Vraag & Antwoord

Beveiliging & privacy

Log file Hijack This

Anoniem
None
3 antwoorden
  • Zou iemand hier misschien even naar kunnen kijken??

    Logfile of HijackThis v1.98.2
    Scan saved at 14:57:12, on 1-12-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\spoolsv.exe
    C:\Windows\System32\Ati2evxx.exe
    C:\eSafe\Protect-NT\SERVNT.EXE
    C:\Program Files\Reflection\rtsserv.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\ltmsg.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Compaq\EAB\EabServr.exe
    C:\eSafe\Protect-NT\ESPWatch.exe
    C:\Program Files\Windows AdControl\WinAdCtl.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\windows\antyvirk.exe
    C:\Program Files\Windows AdControl\WinAdAlt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Windows\System32\kaupv.exe
    C:\Program Files\USR WLAN\USR 22Mbps WLAN Adapter\USRWLAN.EXE
    C:\DOCUME~1\Jkro\LOCALS~1\Temp\joik.dat
    C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
    C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
    C:\Program Files\Common Files\System\MAPI\1043\nt\MAPISP32.EXE
    C:\Documents and Settings\Jkro\Bureaublad\Hijack This\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/2Q00CPT/0413/bF7.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\compaq\cpqsetup\cpqset.exe
    O4 - HKLM\..\Run: [eSafe Protect] C:\eSafe\Protect-NT\ESPWatch.exe /delay=5
    O4 - HKLM\..\Run: [ebqxsnkl] C:\WINDOWS\ebqxsnkl.exe
    O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AntyVirK] c:\windows\antyvirk.exe ukrt
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [Otlm] C:\Documents and Settings\Jkro\Application Data\ahbr.exe
    O4 - HKCU\..\Run: [Lopcubg] C:\Windows\System32\jpcrmts.exe
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\Run: [JavaUpdate0.07] C:\Windows\System32\kaupv.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: U.S.Robotics WLAN Adapter Configuration Utility.lnk = ?
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Corel Network monitor worker - {617D7B65-7570-44FE-9176-AB8901013B6A} - (no file)
    O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {617D7B65-7570-44FE-9176-AB8901013B6A} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Corel Network monitor worker - {617D7B65-7570-44FE-9176-AB8901013B6A} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {617D7B65-7570-44FE-9176-AB8901013B6A} - (no file) (HKCU)
    O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/cab/en/SysWebTelecomInt.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{614CA4A3-4E00-4184-AFB1-83D92964231B}: NameServer = 192.168.1.2
    O17 - HKLM\System\CS1\Services\Tcpip\..\{614CA4A3-4E00-4184-AFB1-83D92964231B}: NameServer = 192.168.1.2

    Dit is een logfile van een collega van mij. Ik heb alle 015 Trust sites al verwijderd.
  • Verplaatst van "Anders (software)" naar "Beveiliging & privacy".
  • * Download en installeer CCleaner
    Nog niet gebruiken

    * Start hijackthis en vink volgende items aan:

    [b:959b44778d]O4 - HKLM\..\Run: [ebqxsnkl] C:\WINDOWS\ebqxsnkl.exe
    O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
    O4 - HKLM\..\Run: [AntyVirK] c:\windows\antyvirk.exe ukrt
    O4 - HKCU\..\Run: [Otlm] C:\Documents and Settings\Jkro\Application Data\ahbr.exe
    O4 - HKCU\..\Run: [Lopcubg] C:\Windows\System32\jpcrmts.exe
    O4 - HKCU\..\Run: [JavaUpdate0.07] C:\Windows\System32\kaupv.exe

    O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/cab/en/SysWebTelecomInt.cab[/b:959b44778d]

    * Sluit nu [b:959b44778d]alle[/b:959b44778d] vensters behalve hijackthis en klik op 'fix checked'

    * Start nu je pc op in [b:959b44778d]VEILIGE MODE.[/b:959b44778d] Hoe start ik in veilige mode op.

    * Zorg ervoor dat je verborgen mappen en bestanden weergegeven zijn. Hoe deze weer te geven.

    * Ga via configuratiescherm naar software > programma's wijzigen/verwijderen en kijk of volgende programma's aanwezig zijn en de-installeer die:

    [b:959b44778d]Windows AdControl[/b:959b44778d]

    * Zoek daarna via verkenner volgende items en verwijder deze manueel (de vetgedrukte items):

    C:\Windows\System32\[b:959b44778d]kaupv.exe[/b:959b44778d]
    C:\Windows\System32\[b:959b44778d]jpcrmts.exe[/b:959b44778d]
    C:\Documents and Settings\Jkro\Application Data\[b:959b44778d]ahbr.exe[/b:959b44778d]
    c:\windows\[b:959b44778d]antyvirk.exe[/b:959b44778d]
    C:\WINDOWS\[b:959b44778d]ebqxsnkl.exe[/b:959b44778d]
    C:\Program Files\[b:959b44778d]Windows AdControl[/b:959b44778d] <==deze map

    * Start CCleaner en klik op Run Cleaner rechts onderaan.

    * Reboot je pc terug normaal, start hijackthis, 'scan', 'save log' en post hier een nieuw logje.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.