Vraag & Antwoord

Beveiliging & privacy

hijackthislog julesvanhaaren

2 antwoorden
  • hey, ik heb erg veel last van hardnekkige pop-ups. na meerdere malen scannen met hitman pro, zijn ze nog niet weg. heb ook geen idee hoe ik hier van af kom... daarom een logfile van hijackThis. Logfile of HijackThis v1.99.1 Scan saved at 14:55:47, on 6-5-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\LQ\command.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Network Monitor\netmon.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\Mixer.exe C:\Program Files\BearShare\BearShare.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\MessengerPlus! 3\MsgPlus1.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE C:\defender25.exe C:\Program Files\ipwins\ipwins.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\msconfig.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\taskmgr.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\GreatMemo\GreatMemo.exe C:\Program Files\ipwins\count.exe C:\DOCUME~1\Jules\APPLIC~1\MBOLS~1\smss.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\??sks\s?ool32.exe C:\Program Files\Weather\Weather.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Jules\Bureaublad\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ctsearch.net O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [winlog] winlog.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240" O4 - HKLM\..\Run: [Msn Messenger] msnmsg.exe O4 - HKLM\..\Run: [defender] C:\\defender25.exe O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe O4 - HKLM\..\Run: [newname] C:\\newname25.exe O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe O4 - HKLM\..\RunServices: [winlog] winlog.exe O4 - HKLM\..\RunServices: [Msn Messenger] msnmsg.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Pesa] "C:\DOCUME~1\Jules\APPLIC~1\MBOLS~1\smss.exe" -vt yazr O4 - HKCU\..\Run: [Sxg] C:\Program Files\??sks\s?ool32.exe O4 - Startup: GreatMemo.lnk = C:\Program Files\GreatMemo\GreatMemo.exe O4 - Startup: Weather.lnk = C:\Program Files\Weather\Weather.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: msconfig.exe O4 - Global Startup: taskmgr.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142953845305 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{10242DE7-9FAB-4C69-B5E2-26698B3839A5}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{10242DE7-9FAB-4C69-B5E2-26698B3839A5}: NameServer = 192.168.1.1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: C:\WINDOWS\system32\attrib.dll C:\WINDOWS\system32\msiexec.dll O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\j0j6la1s1d.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\LQ\command.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
  • Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig de volgende programma's: Network Monitor Command (of Command service) Toolbar888 Download Brute Force Uninstaller: http://www.merijn.org/files/bfu.zip Unzip/pak het uit naar zijn eigen map op je C:\ (c:\BFU). Lees hier hoe je op de juiste wijze moet unzippen/uitpakken: http://home.planet.nl/~kleyn080/unzippenXPuitleg.html Dubbelklik op BFU.exe om the Brute Force Uninstaller te starten. Naast 'scriptfile to execute'-venster zal je een klein icoontje zien: [img:0fb6a851c8]http://users.telenet.be/bluepatchy/miekiemoes/images/bfuicon.JPG[/img:0fb6a851c8] Klik op dat icoontje en een nieuw venster zal openen. Bovenaan zie je staan: 'Please enter the full URL to the script you want to execute' In het venster kopieer en plak je volgende url: [url]http://metallica.geekstogo.com/alcanshorty.bfu[/url] Klik op OK Daarna klik je op [b:0fb6a851c8]execute[/b:0fb6a851c8] in Brute Force Uninstaller. Wacht tot je de boodschap [b:0fb6a851c8]complete script execution[/b:0fb6a851c8] te zien krijgt en klik daarna op [b:0fb6a851c8]OK[/b:0fb6a851c8]. Klik [b:0fb6a851c8]exit[/b:0fb6a851c8] om het programma te beeïndigen. Start de computer op in veilige modus. Hoe je dit doet kan je [url=http://users.telenet.be/marcvn/spyware/1378056.htm]hier[/url] lezen. Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items: [b:0fb6a851c8] F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ctsearch.net O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKCU\..\Run: [Pesa] "C:\DOCUME~1\Jules\APPLIC~1\MBOLS~1\smss.exe" -vt yazr O4 - HKCU\..\Run: [Sxg] C:\Program Files\??sks\s?ool32.exe O4 - HKLM\..\Run: [Msn Messenger] msnmsg.exe O4 - HKLM\..\RunServices: [Msn Messenger] msnmsg.exe O4 - Global Startup: msconfig.exe O4 - Global Startup: taskmgr.exe O20 - AppInit_DLLs: C:\WINDOWS\system32\attrib.dll C:\WINDOWS\system32\msiexec.dll[/b:0fb6a851c8] Klik daarna op "Fix checked" en sluit HijackThis af. Herstart de computer. Start HijackThis opnieuw, maak een nieuwe log en post deze. Al je problemen zullen nog niet opgelost zijn.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.