Vraag & Antwoord

Beveiliging & privacy

hijackthis log

Anoniem
None
3 antwoorden
 • Wie kan mijn Hijackthis logfile bekijken en beoordelen

  Logfile of HijackThis v1.97.7
  Scan saved at 21:53:01, on 22-9-2004
  Platform: Windows XP (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 (6.00.2600.0000)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\System32\inetsrv\inetinfo.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\WINDOWS\System32\tcpsvcs.exe
  C:\WINDOWS\System32\snmp.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\WINDOWS\System32\mqsvc.exe
  C:\WINDOWS\System32\mqtgsvc.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
  D:\Program Files\SETI@home\SETI@home.exe
  C:\Program Files\Messenger\msmsgs.exe
  D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  D:\Program Files\wincmd\WinCmd32.exe
  D:\Temp\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zdefkwabpiakwnbgtaqjpt.uk/yUq1XmuWftIWuLS7MU58ndh_aCpQhABfYIk3c19e_II.htm
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.pvxmxvkobiavckjcqetnnc.net/yUq1XmuWftLdwKZSeCzH813GPwDYAGJ7V5P699V_oZd0CGU35g9OKsF1CpRfbaiq.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Plus18Point/Portal/portal.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://zznvpkocjuxpeb.com/yUq1XmuWftIWuLS7MU58ncmbLYFdzIVWYIk3c19e_II.html
  R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
  R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
  N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.rujzyrgqkzdvhxenf.org/yUq1XmuWftIWuLS7MU58nVdF_5BKecB_YIk3c19e_II.jpg"); (C:\Program Files\Netscape\Users\kielman\prefs.js)
  N3 - Netscape 7: user_pref("browser.startup.homepage", "http://start.home.nl"); (C:\Documents and Settings\Bert\Application Data\Mozilla\Profiles\default\q5np22jl.slt\prefs.js)
  N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Bert\Application Data\Mozilla\Profiles\default\q5np22jl.slt\prefs.js)
  O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
  O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: (no name) - {DCF7B65F-D35E-CA8B-903C-5FC5CA8EC0DA} - C:\PROGRA~1\DATAVG~1\Live roam.exe
  O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\nl\msntb.dll
  O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
  O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
  O4 - HKCU\..\Run: [seticlient] D:\Program Files\SETI@home\SETI@home.exe -min
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - Global Startup: ZoneAlarm.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
  O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
  O9 - Extra button: ICQ 4 (HKLM)
  O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
  O9 - Extra button: Messenger (HKLM)
  O9 - Extra 'Tools' menuitem: Messenger (HKLM)
  O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
  O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
  O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095186354592
  O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
  O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
  O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 • Deze fixen in hijackthis

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zdefkwabpiakwnbgtaqjpt.uk/yUq1XmuWftIWuLS7MU58ndh_aCpQhABfYIk3c19e_II.htm
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.pvxmxvkobiavckjcqetnnc.net/yUq1XmuWftLdwKZSeCzH813GPwDYAGJ7V5P699V_oZd0CGU35g9OKsF1CpRfbaiq.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Plus18Point/Portal/portal.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://zznvpkocjuxpeb.com/yUq1XmuWftIWuLS7MU58ncmbLYFdzIVWYIk3c19e_II.html
  R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
  R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
  O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
  O2 - BHO: (no name) - {DCF7B65F-D35E-CA8B-903C-5FC5CA8EC0DA} - C:\PROGRA~1\DATAVG~1\Live roam.exe
  O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
  O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
  O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
  O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx

  Hmmm.. ik mis hier wel iets, nl. de exe die verantwoordelijk is voor je plus18point, tenzij het weer een
  nieuwe variant is.. en ik die blijkbaar over het hoofd zie..

  Verder pc in veilige mode rebooten en volgende wissen:

  C:\WINDOWS\System32\P2P Networking\ <== deze map
  C:\PROGRA~1\DATAVG~1\Live roam.exe
  C:\Program Files\MyWay\ <== deze map
 • Probeer van tevoren switch te deinstaleren in software in het configuratiescherm,

  Volg de instructies van Miekiemoes op, daarna even herstarten en een nieuwe log posten met deze versie:
  http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13

  @Miekiemoes, ik zie ook geen ander item van switch, probeer trouwens wel altijd switch in het configuratiescherm onder software eruit te gooien,

  Edit: deze ook fixen, is pretpakket van msn+ in netscape versie,
  [list:6c8def0961][b:6c8def0961]
  N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.rujzyrgqkzdvhxenf.org/yUq1XmuWftIWuLS7MU58nVdF_5BKecB_YIk3c19e_II.jpg"); (C:\Program Files\Netscape\Users\kielman\prefs.js)[/b:6c8def0961][/list:u:6c8def0961]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.