Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

HiJackThis log

Anoniem
M@rc
3 antwoorden
  • Hallo,

    Mijn pc zit vol met spyware en dergelijke en toolbars, en die wil ik graag kwijt. Ik heb met HiJackThis ff de boel gescand en ik wilde jullie vragen wat ik allemaal moet verwijderen? Hier is de log.


    Logfile of HijackThis v1.98.2
    Scan saved at 16:29:53, on 22-12-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\carpserv.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Conexant\CnxDslTb.exe
    C:\Program Files\Common Files\CMEII\CMESys.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\rvngcg.exe
    C:\Program Files\BullsEye Network\bin\bargains.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\GMT\GMT.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    c:\progra~1\intern~1\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\RDSHOST.exe
    C:\WINDOWS\system32\sessmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Kamilcan\Bureaublad\HJT198\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hrnvjtkelfjxnoyqjqrhscjw.info/uZEjm2A91r6wTi57TLCkh5dfU7/9F1/ei6uGH5iOno7VkGTsl_KJ3DgtsX9P67by.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.standbyservice.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file)
    O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
    O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet
    ewdotnet6_38.dll
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
    O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\Program Files\MediaLoads Enhanced\ME2.DLL
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {B7DB5DC9-AF9B-8DC5-A96B-0FF9D50A21B6} - C:\DOCUME~1\Sevilya\APPLIC~1\METAEG~1\Drawball.exe
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [EM_EXEC] c:\PROGRA~1\logitech\MOUSEW~1\system\EM_EXEC.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Conexant\CnxDslTb.exe
    O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
    O4 - HKLM\..\Run: [service] C:\WINDOWS\services.exe -serv
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
    O4 - HKLM\..\Run: [sapnyvtvgj] C:\WINDOWS\System32\rvngcg.exe
    O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Microsoft Explorer(64)] EXPLORER64.EXE
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [Scr More Coal Glue] C:\Documents and Settings\All Users\Application Data\Setup bits scr more\HeckFile.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [ruledeaf] C:\DOCUME~1\Kamilcan\APPLIC~1\BLAHDA~1\Spamdumb.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS
    ppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.standbyservice.nl
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) - http://63.219.181.7/cax.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=d514d6bf32584b23b7ee0e307eb469630689c9f3b628f640c8c893ed9055e781738c5b882206cbbce7ba7c0041e065af4f01f40c1e977f7bf0eb1d:1f01d03aa392c57f1a62387584b2724b
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
    O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.easports.com/downloads/games/common/snoopy/iesnoopy.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O18 - Filter: text/html - {67AB636A-E782-49C6-9D87-A6904EA84CF6} - C:\Documents and Settings\Sevilya\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat



    Bij voorbaat dank,

    Kamil



  • [quote:a8f8a14ebc="kamil"]Hallo,





    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)



    C:\Program Files\Messenger Plus! 3\MsgPlus.exe





    Bij voorbaat dank,

    Kamil[/quote:a8f8a14ebc]

    Begin eerst is met messengerplus te verwijderen, als je het niet goed installeerd accepteer je ook de sponser software "spyware" dus goed lezen!

    Draai ook meteen windows update want je loopt achter.

    En zet ook meteen een nieuwe log met de nieuwe versie hijackthis.
    http://www.merijn.org/files/hijackthis.zip
  • >> Beveiliging & privacy

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.