Vraag & Antwoord

Beveiliging & privacy

Wederom een HiJack logje. Rootzooi blijft terugkomen!!

Anoniem
miekiemoes
1 antwoord
  • Logfile of HijackThis v1.97.7
    Scan saved at 6:58:11 PM, on 10/20/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Win Comm\WinComm.exe
    C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
    C:\Program Files\Win Comm\WinLock.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    G:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    G:\Program Files\Photolightning\autodetect.exe
    G:\Program Files\Sony Handheld\HOTSYNC.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender8\vsserv.exe
    C:\Program Files\HiJack\HijackThis.exe

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe
    O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Acrobat Assistant.lnk = G:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Autodetect.lnk = G:\Program Files\Photolightning\autodetect.exe
    O4 - Global Startup: HotSync Manager.lnk = G:\Program Files\Sony Handheld\HOTSYNC.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    Ondanks Adaware, Registry mechanic e.d. blijft het terugkomen.
    Hier ook de adwatch log:

    Ad-Watch Logfile, exported on 10/20/2004
    Total number of events:9
    ===============================================
    10/20/2004 6:55:22 PM - Definitions file SE1R13 16.10.2004 loaded successfully.
    Build:SE1R13 16.10.2004
    Total Signatures :30610
    Target Families :589
    Target Categories :6
    CSI data Size :19788

    File Size :1150665

    ===============================================
    10/20/2004 6:55:22 PM - User preferences file loaded.
    Ad-Watch preference file loaded.
    Applying user settings
    C:\Documents and Settings\Danny\Application Data\Lavasoft\Ad-Aware\awsettings.awc
    Initialization complete.




    ===============================================
    10/20/2004 6:55:22 PM - Sites file loaded.
    Sites file loaded successfully.
    C:\PROGRA~1\Lavasoft\AD-AWA~1\sites.txt
    Total entries : 3229





    ===============================================
    10/20/2004 6:55:24 PM - Harmful process identified(PID:528)
    Object:lc.exe
    Path:C:\temp\
    Category:Malware
    Vendor:VX2
    Comment:

    This object was found active in memory

    ===============================================
    10/20/2004 6:55:24 PM - Harmful process identified(PID:1112)
    Object:lc.exe
    Path:C:\temp\
    Category:Malware
    Vendor:VX2
    Comment:

    This object was found active in memory

    ===============================================
    10/20/2004 6:55:24 PM - Harmful process identified(PID:1172)
    Object:lc.exe
    Path:C:\temp\
    Category:Malware
    Vendor:VX2
    Comment:

    This object was found active in memory

    ===============================================
    10/20/2004 6:55:28 PM - Harmful process identified(PID:1652)
    Object:INSTAL~1.EXE
    Path:C:\temp\
    Category:Malware
    Vendor:BlazeFind
    Comment:

    This object was found active in memory

    ===============================================
    10/20/2004 6:55:29 PM - Harmful process identified(PID:1308)
    Object:INSTAL~1.EXE
    Path:C:\temp\
    Category:Malware
    Vendor:BlazeFind
    Comment:

    This object was found active in memory

    ===============================================
    10/20/2004 6:55:31 PM - Registry modification detected
    Root:HKEY_LOCAL_MACHINE
    Key:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    Value:AppInit_DLLs
    Data:
    New Data:sockspy.dll



    ===============================================

    P.s. als iemand de laatste restjes mcafee kan verwijderen GRAAG!! :D

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.