Vraag & Antwoord

Beveiliging & privacy

Logje

Anoniem
pcguy
4 antwoorden
  • Logfile of HijackThis v1.98.2
    Scan saved at 0:18:16, on 15-10-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\avgserv.exe
    F:\WINDOWS\System32\nvsvc32.exe
    G:\Shit\Serv-U\ServUDaemon.exe
    F:\WINDOWS\System32\svchost.exe
    C:\Programma's\MSG\MsgPlus.exe
    F:\WINDOWS\anvshell.exe
    F:\WINDOWS\system32\wscntfy.exe
    F:\Program Files\MSN Messenger\msnmsgr.exe
    F:\Program Files\MSN Messenger\msnmsgr.exe
    F:\Program Files\Messenger\msmsgs.exe
    F:\PROGRA~1\eZula\mmod.exe
    F:\PROGRA~1\WEBOFF~1\wo.exe
    F:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\AVG\AVGCC32.EXE
    F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\Programma's\AVG\avgw.exe
    F:\DOCUME~1\Jayday\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe
    F:\Program Files\Windows NT\Bureau-accessoires\wordpad.exe
    F:\DOCUME~1\Jayday\LOCALS~1\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.computertotaal.nl/phpBB
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=runonce&pver=6.0&plcid=0x0413
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\AVG\avgcc32.exe /startup
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programma's\MSG\MsgPlus.exe"
    O4 - HKLM\..\Run: [Anvshell] anvshell.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LiveNote] livenote.exe
    O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
    O4 - HKCU\..\Run: [eZmmod] F:\PROGRA~1\ezula\mmod.exe
    O4 - HKCU\..\Run: [eZWO] F:\PROGRA~1\Web Offer\wo.exe
    O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - G:\Shit\IFview\Ebay\Ebay.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096716190215


    Thnz Dion.. :wink:
  • ben ff bezig.

    Edit:
    Post even die log na een reboot en zet hjt ff in een eigen map.

    edit2: Op MSN van hem vernomen dat hij de nieuwe in z'n bovenste post heeft gezet (post dus geedit), ik fix alleen niet via msn icm notepad oid omdat ik het hier op de een of andere manier fijner vind (waarom weet ik ook niet maar goed)
  • Open taakbeheer en kill deze processen even:
    [list:5fdc7c024d][b:5fdc7c024d]mmod.exe
    wo.exe[/b:5fdc7c024d][/list:u:5fdc7c024d]

    Sluit ff alle vensters en dan mag je deze repareren,
    [list:5fdc7c024d][b:5fdc7c024d]O4 - HKCU\..\Run: [eZmmod] F:\PROGRA~1\ezula\mmod.exe
    O4 - HKCU\..\Run: [eZWO] F:\PROGRA~1\Web Offer\wo.exe[/b:5fdc7c024d][/list:u:5fdc7c024d]

    Daarna even in de veilige modus gaan en alle bestanden laten weergeven op deze manier: http://users.pandora.be/marcvn/spyware/1117602.htm

    Herstarten en nieuw logje plaatsen.
  • Logfile of HijackThis v1.98.2
    Scan saved at 0:28:47, on 15-10-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\avgserv.exe
    F:\WINDOWS\System32\nvsvc32.exe
    G:\Shit\Serv-U\ServUDaemon.exe
    F:\WINDOWS\System32\svchost.exe
    C:\Programma's\MSG\MsgPlus.exe
    F:\WINDOWS\anvshell.exe
    F:\WINDOWS\system32\wscntfy.exe
    F:\Program Files\MSN Messenger\msnmsgr.exe
    F:\Program Files\MSN Messenger\msnmsgr.exe
    F:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\AVG\AVGCC32.EXE
    F:\DOCUME~1\Jayday\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe
    F:\DOCUME~1\Jayday\LOCALS~1\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe
    F:\WINDOWS\system32\NOTEPAD.EXE
    F:\WINDOWS\explorer.exe
    F:\Program Files\Internet Explorer\iexplore.exe
    F:\DOCUME~1\Jayday\LOCALS~1\Temp\Tijdelijke map 3 voor hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.computertotaal.nl/phpBB
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=runonce&pver=6.0&plcid=0x0413
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\AVG\avgcc32.exe /startup
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programma's\MSG\MsgPlus.exe"
    O4 - HKLM\..\Run: [Anvshell] anvshell.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LiveNote] livenote.exe
    O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
    O4 - HKLM\..\RunOnce: [AAW] "F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
    O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - G:\Shit\IFview\Ebay\Ebay.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096716190215

    Alsje

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.