Vraag & Antwoord

Beveiliging & privacy

Wie helpt mij omde log file even door te nemen

Anoniem
None
6 antwoorden
 • Scan saved at 19:56:52, on 8-11-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\csrss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Norton AntiVirus
  avapsvc.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\Program Files\Norton AntiVirus\SAVScan.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\WINDOWS\SOUNDMAN.EXE
  C:\WINDOWS\System32\txonex.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Program Files\Windows SyncroAd\SyncroAd.exe
  C:\Program Files\D-Tools\daemon.exe
  C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
  C:\WINDOWS\System32\ctfmon.exe
  C:\Program Files\Skype\Phone\Skype.exe
  C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  C:\Program Files\Washer\washer.exe
  C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe
  C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
  C:\Program Files\WinZip\WZQKPICK.EXE
  C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\WINDOWS\System32\wuauclt.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
  C:\Program Files\TS Webclient\torrentsearch.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\totalcmd\TOTALCMD.EXE
  E:\bin\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web–search.com
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web–search.com
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - Default URLSearchHook is missing
  O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
  O2 - BHO: Core Library - {A23AB93D-6CFF-442c-BB8A-41F6145F47E7} - C:\WINDOWS\System32\PDF641d.dll
  O2 - BHO: Popup Blocker Pro - {A44B961C-8C36-470f-8555-EDA0EFC1E710} - C:\Program Files\SafeGuard Pop-up Blocker Pro FREE Edition\popupblocker.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [tshsjyqakx] C:\WINDOWS\System32\txonex.exe
  O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\PDF641d.dll
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
  O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Administrator"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
  O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
  O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
  O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
  O4 - Global Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe
  O4 - Global Startup: Pinnacle Scheduler.lnk = ?
  O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
  O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093901121187
  O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games6.cab
  O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
  O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.premiumzone.de/InstallationsAssistent.ocx
 • doe ik wel ff
 • Druk op ctrl+alt+del en ga naar het tabje processen, rechtsklik op onderstaande en kies voor proces beeindigen.
  [list:d0eac3c2f2][b:d0eac3c2f2]txonex.exe[/b:d0eac3c2f2][/list:u:d0eac3c2f2]

  Ga naar start -> configuratiescherm -> software en deinstaleer:
  [list:d0eac3c2f2][b:d0eac3c2f2]SafeGuard Pop-up Blocker[/b:d0eac3c2f2] –> lijkt mooi, is rommel
  [b:d0eac3c2f2]Windows SyncroAd
  Spyware Begone[/b:d0eac3c2f2] –> lijkt ook mooi, is ook troep[/list:u:d0eac3c2f2]

  Scan nog een keer met hijackthis en vink deze items aan:
  [list:d0eac3c2f2][b:d0eac3c2f2]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web–search.com
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web–search.com
  O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
  O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
  O2 - BHO: Core Library - {A23AB93D-6CFF-442c-BB8A-41F6145F47E7} - C:\WINDOWS\System32\PDF641d.dll
  O2 - BHO: Popup Blocker Pro - {A44B961C-8C36-470f-8555-EDA0EFC1E710} - C:\Program Files\SafeGuard Pop-up Blocker Pro FREE Edition\popupblocker.dll
  O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
  O4 - HKLM\..\Run: [tshsjyqakx] C:\WINDOWS\System32\txonex.exe
  O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\PDF641d.dll
  O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
  O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan[/b:d0eac3c2f2][/list:u:d0eac3c2f2]

  Sluit alle vensters en klik op fix checked.

  Herstart naar veilige modus: http://users.pandora.be/marcvn/spyware/1378056.htm

  Laat alle verborgen bestanden weergeven: http://users.pandora.be/marcvn/spyware/1117602.htm

  Verwijder indien nog aanwezig:
  [list:d0eac3c2f2]C:\WINDOWS\[b:d0eac3c2f2]multimpp.dll <— dit bestand[/b:d0eac3c2f2]
  C:\WINDOWS\[b:d0eac3c2f2]2_0_1browserhelper2.dll <— dit bestand[/b:d0eac3c2f2]
  C:\WINDOWS\[b:d0eac3c2f2]System32\PDF641d.dll <— dit bestand[/b:d0eac3c2f2]
  C:\Program Files\[b:d0eac3c2f2]SafeGuard Pop-up Blocker Pro FREE Edition <— map[/b:d0eac3c2f2]
  C:\WINDOWS\System32\[b:d0eac3c2f2]txonex.exe <— dit bestand[/b:d0eac3c2f2]
  C:\WINDOWS\System32\[b:d0eac3c2f2]PDF641d.dll <— dit bestand[/b:d0eac3c2f2]
  C:\Program Files\[b:d0eac3c2f2]Windows SyncroAd <— deze map[/b:d0eac3c2f2]
  C:\[b:d0eac3c2f2]freescan <— deze map[/b:d0eac3c2f2][/list:u:d0eac3c2f2]

  Herstart in gewone modus en plaats een nieuwe log.
 • Volgende mag ook nog weg dat is een dailer van Netvenda:

  O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games6.cab
 • Logfile of HijackThis v1.98.2
  Scan saved at 21:08:56, on 8-11-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\csrss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Norton AntiVirus
  avapsvc.exe
  C:\Program Files\Norton AntiVirus\SAVScan.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\WINDOWS\SOUNDMAN.EXE
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Program Files\D-Tools\daemon.exe
  C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
  C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
  C:\WINDOWS\System32\ctfmon.exe
  C:\Program Files\Skype\Phone\Skype.exe
  C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  C:\Program Files\Washer\washer.exe
  C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe
  C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
  C:\Program Files\WinZip\WZQKPICK.EXE
  C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\totalcmd\TOTALCMD.EXE
  C:\WINDOWS\System32\wuauclt.exe
  C:\totalcmd\TOTALCMD.EXE
  E:\bin\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
  O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
  O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
  O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Administrator"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
  O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
  O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
  O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
  O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
  O4 - Global Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe
  O4 - Global Startup: Pinnacle Scheduler.lnk = ?
  O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
  O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
  O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
  O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk142XXUS
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093901121187
  O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
  O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.premiumzone.de/InstallationsAssistent.ocx
 • Update eerst je windows want je hebt inmiddels al een nieuwe opgelopen.

  Scan nog een keer met hijackthis en fix deze items:
  [list:eace983933][b:eace983933]O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
  O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
  O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
  O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
  O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
  O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab[/b:eace983933][/list:u:eace983933]

  Herstart nog een keer naar veilige modus en laat weer alle verborgen bestanden en mappen weergeven.

  Verwijder:
  [list:eace983933]:\Program Files\[b:eace983933]MyWebSearch <— deze map[/b:eace983933][/list:u:eace983933]

  Herstart en plaats een nieuwe log.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord