Vraag & Antwoord

Beveiliging & privacy

kan iemand mijn logje checken

5 antwoorden
  • Alvast Bedankt Logfile of HijackThis v1.99.1 Scan saved at 10:45:30, on 1-3-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Azureus\Azureus.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\dwwin.exe C:\Documents and Settings\Administrator\Bureaublad\[_Movie_]\[CRACK & SETUP]\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.lk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://roojaa.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • Er is een beperking in Internet Explorer waardoor je niet alle instellingen kunt wijzigen. Mogelijk dat dit door Spybot S&D is ingesteld. Indien jij deze instelling niet zelf hebt ingesteld, dan mag je de volgende regel fixen: O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present plaats een nieuw logje van HJT aub.
  • kan iemand naar de volgende logje kijken... Logfile of HijackThis v1.99.1 Scan saved at 17:26:59, on 12-3-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe C:\Program Files\Ahead\nero\nero.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Azureus\Azureus.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Administrator\Bureaublad\[_Movies_]\[CRACK & SETUP]\VobSub_2.23.exe C:\Documents and Settings\Administrator\Bureaublad\[_Movies_]\[CRACK & SETUP]\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.lk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://roojaa.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{50DC3329-E2A8-4E5F-8B81-82F054870461}: NameServer = 85.255.115.62,85.255.112.156 O17 - HKLM\System\CCS\Services\Tcpip\..\{C098AE01-4EBA-4A82-A4C3-2EA8EE69BB22}: NameServer = 85.255.115.62,85.255.112.156 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156 O17 - HKLM\System\CS1\Services\Tcpip\..\{50DC3329-E2A8-4E5F-8B81-82F054870461}: NameServer = 85.255.115.62,85.255.112.156 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156 O17 - HKLM\System\CS2\Services\Tcpip\..\{50DC3329-E2A8-4E5F-8B81-82F054870461}: NameServer = 85.255.115.62,85.255.112.156 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • Dat deed ik al, Er is een beperking in Internet Explorer waardoor je niet alle instellingen kunt wijzigen. Mogelijk dat dit door Spybot S&D is ingesteld. Indien jij deze instelling niet zelf hebt ingesteld, dan mag je de volgende regel fixen: O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present [i:60c3e91f9f]Print de onderstaande instructies uit omdat je de computer tijdens het fixen moet herstarten. (kopieer de tekst naar bijv. Word en print dit uit)[/i:60c3e91f9f] Download FixWareout van één van de volgende links: [url]http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe[/url] [url]http://downloads.subratam.org/Fixwareout.exe[/url] Sla het op je bureaublad op en dubbelklik op [b:60c3e91f9f]Fixwareout.exe[/b:60c3e91f9f]. Klik op "Next", daarna op "Install". Zorg dat "Run Fixit" aangevinkt is en klik dan op "Finish". Volg de aanwijzingen op het scherm. Als je gevraagd wordt om de computer opnieuw te starten doe je dit. Het zal wat langer duren voor de computer opnieuw volledig opgestart is. Dit is normaal. Zodra je Bureaublad geladen is, zal een tekstbestand openen (report.txt). [i:60c3e91f9f]Let op! Als je antivirus een scriptblokker heeft krijg je een waarschuwing zoals "malicious script warning" wanneer je dit tooltje gaat draaien. Je kunt deze waarschuwing negeren.[/i:60c3e91f9f] Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:60c3e91f9f] O17 - HKLM\System\CCS\Services\Tcpip\..\{50DC3329-E2A8-4E5F-8B81-82F054870461}: NameServer = 85.255.115.62,85.255.112.156 O17 - HKLM\System\CCS\Services\Tcpip\..\{C098AE01-4EBA-4A82-A4C3-2EA8EE69BB22}: NameServer = 85.255.115.62,85.255.112.156 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156 O17 - HKLM\System\CS1\Services\Tcpip\..\{50DC3329-E2A8-4E5F-8B81-82F054870461}: NameServer = 85.255.115.62,85.255.112.156 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156 O17 - HKLM\System\CS2\Services\Tcpip\..\{50DC3329-E2A8-4E5F-8B81-82F054870461}: NameServer = 85.255.115.62,85.255.112.156 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156 [/b:60c3e91f9f] Klik op 'Fix checked' om de items te verwijderen. [b:60c3e91f9f]Als je problemen hebt met de internet verbinding, voer dan het volgende uit[/b:60c3e91f9f]: Ga naar het Configuratiescherm en klik op "Netwerkverbindingen". Rechtsklik op je standaard verbinding en kies "Eigenschappen". Klik op het tabblad "Algemeen" en dubbelklik op "Internet-Protocol (TCP/IP)". Selecteer "Automatisch een DNS-serveradres laten toewijzen". Plaats de inhoud van het log dat je hier kan vinden: C:\fixwareout\report.txt, post ook een nieuw HijackThis log.
  • Logfile of HijackThis v1.99.1 Scan saved at 10:14:52, on 14-3-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Administrator\Bureaublad\[_TamilMovie_]\[CRACK & SETUP]\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.lk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://roojaa.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Fixwareout Last edited 2/11/2007 Post this report in the forums please ... »»»»»Prerun check HKLM\SOFTWARE\~\Winlogon\ "System"="kdyks.exe" »»»»» System restarted »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... »»»»» Misc files. .... »»»»» Checking for older varients. .... Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other C:\WINDOWS\Temp\kdyks.ren 63331 13-03-2007 »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled] "QuickTime Task"="\"C:\\WINDOWS\\system32\\qttask.exe\" -atboottime" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»»

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.