Vraag & Antwoord

Beveiliging & privacy

Hijack logfile

Anoniem
AnthraX
3 antwoorden
  • Dit is mijn logfile van de hijack die ik gedaan heb..
    ik word helemaal gek van de spyware meldingen die ik krijg.. en de progammas die automatsich geinstaleerd worden alszijnde "anti-spyware" progammas.. maar wi lje die uiteindelijk gebruiken moet je gaan betalen..
    kan iemand mij ajb helpen
    ik kan absoluut niet op msn.. dan krijg ik een error dat er een fout in msn messenger zit


    Logfile of HijackThis v1.99.1
    Scan saved at 0:18:12, on 20-2-2002
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\System32\Ati2evxx.exe
    C:\windows\system32\svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\windows\system32\rundll32.exe
    C:\windows\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe
    C:\WINDOWS\inet20004\winlogon.exe
    C:\windows\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\DU Meter\DUMeter.exe
    C:\windows\System32\paytime.exe
    C:\WINDOWS\System\svwhost.exe
    C:\windows\System32\kernels64.exe
    C:\windows\smss.exe
    C:\windows\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\winstall.exe
    C:\windows\System32\r42.exe
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\QmFydA\command.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\windows\System32\vxh8jkdq2.exe
    C:\windows\inet20004\mm4.exe
    C:\windows\System32\dllcache\IExplore.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe
    C:\windows\System32\r4.exe
    C:\windows\t.exe
    C:\windows\System32\r42.exe
    C:\windows\System32\x_ice.exe
    C:\windows\System32\dllcache\IExplore.exe
    C:\windows\System32\dllcache\IExplore.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Grisoft\AVG Free\avgcc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\ExCir0\Bureaublad\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
    F3 - REG:win.ini: run=C:\WINDOWS\inet20004\winlogon.exe
    O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\windows\inet20004\3.00.13.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
    O4 - HKLM\..\Run: [PayTime] C:\windows\System32\paytime.exe
    O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd4.exe
    O4 - HKLM\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe /s
    O4 - HKLM\..\Run: [System] C:\windows\System32\kernels64.exe
    O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\windows\smss.exe
    O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe
    O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20004\winlogon.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20004\winlogon.exe
    O4 - HKCU\..\Run: [WindowsUpdate] C:\windows\System\svchost.exe /s
    O4 - HKCU\..\Run: [WinMedia] C:\windows\System32\wwwloader.exe
    O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
    O4 - HKCU\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138741327733
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: msupdate - C:\windows\SYSTEM32\msupdate32.dll
    O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\i0060adsed060.dll
    O20 - Winlogon Notify: sndu32 - C:\windows\SYSTEM32\sndu32.dll
    O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:\WINDOWS\System32\dejaeijc.dll
    O21 - SSODL: prxsvc - {025C10C7-B726-4F8B-A7F2-B3DFF2B017F6} - prxsvc.dll (file missing)
    O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\windows\System32\dcom_13.dll
    O21 - SSODL: OoSGbOPSP - {606C2E8A-CAC6-8420-8FF7-413479CC1A17} - C:\windows\System32\shx.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QmFydA\command.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: Performance True Type Fonts (PerfFont) - Unknown owner - C:\windows\System32\perfont.exe
  • Ik heb nu maar weer mijn pc volledig geformateerd..

    alleen.. ik was hier iets te gretig mee.. en ben pper ongeluk vergeten dingen te backuppen
    de eerste keer had ik zeop D:/ schijf gezet.. en daarna daarvandaan weer verwijderd omdat ik d8 dathet nu wel goed was..
    maar nadat ik dus geformateerd had.. d8 ik sh*t vergeten die bestanden te backuppen..

    weet iemand een goeie manier om de bestanden weer van de D:/ schijf terug te hale?
    zijn paar werkstukken van school
  • Was wellicht niet nodig geweest. Je log was behoorlijk vervuild met rommel.
    Voor als je het nog wilt weten, dit had je moeten verwijderen: ;)
    [quote:ae6cdf4a07]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
    F3 - REG:win.ini: run=C:\WINDOWS\inet20004\winlogon.exe
    O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\windows\inet20004\3.00.13.dll
    O4 - HKLM\..\Run: [PayTime] C:\windows\System32\paytime.exe
    O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd4.exe
    O4 - HKLM\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe /s
    O4 - HKLM\..\Run: [System] C:\windows\System32\kernels64.exe
    O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\windows\smss.exe
    O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe
    O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20004\winlogon.exe
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20004\winlogon.exe
    O4 - HKCU\..\Run: [WindowsUpdate] C:\windows\System\svchost.exe /s
    O4 - HKCU\..\Run: [WinMedia] C:\windows\System32\wwwloader.exe
    O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
    O4 - HKCU\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe
    O20 - Winlogon Notify: msupdate - C:\windows\SYSTEM32\msupdate32.dll
    O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\i0060adsed060.dll
    O20 - Winlogon Notify: sndu32 - C:\windows\SYSTEM32\sndu32.dll
    O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:\WINDOWS\System32\dejaeijc.dll
    O21 - SSODL: prxsvc - {025C10C7-B726-4F8B-A7F2-B3DFF2B017F6} - prxsvc.dll (file missing)
    O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\windows\System32\dcom_13.dll
    O21 - SSODL: OoSGbOPSP - {606C2E8A-CAC6-8420-8FF7-413479CC1A17} - C:\windows\System32\shx.dll
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QmFydA\command.exe
    [/quote:ae6cdf4a07]
    Wat betreft de bestanden op de d-schijf… Deze zijn misschien nog terug te halen met een undelete-programmaatje. Weet niet direct eentje, maar hierover zijn al eerder topics geweest op dit forum. Dus wellicht levert zoeken wat op.

    Overigens: was je vergeten de sponsor uit te schakelen bij het installeren van Messenger Plus?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.