Vraag & Antwoord

Beveiliging & privacy

wil iemand deze Hijack log bekijken?

3 antwoorden
  • Logfile of HijackThis v1.99.1 Scan saved at 16:43:22, on 10-3-2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Kris\Mijn documenten\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://64.124.210.131/index.php?qq= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://64.124.210.131/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://64.124.210.131/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://64.124.210.131/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://64.124.210.131 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://64.124.210.131/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://64.124.210.131/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://64.124.210.131/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://64.124.210.131/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://64.124.210.131/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://64.124.210.131/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://64.124.210.131/ R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: ohb - {22B720C7-5FA6-40A8-9F8F-8584BF669690} - C:\WINDOWS\System32\trgen.dll O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\System32\winb2s32.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\System32\t.dll O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\System32\winb2s32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\grlyoja.exe O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/156cf5c88794159f5716/netzip/RdxIE601.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • Ik zal kijken of ik een recept kan uitschrijven voor deze PC. Er staat nl Begin2Search en FreshBar bar op die niet alleen via hijackthis kunnen worden verwijderd. Sjaak
  • Kijk of je het proces host.exe kan beëindigen (CTRL-ALT-DEL) en dan onder het tabblad processen. copieer de volgende regel: [b:61030979c1]regsvr32 /u C:\Windows\System32\winb2s32.dll [/b:61030979c1] Klik op Start -> Uitvoeren: plak nu de regel (CTRL-V) Copieer de volgende code naar notepad: [code:1:61030979c1] REGEDIT4 [-HKEY_CLASSES_ROOT\winb2s.dbi.1] [-HKEY_CLASSES_ROOT\winb2s.dbi] [-HKEY_CLASSES_ROOT\winb2s.iiittt.1] [-HKEY_CLASSES_ROOT\winb2s.iiittt] [-HKEY_CLASSES_ROOT\winb2s.momo.1] [-HKEY_CLASSES_ROOT\winb2s.momo] [-HKEY_CLASSES_ROOT\winb2s.ohb.1] [-HKEY_CLASSES_ROOT\winb2s.ohb] [-HKEY_CLASSES_ROOT\winb2s.amo.1] [-HKEY_CLASSES_ROOT\winb2s.amo] [-HKEY_CLASSES_ROOT\CLSID\{52FE5233-367C-4EFB-BDD7-0BE4D212C107}] [-HKEY_CLASSES_ROOT\CLSID\{07E9CDF4-20D2-46B1-B681-663968F527CE}] [-HKEY_CLASSES_ROOT\CLSID\{7C5E5671-7A1D-4AE8-91F0-496ADF2825F7}] [-HKEY_CLASSES_ROOT\CLSID\{4D568F0F-8AC9-40AB-88B7-415134C78777}] [-HKEY_CLASSES_ROOT\CLSID\{09C14745-90FD-42D1-9276-4924D7DBC274}] [-HKEY_CLASSES_ROOT\TypeLib\{081DE2F6-927B-4AA9-88C1-F531C9387383}] [-HKEY_CLASSES_ROOT\Interface\{A797A41D-F9F0-4A32-B9B5-AF927CB5AE54}] [-HKEY_CLASSES_ROOT\Interface\{B12508AD-CA55-4238-8DB3-55808BA6915A}] [-HKEY_CLASSES_ROOT\Interface\{F912C325-5B26-4AD6-BF39-84370833E972}] [-HKEY_CLASSES_ROOT\Interface\{BF7CB2C3-55B6-44C1-9615-920D004C27F7}] [-HKEY_CLASSES_ROOT\Interface\{6FE4AADF-EDAC-4037-9164-0B60179A4F12}] [-HKEY_CLASSES_ROOT\Interface\{17973BD7-959C-4D8A-8B2F-AB200E20A75E}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dsktrf.amo] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dsktrf.amo.1] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dsktrf.iiittt] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dsktrf.iiittt.1] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dsktrf.momo] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dsktrf.momo.1] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dsktrf.ohb] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dsktrf.ohb.1] [-HKEY_ALL_USERS\Software\_dsktptr] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6024FCD5-91FC-4DC7-8481-63EABD5051D8}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E4776F3A-6936-4A9C-B2DA-E57C239FD2F8}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF81672F-13FF-401F-8662-6E895C564CC4}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D568F0F-8AC9-40AB-88B7-415134C78777}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\code store database\distribution units\{07e9cdf4-20d2-46b1-b681-663968f527ce}\winb2s.dbi.1] [-HKEY_CURRENT_USER\SOFTWARE\aaa_soft][/code:1:61030979c1] Sla dit op het bureaublad met de naam fixme.reg Opslaan als type: [b:61030979c1]Alle bestanden[/b:61030979c1] Start dit bestand nog niet op! Print onderstaande tekst uit want de PC moet in VEILIGE mode worden herstart en dan heb je geen internet om dit te bekijken. Herstart de PC in VEILIGE MODE. Dat is op F8 als de computer weer gaat opstarten. Start nu hijackthis en selecteer de volgende items: [b:61030979c1]R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://64.124.210.131/index.php?qq= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://64.124.210.131/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://64.124.210.131/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://64.124.210.131/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://64.124.210.131 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://64.124.210.131/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://64.124.210.131/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://64.124.210.131/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://64.124.210.131/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://64.124.210.131/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://64.124.210.131/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://64.124.210.131/ R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file) O2 - BHO: ohb - {22B720C7-5FA6-40A8-9F8F-8584BF669690} - C:\WINDOWS\System32\trgen.dll O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\System32\winb2s32.dll O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\System32\t.dll O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\System32\winb2s32.dll O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\grlyoja.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/156cf5c88794159f5716/netzip/RdxIE601.cab [/b:61030979c1] Sluit nu alle vensters behalve hijackthis en klik op "Fix checked" Verwijder nu de volgende bestanden: Zorg dat je ook de systeembesturings- en verborgen bestanden kunt zien. C:\Windows\System32\t.dll C:\Windows\System32\winb2s32.dll C:\Windows\System32\dsktrf.dll C:\Windows\System32\reg6523.exe C:\Windows\System32\trgen.dll C:\Windows\System32\b2s_cache\ (gehele directory) C:\Windows\downloaded program files\winb2s32.inf C:\Program Files\Internet Explorer\grlyoja.exe Zoek en verwijder ook nog de volgende bestanden: host.exe, menu.txt en date.dat (mogelijk ook in C:\Windows\System32) Voer nu het bestand fixme.reg uit. Laat te aan het register toevoegen. Herstart de computer en maak een nieuw log met hijackthis en post dat. Geef ook aan welke bestanden je niet kon verwijderen. Sjaak

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.