Vraag & Antwoord

Beveiliging & privacy

Logje

Anoniem
pcguy
4 antwoorden
 • Logfile of HijackThis v1.98.2
  Scan saved at 0:18:16, on 15-10-2004
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  F:\WINDOWS\System32\smss.exe
  F:\WINDOWS\system32\winlogon.exe
  F:\WINDOWS\system32\services.exe
  F:\WINDOWS\system32\lsass.exe
  F:\WINDOWS\system32\svchost.exe
  F:\WINDOWS\System32\svchost.exe
  F:\WINDOWS\Explorer.EXE
  F:\WINDOWS\system32\spoolsv.exe
  C:\PROGRA~1\AVG\avgserv.exe
  F:\WINDOWS\System32\nvsvc32.exe
  G:\Shit\Serv-U\ServUDaemon.exe
  F:\WINDOWS\System32\svchost.exe
  C:\Programma's\MSG\MsgPlus.exe
  F:\WINDOWS\anvshell.exe
  F:\WINDOWS\system32\wscntfy.exe
  F:\Program Files\MSN Messenger\msnmsgr.exe
  F:\Program Files\MSN Messenger\msnmsgr.exe
  F:\Program Files\Messenger\msmsgs.exe
  F:\PROGRA~1\eZula\mmod.exe
  F:\PROGRA~1\WEBOFF~1\wo.exe
  F:\Program Files\Internet Explorer\iexplore.exe
  C:\PROGRA~1\AVG\AVGCC32.EXE
  F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
  C:\Programma's\AVG\avgw.exe
  F:\DOCUME~1\Jayday\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe
  F:\Program Files\Windows NT\Bureau-accessoires\wordpad.exe
  F:\DOCUME~1\Jayday\LOCALS~1\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.computertotaal.nl/phpBB
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=runonce&pver=6.0&plcid=0x0413
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\AVG\avgcc32.exe /startup
  O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programma's\MSG\MsgPlus.exe"
  O4 - HKLM\..\Run: [Anvshell] anvshell.exe
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [LiveNote] livenote.exe
  O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\\NeroCheck.exe
  O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
  O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
  O4 - HKCU\..\Run: [eZmmod] F:\PROGRA~1\ezula\mmod.exe
  O4 - HKCU\..\Run: [eZWO] F:\PROGRA~1\Web Offer\wo.exe
  O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O8 - Extra context menu item: Gelijkwaardige pagina's - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Koppelingspagina's - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
  O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - G:\Shit\IFview\Ebay\Ebay.htm
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096716190215


  Thnz Dion.. :wink:
 • ben ff bezig.

  Edit:
  Post even die log na een reboot en zet hjt ff in een eigen map.

  edit2: Op MSN van hem vernomen dat hij de nieuwe in z'n bovenste post heeft gezet (post dus geedit), ik fix alleen niet via msn icm notepad oid omdat ik het hier op de een of andere manier fijner vind (waarom weet ik ook niet maar goed)
 • Open taakbeheer en kill deze processen even:
  [list:5fdc7c024d][b:5fdc7c024d]mmod.exe
  wo.exe[/b:5fdc7c024d][/list:u:5fdc7c024d]

  Sluit ff alle vensters en dan mag je deze repareren,
  [list:5fdc7c024d][b:5fdc7c024d]O4 - HKCU\..\Run: [eZmmod] F:\PROGRA~1\ezula\mmod.exe
  O4 - HKCU\..\Run: [eZWO] F:\PROGRA~1\Web Offer\wo.exe[/b:5fdc7c024d][/list:u:5fdc7c024d]

  Daarna even in de veilige modus gaan en alle bestanden laten weergeven op deze manier: http://users.pandora.be/marcvn/spyware/1117602.htm

  Herstarten en nieuw logje plaatsen.
 • Logfile of HijackThis v1.98.2
  Scan saved at 0:28:47, on 15-10-2004
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  F:\WINDOWS\System32\smss.exe
  F:\WINDOWS\system32\winlogon.exe
  F:\WINDOWS\system32\services.exe
  F:\WINDOWS\system32\lsass.exe
  F:\WINDOWS\system32\svchost.exe
  F:\WINDOWS\System32\svchost.exe
  F:\WINDOWS\system32\spoolsv.exe
  C:\PROGRA~1\AVG\avgserv.exe
  F:\WINDOWS\System32\nvsvc32.exe
  G:\Shit\Serv-U\ServUDaemon.exe
  F:\WINDOWS\System32\svchost.exe
  C:\Programma's\MSG\MsgPlus.exe
  F:\WINDOWS\anvshell.exe
  F:\WINDOWS\system32\wscntfy.exe
  F:\Program Files\MSN Messenger\msnmsgr.exe
  F:\Program Files\MSN Messenger\msnmsgr.exe
  F:\Program Files\Messenger\msmsgs.exe
  C:\PROGRA~1\AVG\AVGCC32.EXE
  F:\DOCUME~1\Jayday\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe
  F:\DOCUME~1\Jayday\LOCALS~1\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe
  F:\WINDOWS\system32\NOTEPAD.EXE
  F:\WINDOWS\explorer.exe
  F:\Program Files\Internet Explorer\iexplore.exe
  F:\DOCUME~1\Jayday\LOCALS~1\Temp\Tijdelijke map 3 voor hijackthis.zip\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.computertotaal.nl/phpBB
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=runonce&pver=6.0&plcid=0x0413
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\AVG\avgcc32.exe /startup
  O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programma's\MSG\MsgPlus.exe"
  O4 - HKLM\..\Run: [Anvshell] anvshell.exe
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [LiveNote] livenote.exe
  O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\\NeroCheck.exe
  O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
  O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
  O4 - HKLM\..\RunOnce: [AAW] "F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
  O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O8 - Extra context menu item: Gelijkwaardige pagina's - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Koppelingspagina's - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
  O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - G:\Shit\IFview\Ebay\Ebay.htm
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096716190215

  Alsje

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.