Vraag & Antwoord

Beveiliging & privacy

Hijackthis log, willen jullie die eens bekijken

Anoniem
pcguy
3 antwoorden
  • Logfile of HijackThis v1.98.0
    Scan saved at 21:52:01, on 23-9-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    C:\Program Files\ahead\InCD\InCD.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    c:\progra~1\intern~1\iexplore.exe
    C:\WINDOWS\System32\int1.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Download\HijackThis.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sasuttkkepixnsdw.us/fceL7TnwHNI/IJw/9Cvqv_Z0WhXmLHz2FlVcjDvy7Og.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cghzvmmtzcpxijg.net/fceL7TnwHNJceg4aunZEJNEQoM1JKYID/3XdayyT_d7BKEjjtxAi_Zw_UveB15He.html
    F0 - system.ini: Shell=
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [hpsjbmgr] C:\SCANJET\PrecisionScanLT\hpsjbmgr.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
    O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKLM\..\Run: [beep2] C:\PROGRA~1\TRAYLO~1\ATOMAXIS.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [Classes] C:\WINDOWS\System32\int1.exe
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
    O4 - Startup: Microsoft Office Werkbalk.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
  • ben bezig
  • Open taakbeheer (ctrl + alt + del) en kill dit process:
    [list:c92f6fa745][b:c92f6fa745]int1.exe[/b:c92f6fa745][/list:u:c92f6fa745]

    Sluit alle vensters en laat deze fixen:
    [list:c92f6fa745][b:c92f6fa745]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sasuttkkepixnsdw.us/fceL7TnwHNI/IJw/9Cvqv_Z0WhXmLHz2FlVcjDvy7Og.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cghzvmmtzcpxijg.net/fceL7TnwHNJceg4aunZEJNEQoM1JKYID/3XdayyT_d7BKEjjtxAi_Zw_UveB15He.html
    O4 - HKLM\..\Run: [Classes] C:\WINDOWS\System32\int1.exe[/b:c92f6fa745][/list:u:c92f6fa745]


    Scan deze even bij kaspersky:[list:c92f6fa745][b:c92f6fa745]C:\PROGRA~1\TRAYLO~1\ATOMAXIS.exe[/b:c92f6fa745][/list:u:c92f6fa745]

    Herstart in veilige modus, laat alle verborgen bestanden weergeven en verwijder indien nog aanwezig:
    [list:c92f6fa745][b:c92f6fa745]C:\WINDOWS\System32\int1.exe <— deze file[/b:c92f6fa745][/list:u:c92f6fa745]

    Herstart en post een nieuwe log.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.