Vraag & Antwoord

Beveiliging & privacy

hijack.log en nu????

Anoniem
pcguy
5 antwoorden
  • hallo

    hier mijn hijack log hoe nu verder ??

    Running processes:

    C:\WINXP\System32\smss.exe
    C:\WINXP\system32\winlogon.exe
    C:\WINXP\system32\services.exe
    C:\WINXP\system32\lsass.exe
    C:\WINXP\system32\svchost.exe
    C:\WINXP\System32\svchost.exe
    C:\WINXP\Explorer.EXE
    C:\WINXP\system32\spoolsv.exe
    C:\WINXP\System32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\PROGRA~1\DAP\DAP.EXE
    C:\WINXP\System32\rmctrl.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINXP\System32\hphmon04.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\STOPzilla!\Stopzilla.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINXP\System32\nvsvc32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINXP\System32\svchost.exe
    C:\WINXP\system32\ZONELABS\vsmon.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
    C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\WINXP\System32\HPHipm11.exe
    C:\Program Files\Overnet\overnet.exe
    C:\WINXP\system32\ntvdm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    E:\downloaded\HijackThis.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Windows Commander\WINCMD32.EXE

    ————————————————–

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Johan & Bianca.PRIVE-JOBI\Menu Start\Programma's\Opstarten]
    lan-verbinding.lnk = ?
    Overnet.lnk = C:\Program Files\Overnet\overnet.exe

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users.WINXP\Menu Start\Programma's\Opstarten]
    ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

    ————————————————–

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINXP\system32\userinit.exe,

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    HPDJ Taskbar Utility = C:\WINXP\System32\spool\drivers\w32x86\3\hpztsb05.exe
    Share-to-Web Namespace Daemon = C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    NvCplDaemon = RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup
    AVGCtrl = "C:\Program Files\AVPersonal\AVGNT.EXE" /min
    DownloadAccelerator = C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    RemoteControl = C:\WINXP\System32\rmctrl.exe
    NeroCheck = C:\WINXP\system32\NeroCheck.exe
    zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe
    HPHmon04 = C:\WINXP\System32\hphmon04.exe
    HPHUPD04 = "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
    IncrediMail = C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    STOPzilla = C:\Program Files\STOPzilla!\Stopzilla.exe /autorun
    TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0\bin\jusched.exe

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    McAfee.InstantUpdate.Monitor = "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
    IncrediMail = C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    LDM = \Program\BackWeb-8876480.exe
    Shareaza = "C:\Program Files\Shareaza\Shareaza.exe" -tray
    eMuleAutoStart = C:\Program Files\eMule\emule.exe -AutoStart
    msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    ————————————————–

    Shell & screensaver key from C:\WINXP\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=*Registry value not found*
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    ————————————————–


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll - {0EEDB912-C5FA-486F-8334-57288578C627}
    (no name) - C:\PROGRA~1\ACID1~1\DASH AUDIO.dll (file missing) - {670C7474-0820-0FC8-D713-53A9986CBA61}
    (no name) - C:\DOCUME~1\JOHAN&~1.PRI\APPLIC~1\ACID1~1\Stopspam.exe - {73E9919C-4060-9A9F-E254-788697891984}
    (no name) - C:\DOCUME~1\JOHAN&~1.PRI\APPLIC~1\ACID1~1\Stopspam.exe - {9131F2A5-3B8A-BE2B-6066-CF5C58EA5351}
    CSBrBHO - (no file) - {96DA5BEE-4ACC-476C-B3EC-54C6730C4293}
    (no name) - C:\WINXP\system32\StopzillaBHO.dll - {E3215F20-3212-11D6-9F8B-00D0B743919D}

    ————————————————–

    Enumerating Task Scheduler jobs:

    AEDF4B0A941CFBF2.job
    AC9F76A79180E917.job
    A954DC4A92AB52EE.job
    AF172FE79180A1DF.job
    AE17547C91D8C920.job

    ————————————————–

    Enumerating Download Program Files:

    [{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [{086A694F-91FB-4068-B44C-124FB69BF05D}]

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINXP\system32\Macromed\Director\SwDir.dll
    CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

    [DialXSCtl Object]
    InProcServer32 = C:\WINXP\Downloaded Program Files\dialxs.ocx
    CODEBASE = http://dialxs.nl/install/dialxs.ocx

    [{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38110.246875

    [Downloader Class]
    InProcServer32 = C:\WINXP\DOWNLO~1\dwnldr.dll
    CODEBASE = http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab

    [IMDownloader Class]
    CODEBASE = http://www2.incredimail.com/contents/setup/downloader/imloader.cab

    [MSN Chat Control 4.5]
    InProcServer32 = C:\WINXP\Downloaded Program Files\MSNChat45.ocx
    CODEBASE = http://chat.msn.com/bin/msnchat45.cab

    [Info Class]
    InProcServer32 = C:\WINXP\System32\IDTool.dll
    CODEBASE = http://www0.spelpunt.nl/dev/toepen//lib/javachecker/idtool.cab

    ————————————————–

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINXP\system32\SHELL32.dll
    CDBurn: C:\WINXP\system32\SHELL32.dll
    WebCheck: C:\WINXP\System32\webcheck.dll
    SysTray: C:\WINXP\System32\stobject.dll

    groetjes Johan
  • owk.. ik check wel ffies.. :roll: :P
  • [quote:5826f846db="Johan_024"]
    DownloadAccelerator = C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    IncrediMail = C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    (no name) - C:\Program Files\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\PROGRA~1\ACID1~1\DASH AUDIO.dll (file missing) - {670C7474-0820-0FC8-D713-53A9986CBA61}
    (CSBrBHO - (no file) - {96DA5BEE-4ACC-476C-B3EC-54C6730C4293}
    [DialXSCtl Object]
    InProcServer32 = C:\WINXP\Downloaded Program Files\dialxs.ocx
    CODEBASE = http://dialxs.nl/install/dialxs.ocx
    [/quote:5826f846db]
    dit kan dus weg!!! 8)
    (maar een log ziet er meestal zoiets uit..:
    [code:1:5826f846db]ogfile of HijackThis v1.98.2
    Scan saved at 21:47:10, on 7/11/04
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
    C:\MOUSE\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\SXGDSENU.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    C:\MIJN DOCUMENTEN\MARK\GA\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F1 - win.ini: run=hpfsched
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~2\FRESHD~1\FDCATCH.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [CPQEASYACC] "C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe"
    O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    -4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    [/code:1:5826f846db])
    :roll: jij hebt een uitgerekte.. is een beetje onoverzichtelijk.. :-?
  • Tha Odie, dat is zo te zien een startuplistlog.

    @Ts, post even een gewone hijackthislog: http://members.lycos.nl/pinoroeltgewoon/nl.htm
  • jah.. zoiets leek het wel.. daarom had ik ook mijn log als voorbeeld neergezet.. :wink:

    download Hijackthis hier:
    http://computercops.biz/downloads-file-328.html

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.