Vraag & Antwoord

Beveiliging & privacy

Hijack This

Anoniem
De huismeester
5 antwoorden
  • Wie kan mij helpen wat ik moet verwijderen met Hijack This met behulp van de onderstaande log? Ik heb niet zoveel verstand van hoaxen, spyware, enz. Bijvoorbaat dank:

    Logfile of HijackThis v1.97.7
    Scan saved at 21:38:00, on 24-5-2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\GEARSEC.EXE
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\Program Files\Messenger Plus! 2\MsgPlus.exe
    C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\WINDOWS\System32\avhswq.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\VVSN\VVSN.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Creative\TaskBar\CTLTray.exe
    C:\Program Files\Creative\TaskBar\CTLTask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\PROGRA~1\NORTON~1\navw32.exe
    C:\Program Files\Norton AntiVirus\QSERVER.EXE
    C:\WINDOWS\system32\ntvdm.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\System32\inetsrv\DavCData.exe
    C:\Documents and Settings\Piet\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.nld.chello.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL (file missing)
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [76986330.exe] C:\WINDOWS\System32\76986330.exe
    O4 - HKLM\..\Run: [ynjzeixm] C:\WINDOWS\tjvdws.exe
    O4 - HKLM\..\Run: [EKRXB] C:\WINDOWS\EKRXB.exe
    O4 - HKLM\..\Run: [FLSYFMSZG] C:\WINDOWS\FLSYFMSZG.exe
    O4 - HKLM\..\Run: [PVZGMTZ] C:\WINDOWS\PVZGMTZ.exe
    O4 - HKLM\..\Run: [QEKRELRY] C:\WINDOWS\QEKRELRY.exe
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.4.6.0\WeatherOnTray.exe
    O4 - HKLM\..\Run: [ogejgcgl] C:\WINDOWS\System32\avhswq.exe
    O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
    O4 - HKLM\..\Run: [zal] C:\WINDOWS\zal.exe
    O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
    O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe"
    O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
    O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe"
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.accessoveloce.com/mar/x/igmp1f.exe
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/ddm_control.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
    O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
  • Ik ga even kijken voor je.
  • Open je taakmanager en beieindig het proces:

    VVSN.EXE

    Draai HijackThis opnieuw en verwijder de volgende items:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL (file missing)

    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll

    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe

    O4 - HKLM\..\Run: [76986330.exe] C:\WINDOWS\System32\76986330.exe

    O4 - HKLM\..\Run: [ynjzeixm] C:\WINDOWS\tjvdws.exe

    O4 - HKLM\..\Run: [EKRXB] C:\WINDOWS\EKRXB.exe

    O4 - HKLM\..\Run: [FLSYFMSZG] C:\WINDOWS\FLSYFMSZG.exe

    O4 - HKLM\..\Run: [PVZGMTZ] C:\WINDOWS\PVZGMTZ.exe

    O4 - HKLM\..\Run: [QEKRELRY] C:\WINDOWS\QEKRELRY.exe

    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.4.6.0\WeatherOnTray.exe

    O4 - HKLM\..\Run: [ogejgcgl] C:\WINDOWS\System32\avhswq.exe

    O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe

    O4 - HKLM\..\Run: [zal] C:\WINDOWS\zal.exe

    O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe

    O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe

    O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.accessoveloce.com/mar/x/igmp1f.exe

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab

    O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/ddm_control.CAB

    O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx

    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe

    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB

    Herstart nu in veilige modus en met alle bestanden weergeven aan, en verwijder indien aanwezig:

    C:\WINDOWS\tjvdws.exe <= dit bestand

    C:\WINDOWS\EKRXB.exe <= dit bestand

    C:\WINDOWS\FLSYFMSZG.exe <= dit bestand
    C:\WINDOWS\PVZGMTZ.exe <= dit bestand
    C:\WINDOWS\QEKRELRY.exe <= dit bestand

    C:\Program Files\Hotbar <= dit bestand

    C:\WINDOWS\System32\avhswq.exe <= dit bestand

    C:\Program Files\VVSN <= dit bestand

    C:\WINDOWS\zal.exe <= dit bestand

    C:\WINDOWS\mwsvm.exe <= dit bestand

    c:\installer\id53.exe <= dit bestand

    Herstart en zet een nieuw Hijacklog in je volgende bericht.
  • Verplaatst naar Beveiliging & Privacy
  • Enorm bedankt. Het was een supersnelle reactie en alles werkt nu weer prima.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.