Vraag & Antwoord

Beveiliging & privacy

nog een logje

4 antwoorden
  • hier nog een hijackThis log van een vriendin van me... Ze kreeg vanalles zoals Casino etc... Logfile of HijackThis v1.98.0 Scan saved at 20:51:04, on 18-7-04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE D:\SYSTEM WORKS\NORTON CLEANSWEEP\CSINJECT.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE E:\MSN 6.11\MSGPLUS.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\ANVSHELL.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\COMMON FILES\EACCELERATION\DOWNLOAD.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\NTS\WANADOO CABLE\APP\ENTERNET.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.EXE C:\WINDOWS\SYSTEM\ID85255.EXE C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE C:\WINDOWS\SYSTEM\MS7531.EXE C:\WINDOWS\SYSTEM\MSCNT.EXE C:\WINDOWS\RUNDLL32.EXE D:\PROGRAM FILES\WANADOO\UPTODATEMATE\UPTODATEMATE.EXE C:\PROGRAM FILES\COMMON FILES\EACCELERATION\SYSTIMER.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE D:\PROGRAM FILES\E-COLOR\TRUE INTERNET COLOR\TICICON.EXE D:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKJOBS.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\PRECISIONTIME\PRECISIONTIME.EXE D:\SYSTEM WORKS\NORTON CLEANSWEEP\CSINSM32.EXE C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE D:\System Works\Norton CleanSweep\Monwow.exe D:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKTOPASS.EXE D:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKSLAPI.EXE C:\WINDOWS\SYSTEM\INTERNAT.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE E:\MSN 6.11\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freehqmovies.com/enter.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\SYSTEM\ms7531.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freehqmovies.com/enter.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.freehqmovies.com/search/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freehqmovies.com/enter.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.freehqmovies.com/search/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.freehqmovies.com/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = C:\WINDOWS\SYSTEM\ms7531.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.freehqmovies.com/enter.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Cable Wanadoo V1.0b NL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O1 - Hosts: 216.65.3.76 auto.search.msn.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBHOSTIE.DLL (file missing) O2 - BHO: Testthunkadmin - {48A63C7A-A0F5-9838-2AD2-73B2C0A869AC} - C:\PROGRAM FILES\SKIPLONG\DELETEDALE.DLL O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_30.dll O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBHOSTIE.DLL (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Bits Global Funk - {374E9581-706C-822F-0576-E05BF0933798} - C:\PROGRAM FILES\SKIPLONG\DELETEDALE.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [Eac_Download] C:\PROGRAM FILES\COMMON FILES\EACCELERATION\DOWNLOAD.EXE -k O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [KAZAA] D:\KAZAA\KAZAA.EXE /SYSTRAY O4 - HKLM\..\Run: [$EnterNet] C:\PROGRAM FILES\NTS\WANADOO CABLE\APP\EnterNet.exe -AutoStart O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE O4 - HKLM\..\Run: [WebScan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.EXE -k O4 - HKLM\..\Run: [Id8525] "C:\WINDOWS\SYSTEM\ID85255.EXE" O4 - HKLM\..\Run: [No Credit Card] c:\windows\plugin-19-nl.exe /m O4 - HKLM\..\Run: [Netherlands_sex] c:\program files\dialers\netherlands_sex\netherlands_sex.exe /noconnect O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE" O4 - HKLM\..\Run: [startl.exe] "C:\PROGRAM FILES\LINGOCOM\startl.exe" ### O4 - HKLM\..\Run: [MS7531] "C:\WINDOWS\SYSTEM\MS7531.EXE" O4 - HKLM\..\Run: [NPROTECT] D:\System Works\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\Run: [Mscnt] c:\windows\system\mscnt.exe /noconnect O4 - HKLM\..\Run: [Hotbar] C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBINST.EXE /Upgrade O4 - HKLM\..\Run: [doespeak] C:\WINDOWS\APPLIC~1\slowfreedent\Hopeiso.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE O4 - HKLM\..\RunServices: [CSINJECT.EXE] D:\System Works\Norton CleanSweep\CSINJECT.EXE O4 - HKLM\..\RunServices: [NPROTECT] D:\System Works\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [MessengerPlus3] "E:\MSN 6.11\MsgPlus.exe" O4 - HKLM\..\RunOnce: [MPE0] "D:\System Works\Norton CleanSweep\csinsm32.exe" -s "D:\System Works\Norton CleanSweep\IM010280.CIL" rundll32.exe streamci,StreamingDeviceSetup {8E60217D-A2EE-47f8-B0C5-0F44C55F66DC},GLOBAL,{FD0A5AF4-B41D-11d2-9C95-00C04F7971E0},C:\WINDOWS\INF\mpe.inf,BDAcodec O4 - HKCU\..\Run: [UpToDateMate] D:\Program Files\Wanadoo\UpToDateMate\UpToDateMate.exe O4 - HKCU\..\Run: [Babylon Translator] D:\Program Files\Babylon\Babylon.exe O4 - HKCU\..\Run: [5-1-25-560] c:\windows\5-1-25-560.exe -m O4 - HKCU\..\Run: [5-1-26-38] c:\windows\5-1-26-38.exe -m O4 - HKCU\..\Run: [MessengerPlus3] "E:\MSN 6.11\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: True Internet Color Icon.lnk = D:\Program Files\E-Color\True Internet Color\TICIcon.exe O4 - Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: SonnReg.lnk = D:\Program Files\E-Color\Registration\SonnReg.exe O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: PageKeeper Taken.lnk = D:\Program Files\Caere\PageKeeper30\system\PKJobs.exe O4 - Startup: 3Deep.lnk = D:\Program Files\E-Color\3Deep\3Deepctl.exe O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE O4 - Startup: Date Manager.lnk = C:\Program Files\ecdc_v403a_up.exe O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = D:\System Works\Norton CleanSweep\csinsm32.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\PROGRAM FILES\LINGOCOM\Translator.lnk (file missing) O9 - Extra 'Tools' menuitem: Translator - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\PROGRAM FILES\LINGOCOM\Translator.lnk (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing) O9 - Extra button: Winipcfg - {EA3F4D00-D938-11D4-A0DC-9CD60F37186D} - C:\WINDOWS\WINIPCFG.EXE (HKCU) O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O20 - AppInit_DLLs: APITRAP.DLL BVD...
  • Daar staat zo verschrikkelijk veel rotzooi op, dat we eerst opruiming gaan houden. Download en update dan [url=http://www.lavasoftusa.com/support/download/] Ad-Aware [/url] en [url=http://www.safer-networking.org/index.php?page=download] Spybot, [/url] herstart je computer in [b:dc545f9480]veilige modus[/b:dc545f9480] en scan je computer met deze twee programma's. Klaar herstart je computer dan. Download nu [url=http://www.spywareinfo.com/~merijn/files/CWShredder.exe]CWShredder[/url]. Run het programma en klik op de 'fix-button'. Herstart je computer nu. Draai nu een nieuw Hijacklog. Kopieer en plak de inhoud van dat logbestand in je volgende bericht. Dan gaan we de hijacker aanpakken met de lspfix, maar voer eerst bovenstaande uit.
  • Ja sorry het is niet mijn pc e die persoon kan ik waarschijnlijk morgen pas helpen maar tot zover bedankt...
  • babette zeker? :P

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.