Vraag & Antwoord

Beveiliging & privacy

Hijack log

5 antwoorden
  • Hallo, ik heb erg veel last van spyware, krijg het er niet allemaal af. Zal iemand kunnen kijken naar mijn Hijack log??? Alvast bedankt!! Logfile of HijackThis v1.97.7 Scan saved at 12:44:33, on 17-11-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\Programma's\Winamp\winampa.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Common Files\Nokia\Tools\NclTray.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Jan-Willem\Mijn documenten\Mijn downloads\Spyware\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programma's\Adobe\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programma's\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinampAgent] C:\Programma's\Winamp\winampa.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programma's\AutoCad\AcDcToday.ocx O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programma's\AutoCad\InstBanr.ocx O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programma's\AutoCad\InstFred.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programma's\AutoCad\AcPreview.ocx
  • je werkt met versie 1.97.7 er is in het programma een update mogelijkheid kan je hem soms updaten naar 1.99.1 en dan een nieuwe log plaatsen
  • Och, wat dom van me!!! Heb nu gelijk een hijack log gemaakt van de nieuwste versie... Logfile of HijackThis v1.99.1 Scan saved at 18:45:53, on 17-11-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\Programma's\Winamp\winampa.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Common Files\Nokia\Tools\NclTray.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Jan-Willem\Mijn documenten\Mijn downloads\Spyware\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programma's\Adobe\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programma's\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinampAgent] C:\Programma's\Winamp\winampa.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programma's\AutoCad\AcDcToday.ocx O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programma's\AutoCad\InstBanr.ocx O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programma's\AutoCad\InstFred.ocx O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programma's\AutoCad\AcPreview.ocx O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • Start HijackThis en kies voor "Do a system scan only"en vink de volgende regels aan: [b:e93c06d517]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - Default URLSearchHook is missing O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab[/b:e93c06d517] Sluit alle open vensters(behalve HijackThis) Klik daarna op "Fix checked" en sluit HijackThis af. Download AproposFix van: http://swandog46.geekstogo.com/aproposfix.exe Sla het op op je bureaublad, maar gebruik het nu nog niet. Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. In veilige modus: dubbelklik op aproposfix.exe en pak het uit op je bureaublad. Open de aproposfix map, en dubbelklik op [b:e93c06d517]RunThis.bat[/b:e93c06d517]. Volg de aanwijzingen op het scherm. Als het tooltje klaar is, start je de pc terug op in normale modus. Maak daarna een nieuw logje met HijackThis en post ook de inhoud van [b:e93c06d517]log.txt[/b:e93c06d517] , die je vindt in de aproposfix map. Meldt ook even of er nog problemen zijn. Groeten smeenk :wink:
  • Er is nog wel wat spyware... Hier nog de laatste log! Log of AproposFix v1 ************ Running from directory: C:\Programma's\Aproposfix\aproposfix ************ Registry entries found: [HKEY_LOCAL_MACHINE\Software\C1ietAvnJVtm] @="z30ALV9PQQPQQRQ:H1gwfsPQQPfSQzlqgrzvQHNHI3BWVQ2G7K3GHQK7:7A7C9RHNH" "Device"="\\\\.\\ascDTCP" "DriverPath"="C:\\WINDOWS\\system32\\drivers\\viailink.sys" "DriverName"="Weblw2k" "HideUninstallerName"="C:\\Program Files\\Cybffice\\hotpolcy.exe" "UninstallerPath"="C:\\WINDOWS\\system32\\dimcjt32.exe" "UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{4E9409C6-81B1-404A-8D39-F2A7060FDE33}" "UninstallerParams"="/CTUN" "HDll"="C:\\WINDOWS\\system32\\morw3ssl.dll" "ServerAddress"="adchannel.contextplus.net" "LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html" "PartnerId"="CP.IST2" "InstallationId"="{X5197902-0931-4b5a-db22-a095b8a4dec4}" "PageFiltering"=dword:00000001 "ClientName"="C:\\Program Files\\Cybffice\\smlredui.exe" ************ Removing hidden service: Service Weblw2k removed. Removing hidden folder: Deletion of folder Cybffice succeeded! Deleting files: Deletion of file C:\WINDOWS\system32\drivers\viailink.sys succeeded! Deletion of file C:\WINDOWS\system32\ctwsdpia.exe succeeded! Deletion of file C:\WINDOWS\system32\morw3ssl.dll succeeded! Deletion of file C:\WINDOWS\system32\dimcjt32.exe succeeded! Backing up files: Done! Removing registry entries: REGEDIT4 [-HKEY_CURRENT_USER\Software\C1ietAvnJVtm] [-HKEY_LOCAL_MACHINE\Software\C1ietAvnJVtm] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4E9409C6-81B1-404A-8D39-F2A7060FDE33}] Done! Finished!

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.