wie wil deze Log checken svp?
Hoi,
ik heb eerst met AdAware personal edition alles schoon gemaakt, daarna metSpybot D&D.
Daarna met hijack.this het volgende log bestand gemaakt:
Logfile of HijackThis v1.98.2
Scan saved at 21:53:13, on 12-10-2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\WIN86.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://dka.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://dka.directwebsearch.net/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://dka.directwebsearch.net/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://dka.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://dka.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dka.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://dka.directwebsearch.net/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dka.directwebsearch.net/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.zonnet.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://dka.directwebsearch.net/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dka.directwebsearch.net/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://dka.directwebsearch.net/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dka.directwebsearch.net/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dka.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dka.directwebsearch.net/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dka.directwebsearch.net/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dka.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-414456544F4E} - C:\WINDOWS\SYSTEM\ADV.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Advanced Search - {9EAC0102-5E61-2312-BC2D-414456544F4E} - C:\WINDOWS\SYSTEM\ADV.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SyGateManager] C:\PROGRAM FILES\SYGATE\SON\Sygate.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Passphrase Keeper] C:\WINDOWS\DESKTOP\PASSPHRASE KEEPER.EXE
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe
O4 - HKLM\..\Run: [WinInit] Win86.exe
O4 - HKLM\..\Run: [WinLogin] win32x.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.zonnet.nl
O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificaten.vecozo.nl/VSApps/vspta3.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = workgroup
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1
Graag hoor ik van jullie, bij voorbaat bedankt!
mvg
Hoi,
ik heb eerst met AdAware personal edition alles schoon gemaakt, daarna metSpybot D&D.
Daarna met hijack.this het volgende log bestand gemaakt:
Logfile of HijackThis v1.98.2
Scan saved at 21:53:13, on 12-10-2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\WIN86.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://dka.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://dka.directwebsearch.net/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://dka.directwebsearch.net/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://dka.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://dka.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dka.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://dka.directwebsearch.net/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dka.directwebsearch.net/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.zonnet.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://dka.directwebsearch.net/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dka.directwebsearch.net/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://dka.directwebsearch.net/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dka.directwebsearch.net/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dka.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dka.directwebsearch.net/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dka.directwebsearch.net/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dka.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-414456544F4E} - C:\WINDOWS\SYSTEM\ADV.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Advanced Search - {9EAC0102-5E61-2312-BC2D-414456544F4E} - C:\WINDOWS\SYSTEM\ADV.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SyGateManager] C:\PROGRAM FILES\SYGATE\SON\Sygate.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Passphrase Keeper] C:\WINDOWS\DESKTOP\PASSPHRASE KEEPER.EXE
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe
O4 - HKLM\..\Run: [WinInit] Win86.exe
O4 - HKLM\..\Run: [WinLogin] win32x.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.zonnet.nl
O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificaten.vecozo.nl/VSApps/vspta3.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = workgroup
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1
Graag hoor ik van jullie, bij voorbaat bedankt!
mvg
Laatst bewerkt: