Vraag & Antwoord

Beveiliging & privacy

Graag Hijack-log beoordelen

Anoniem
P. Sanders
2 antwoorden
  • Hallo,
    graag even deze log beoordelen;
    verder krijg ik op die PC Windows Messenger niet uitgeschakeld (XP Pro), ook al heb ik 'm in msconfig uitgeschakeld.

    Hier de log:

    Logfile of HijackThis v1.98.2
    Scan saved at 19:30:41, on 4-11-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\arsetup.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\ISTsvc\istsvc.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Internet Optimizer\optimize.exe
    C:\WINDOWS\System32\mxfmdcdo.exe
    C:\Program Files\BullsEye Network\bin\bargains.exe
    C:\WINDOWS\System32\wmplayer.exe
    C:\WINDOWS\System32\Longhorn.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Documents and Settings\Gebruiker\Application Data\tsce.exe
    C:\WINDOWS\System32\prltusr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HijackThis\HijackThis1982.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=152854
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=152854
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pipa.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hetnet.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=152854
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hetnet.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer van Het Net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\hrbvmyh.exe
    O4 - HKLM\..\Run: [Microsoft-Updates] svxhost.exe
    O4 - HKLM\..\Run: [Microsoft–Updates] sxvhost.exe
    O4 - HKLM\..\Run: [Reg Service] REGSRV32.EXE
    O4 - HKLM\..\Run: [REGRUN] C:\arsetup.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [Windows Registry Scan] regscan.exe
    O4 - HKLM\..\Run: [teaxnvrpnjpb] C:\WINDOWS\System32\mxfmdcdo.exe
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\Run: [Window Monitor] winmon32.exe
    O4 - HKLM\..\Run: [hwv] C:\WINDOWS\hwv.exe
    O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
    O4 - HKLM\..\Run: [Media Player] wmplayer.exe
    O4 - HKLM\..\Run: [Windows Messenger] msmsgs.exe
    O4 - HKLM\..\Run: [Longhorn Firewall] Longhorn.exe
    O4 - HKLM\..\RunServices: [Microsoft-Updates] svxhost.exe
    O4 - HKLM\..\RunServices: [Microsoft–Updates] sxvhost.exe
    O4 - HKLM\..\RunServices: [Reg Service] REGSRV32.EXE
    O4 - HKLM\..\RunServices: [Windows Registry Scan] regscan.exe
    O4 - HKLM\..\RunServices: [Window Monitor] winmon32.exe
    O4 - HKLM\..\RunServices: [Media Player] wmplayer.exe
    O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe
    O4 - HKLM\..\RunServices: [Longhorn Firewall] Longhorn.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Iust] C:\Documents and Settings\Gebruiker\Application Data\tsce.exe
    O4 - HKCU\..\Run: [Lkjqhot] C:\WINDOWS\System32\prltusr.exe
    O4 - HKCU\..\Run: [Window Monitor] winmon32.exe
    O4 - HKCU\..\Run: [Windows Messenger] msmsgs.exe
    O4 - HKCU\..\Run: [Longhorn Firewall] Longhorn.exe
    O4 - HKCU\..\RunServices: [Window Monitor] winmon32.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: officejet 6100.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl
    O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://ocx2.advnt01.com/dialer/olanda_ver3.CAB
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=f51f5f7d9953e88d120bbe76626d216b6aa0d0c86c1c7553d908fdb3cf77dea46c69543ae036297cb8c8295a0583f4e9e0d9f3cc06177c20529b7e302932b2ac:e499d6ceeb9210b67f4b7fd0ca72c814
    O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games4.cab
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O18 - Filter: text/html - {EED2B459-62A5-4636-87EA-2ED4DB4C5D5F} - C:\Documents and Settings\Gebruiker\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat

    Alvast bedankt,
    Peter.
  • Hallo Peter,

    Doe eerst een online-scan (liefst beiden):
    http://www.pandasoftware.com/activescan/com/activescan_principal.htm
    http://housecall.trendmicro.com/housecall/start_corp.asp

    Nadien scan je met een geupdate ad-Aware SE.
    Instructies vind je hier.

    Download nadien voor Ad-aware SE de VX2 plugin en installeer deze: http://download.lavasoft.de.edgesuite.net/public/plvx2cleaner.exe
    Start Ad-aware.
    Klik op de knop "Add-ons".
    Selecteer de VX2 Cleaner en klik op de knop "Uitvoeren".
    Als de computer niet geïnfecteerd is met deze malware, klik je op de knop "Close".
    Als de computer wel geïnfecteerd is doe je het volgende:
    Klik op de knop "Clean System".
    Start de computer opnieuw.
    Scan de computer met een geupdate Ad-Aware.
    Verwijder alle VX2 objecten die gevonden worden.
    Start de computer opnieuw.
    Gebruik opnieuw de VX2 Cleaner om te controleren of alle bestanden verwijderd zijn.

    Reboot de computer; run Hijackthis nog een keer en maak een nieuwe log. Post deze.

    Succes.
    Marc

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.