Vraag & Antwoord

Beveiliging & privacy

hijack this log

Anoniem
De huismeester
4 antwoorden
  • hallo,

    zou iemand even kunnen kijken naar deze hijackthislog? ik vertrouw zelf o16 op het eind niet.

    Logfile of HijackThis v1.97.7
    Scan saved at 19:34:27, on 19-7-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    C:\Program Files\Babylon\Babylon.exe
    C:\ScanPanel\ScnPanel.exe
    C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
    C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\Program Files\Firefox\firefox.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\DOCUME~1\JV177F~1.VEE\LOCALS~1\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://choise.netfirms.com/sun
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tele2.nl/redirect/startpage/dial_up/dut/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.mcafee-at-home.com/
    O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
    O4 - HKCU\..\Run: [Babylon Translator] C:\Program Files\Babylon\Babylon.exe
    O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.tele2.nl/redirect/startpage/dial_up/dut/
    O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} - http://63.219.181.7/cax.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38164.0582407407
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B82DC338-491D-40F3-AC94-848135E7910E}: NameServer = 130.244.127.161 130.244.127.169

    alvast bedankt.
  • zal wel even blieken
  • alleen onderstaande 016 plaats ik grote twijfels bij, 99% zeker dat hij weg mag:
    O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} - http://63.219.181.7/cax.cab

    verder lijkt de log me clean
  • heb hem verwijderd thanx for the help :D

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.