een nieuwe log.
  • tot slot, nu mijn computertje het weer helemaal doet (hoop ik nog niets gemerkt in ieder geval wat het tegendeel bewijst) nog maals een log van mijn HiJack scan, hopen dat hij nu 'clean' is! [code:1:0f3031d9e8]Logfile of HijackThis v1.99.1 Scan saved at 17:15:07, on 8-3-2005 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\Explorer.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.EXE C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINNT\System32\LVComS.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Marjon\Mijn documenten\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Trust 730S LCD PowerC@M ZOOM Monitor.lnk = C:\Program Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe [/code:1:0f3031d9e8] hoop dat je er nog even naar wilt kijken...hasstikke bedankt! owjah ps klopt het dat NVIDIA een besturingssysteem van het beeldscherm is of iets in die richting? ik ken het totaal niet (zou kunnen natuulrijk) maar kreeg een waarschuwing toen ik heb bij toeval wou verwijderen.. (fout geselecteerd) groetjes marjon
  • Dat Nvidia spul heeft te maken met je beeldkaart, kan je dus best laten staan. Logje ziet er goed uit. Vraagje Marjone: Had je nog bepaalde zaken moeten fixen met Hijackthis, of had dat tooltje van Norton alles verwijderd?
  • ehm.. goede vraag.. ik heb dat programmaatje wat Sjaak me gaf laten draaien, twee keer. kgeloof dat ik toen voor de zekerheid me adaware nog een keer heb laten scannen maar volgens mij was alles er wel af toen! ik weet niet meer zeker of ik hijack nog eens heb laten scannen..het zou best kunnen, maar dan waren er geen grote dingen die opvielen, want alles deed het weer, dus ik denk het niet! vrienden van mij hadden het virus ook, heb ik dat progje ook doorgegeven, en die zitten nu ook weer zonder problemen, dus dat ding werkt opzich goed.
  • Hier weer eens een HJT logfile van mij.. mijn pc begnt weer een beetje lastig en sloom te worden bij het openen van sommige internetpagina's.. Geen idee of het aan een virusje ligt of aan wat dan ook..maar voor dezekerheid toch even dit log. :oops: zou iemand er effe naar willen kijken??? alvast bedankT!!! :roll: [code:1:ebd992cb81]Logfile of HijackThis v1.99.1 Scan saved at 16:58:14, on 21-3-2005 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\Explorer.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.EXE C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\WINNT\System32\LVComS.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\Logitech\Video\FxSvr2.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Marjon\Mijn documenten\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Trust 730S LCD PowerC@M ZOOM Monitor.lnk = C:\Program Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylomgames.com/activex/zylomgamesplayer.cab O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe [/code:1:ebd992cb81]
  • Ik zie geen verdachte zaken Marjone.
  • Nou.. :o hasstikke bedankt dan he :D :D dan ehm... wordt het tijd me computer eens op te schonen..lijkt me handig dan.. Marjon
  • hoi hoi.. tis weer eens zo ver, zou iemand even naar mijn HiJackThis logje willen kijken?? ging iets goed mis met het installeren van morpheus... een beetje te veel processen actief nu... alvast bedankt! [code:1:c65fe23816]Logfile of HijackThis v1.99.1 Scan saved at 19:26:16, on 20-4-2005 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\Explorer.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe D:\qttask.exe C:\winnt\system32\ssdfxrhx.exe C:\WINNT\Dit.exe C:\WINNT\DitExp.exe C:\Program Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.EXE C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\winnt\system32\packager.exe C:\WINNT\System32\LVComS.exe C:\Documents and Settings\Marjon\Mijn documenten\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime O4 - HKLM\..\Run: [ssdfxrhx] c:\winnt\system32\ssdfxrhx.exe O4 - HKLM\..\Run: [morphstb] C:\WINNT\morphstb.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: Morpheus.lnk = C:\Program Files\StreamCast\Morpheus\morpheus.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Trust 730S LCD PowerC@M ZOOM Monitor.lnk = C:\Program Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylomgames.com/activex/zylomgamesplayer.cab O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe [/code:1:c65fe23816]
  • Download en installeer [url=http://www.ccleaner.com/]CCleaner[/url]. Gebruik het programma nog niet. Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig de volgende programma's: Morpheus Zorg ervoor dat alle verborgen bestanden en mappen weergegeven worden.[url=http://users.telenet.be/marcvn/spyware/1117602.htm]Hoe verborgen bestanden en mappen weergeven.[/url]. Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items: [b:98c45e9d8f]O4 - HKLM\..\Run: [ssdfxrhx] c:\winnt\system32\ssdfxrhx.exe O4 - HKLM\..\Run: [morphstb] C:\WINNT\morphstb.exe O4 - Startup: Morpheus.lnk = C:\Program Files\StreamCast\Morpheus\morpheus.exe[/b:98c45e9d8f] Klik daarna op "Fix checked" en sluit HijackThis af. Zoek via Windows verkenner naar volgende bestanden of mappen, en verwijder deze indien ze nog aanwezig zijn: c:\winnt\system32\ssdfxrhx.exe C:\WINNT\morphstb.exe C:\Program Files\StreamCast\Morpheus Start Ccleaner en klik op de knop "Opschonen". Herstart de computer in normale modus. Start HijackThis opnieuw, maak een nieuwe log en post deze. Check deze site even voor je een p2p-programma gaat installeren: http://www.spywareinfo.com/articles/p2p/
  • he dankje wel! ik heb je raad opgevolgd na het verwijderen van morpheus en het nogmaals runnen van HiJackThis, kon ik 04-Startup:morpheus/ enz. niet meer vinden Ook bij het zoeken via de verkenner kon ik alleen het eerste bestand nog maar vinden. maar goed, hier mijn Logfile van mijn laatste scan [code:1:ee8d3eed4d]Logfile of HijackThis v1.99.1 Scan saved at 22:50:39, on 20-4-2005 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\Explorer.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe D:\qttask.exe C:\WINNT\Dit.exe C:\WINNT\DitExp.exe C:\Program Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.EXE C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINNT\System32\LVComS.exe C:\Documents and Settings\Marjon\Mijn documenten\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Trust 730S LCD PowerC@M ZOOM Monitor.lnk = C:\Program Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylomgames.com/activex/zylomgamesplayer.cab O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe [/code:1:ee8d3eed4d]

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.