hijack this

Spyware, Adaware, Spybot S&D, Ad-Aware, Spyblaster, HijackThis en meer.

Moderator: MandersOnline

Plaats reactie
faithles
Beginner
Beginner
Berichten: 47
Lid geworden op: zo 04 sep 2005, 11:42

hijack this

Bericht door faithles » wo 09 mei 2007, 20:46

als je even zou willen kijke aub.
bedankt
greets.





Logfile of HijackThis v1.99.1
Scan saved at 20:45:18, on 9/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
G:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Steam\Steam.exe
G:\program files\ncsoft\launcher\NCLauncher.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
G:\Program Files\Xfire\xfire.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\linus\LOCALS~1\Temp\4641dacbc64.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641daccbd0.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641dad3f04.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641dad7fbc.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641dadd9c.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641e1ea26c.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641e1eb71c.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641e1f1314.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641e1f6e04.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641e1fca2c.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641e90811fc.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641e90a1238.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641e90f1260.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641e915d4c.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641e91a12c0.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641f029b24.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641f0291060.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641f02e10a0.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641f03510c8.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641f03a10ec.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641f746170c.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641f748143c.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641f74d17b8.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641f75314c4.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641f75917cc.tmp
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\linus\LOCALS~1\Temp\4641fe661298.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641fe67c4.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641fe6c11e8.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641fe72b8.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4641fe771378.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4642058410ec.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\46420585113c.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4642058b1160.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\46420590ac8.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\4642059626c.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\46420ca2c4.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\46420ca399c.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\46420ca9102c.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\46420caf12dc.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\46420cb4e6c.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\464213d712fc.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\464213d91624.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\464213dc278.tmp
C:\DOCUME~1\linus\LOCALS~1\Temp\464213f41674.tmp
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\linus\LOCALS~1\Temp\Rar$EX00.000\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ASM] "g:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [PlayNC Launcher] G:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SRS Audio Sandbox] "G:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - Startup: IMVU.lnk = G:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: Xfire.lnk = G:\Program Files\Xfire\xfire.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\linus\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-U ... E_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedow ... in9USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: winwim32 - C:\WINDOWS\SYSTEM32\winwim32.dll
O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll
O21 - SSODL: MSN Messenger - {280A7B65-8F00-438F-3E5A-1F039433FE60} - C:\WINDOWS\system32\dssdll32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Gebruikersavatar
MandersOnline
Manders Online
Manders Online
Berichten: 23654
Lid geworden op: zo 03 aug 2003, 1:12
Locatie: Amsterdam
Contacteer:

Bericht door MandersOnline » do 10 mei 2007, 17:24

Logfile of HijackThis v1.99.1
Scan saved at 20:45:18, on 9/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ASM] "g:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe



O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\linus\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
Bezoek ook gerust de hoofd site https://www.mandersonline.nl

mettes
Beginner
Beginner
Berichten: 31
Lid geworden op: ma 21 aug 2006, 21:48

Bericht door mettes » zo 13 mei 2007, 13:41

Hoi,

Er zitten nog wel meerdere dingen fout!

Doe nog even het volgende:

Ik zie dat hijackthis.exe nog in je temp-map staat. Dit is geen goede plaats aangezien hijackthis backups maakt en die backups kunnen verwijderd worden zolang die in je tempmap blijven staan.
Maak daarvoor een permanente map aan:
Ga naar Deze Computer > C > Program Files. Klik op Bestand > Nieuw > Map. Noem deze map HijackThis.
Plaats nu de HijackThis.exe in die map.

* Open Hijackthis, scan en vink de volgende dingen aan:
O20 - Winlogon Notify: winwim32 - C:\WINDOWS\SYSTEM32\winwim32.dll
O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll
O21 - SSODL: MSN Messenger - {280A7B65-8F00-438F-3E5A-1F039433FE60} - C:\WINDOWS\system32\dssdll32.dll


* Sluit alle vensters en klik "Fix Checked"

* Verwijder de volgende bestanden via verkenner:
C:\WINDOWS\SYSTEM32\winwim32.dll
C:\WINDOWS\system32\wudb.dll
C:\WINDOWS\system32\dssdll32.dll

* Download ATF cleaner (by Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

* Download en installeer AVG Anti-Spyware.
  • Na de installatie, open AVG Anti-Spyware:
    * onder "Status", klik op Change state naast "Resident shield". (wijzig van active naar inactive!)
    * onder "Update", klik op de Start update knop.
    * onder "Scanner", tab "Settings":
    • - onder "How to act?", klik op "Recommended actions" en selecteer Quarantine. (ZEER BELANGRIJK!)
      * onder "Reports", selecteer Automatically generate report after every scan en verwijder het vinkje bij Only if threats were found

    Sluit AVG Anti-Spyware. Laat het nog niet scannen.

Start op in veilige modus

Start AVG Anti-Spyware.
  • * Klik op Scan en kies Complete System Scan.
    Na de scan; volg onderstaande instructies :
    BELANGRIJK : Klik niet op de "Save Scan Report" knop vooraleer je de "Apply all Actions" knop hebt aangeklikt !
    * Draag er zorg voor dat Set all elements to: op Quarantine staat (1),
    zoniet klik op de link en kies Quarantine in de popup menu. (2)
    (Dit geldt niet voor cookies, deze worden onveranderlijk gedelete !)
    * Onderaan het venster klik op de Apply all Actions knop. (3)
    Afbeelding
    * Wanneer je de melding krijgt 'All actions have been applied', klik je onderaan op de knop Save Report.
    * Klik in het menu bovenaan op Reports. Kopieer het rapport van de scan en plaats dat hier in je volgende bericht.
* Herstart de PC

* Post een nieuw HJT log samen met het AVG Antispyware logje aub

Plaats reactie