Vraag & Antwoord

Beveiliging & privacy

Hijackthislog

6 antwoorden
  • Hoi is het mogelijk om deze log eens te bekijken. Ik heb na een nieuwe windwos xp install een paar dagen zonder beveiliging op het i-net geweest. Ik heb hitman pro er al eens laten overgaan. Maar of m'n pc al helemaal zuiver is weet ik niet. Logfile of HijackThis v1.99.1 Scan saved at 22:34:47, on 3/05/2006 Platform: Windows 2003 SP1 (WinNT 5.02.3790) MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830) Running processes: D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\Messenger\msmsgs.exe D:\WINDOWS\SysWOW64\ctfmon.exe D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe D:\Program Files (x86)\ATI Technologies\ATI.ACE\cli.exe D:\Program Files (x86)\Eset\nod32kui.exe D:\WINDOWS\system32\rundll32.exe D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe D:\Program Files (x86)\Eset\nod32krn.exe D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe D:\Program Files (x86)\ATI Technologies\ATI.ACE\cli.exe D:\Program Files (x86)\ATI Technologies\ATI.ACE\cli.exe F:\Hijackthis\HijackThis.exe F2 - REG:system.ini: UserInit=userinit O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [nTrayFw] "D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" O4 - HKLM\..\Run: [ATICCC] "D:\Program Files (x86)\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [nod32kui] "D:\Program Files (x86)\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~2\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~2\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146347279000 O20 - Winlogon Notify: dimsntfy - D:\WINDOWS\SYSTEM32\dimsntfy.dll O20 - Winlogon Notify: EFS - D:\WINDOWS\SYSTEM32\sclgntfy.dll O20 - Winlogon Notify: WBSrv - D:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2saag.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - D:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Event Log (Eventlog) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - D:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - D:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - D:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files (x86)\Eset\nod32krn.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing) O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - D:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files (x86)\Spyware Doctor\sdhelp.exe O23 - Service: Virtual Disk Service (vds) - Unknown owner - D:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - D:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - D:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
  • Welkom :) Dat ziet er niet zo goed uit :( Voortaan oppassen he , Zonder antivirus of firewall na een schone update is erg risky :lol: [b:bdc98d6a1b]1.[/b:bdc98d6a1b]Eerst [b:bdc98d6a1b]NewdotNet[/b:bdc98d6a1b] Aanpakken, Indien restant aanwezig. Probeer de volgende mogelijke manieren om [b:bdc98d6a1b]New.net[/b:bdc98d6a1b] te verwijderen, in deze volgorde: 1) Ga naar Configuratiescherm > Software. Kijk of New.net Domains of New.net Application in de softwarelijst staat en, zo ja, deïnstalleer dit. Staat het niet in de softwarelijst of lukt het deïnstalleren niet, ga dan naar 2). 2) Kijk in de map C:\Program Files\NewDotNet of daarin een uninstaller staat. Die uninstaller heet uninstallX_XX.exe (waarbij de X'en staan voor cijfers). Zo ja, dubbelklik daarop om New.net te verwijderen. Lukt het op deze manier niet, ga dan naar 3). 3) Kijk in de map C:\Windows of daarin een uninstaller staat. Die uninstaller heet NDNuninstallx_xx.exe (waarbij de X'en staan voor cijfers). Zo ja, dubbelklik daarop om New.net te verwijderen. [b:bdc98d6a1b]2.[/b:bdc98d6a1b] Herstart de pc. [b:bdc98d6a1b]3)[/b:bdc98d6a1b] Download [color=orange:bdc98d6a1b] LspFix[/color:bdc98d6a1b] http://cexx.org/LSPFix.exe [b:bdc98d6a1b]4.[/b:bdc98d6a1b]Start het programma. Plaats een vinkje bij I know what I am doing. Zorg dat in het rechtse venster (remove venster) alle verwijzingen staan van: nvappfilter.dll (Let op enkel deze mogen in het remove-venster staan, geen anderen!!!) Klik op Finish. [b:bdc98d6a1b]5.[/b:bdc98d6a1b] Start op in veilige modus: [b:bdc98d6a1b]''Opstarten'' ''De F8 knop in tappen'' ''Veilige modus selecteren''[/b:bdc98d6a1b] [b:bdc98d6a1b]6.[/b:bdc98d6a1b]Verwijder de volgende vetgedrukte mappen en of bestanden: d:\windows\system32\[b:bdc98d6a1b]nvappfilter.dll[/b:bdc98d6a1b] [b:bdc98d6a1b]7.[/b:bdc98d6a1b] Herstart je computer, En run Hijackthis, Bewaar, en post het nieuwe logje. Succes, Greetz chrizz 8)
  • Chriss, kijk hier eens: http://castlecops.com/lsp-164.html Deze is gewoon een restantje van New.Net: [b:9f01626c67]O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~2\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s [/b:9f01626c67]
  • Als ik het dus goed begrijp kan ik een driver opnieuw installeren :roll: Hier is m'n nieuwe log... :wink: Logfile of HijackThis v1.99.1 Scan saved at 23:24:34, on 3/05/2006 Platform: Windows 2003 SP1 (WinNT 5.02.3790) MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830) Running processes: D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\Messenger\msmsgs.exe D:\WINDOWS\SysWOW64\ctfmon.exe D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe D:\Program Files (x86)\ATI Technologies\ATI.ACE\cli.exe D:\Program Files (x86)\Eset\nod32kui.exe D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe D:\Program Files (x86)\Eset\nod32krn.exe D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe D:\Program Files (x86)\ATI Technologies\ATI.ACE\cli.exe D:\Program Files (x86)\ATI Technologies\ATI.ACE\cli.exe F:\Hijackthis\HijackThis.exe F2 - REG:system.ini: UserInit=userinit O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [nTrayFw] "D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" O4 - HKLM\..\Run: [ATICCC] "D:\Program Files (x86)\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [nod32kui] "D:\Program Files (x86)\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~2\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146347279000 O20 - Winlogon Notify: dimsntfy - D:\WINDOWS\SYSTEM32\dimsntfy.dll O20 - Winlogon Notify: EFS - D:\WINDOWS\SYSTEM32\sclgntfy.dll O20 - Winlogon Notify: WBSrv - D:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2saag.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - D:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Event Log (Eventlog) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - D:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - D:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Unknown owner - D:\Program Files (x86)\Sunbelt Software\Personal Firewall 4\kpf4ss.exe (file missing) O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - D:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files (x86)\Eset\nod32krn.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - D:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing) O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - D:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files (x86)\Spyware Doctor\sdhelp.exe O23 - Service: Virtual Disk Service (vds) - Unknown owner - D:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - D:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - D:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
  • Misschien wat software van NVIDIA opnieuw installeren. Ik zie bij een aantal services (file missing) staan, heb je die zelf uitgeschakeld?
  • uhm... Ik heb niets zelf uitgeschakeld :-? Dit ziet er allesbehalve goed uit :roll: Wat zou ik misgedaan kunnen hebben?

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.