Vraag & Antwoord
nog een logje
4 antwoorden
- hier nog een hijackThis log van een vriendin van me…
Ze kreeg vanalles zoals Casino etc…
Logfile of HijackThis v1.98.0
Scan saved at 20:51:04, on 18-7-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
D:\SYSTEM WORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
E:\MSN 6.11\MSGPLUS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ANVSHELL.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\EACCELERATION\DOWNLOAD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NTS\WANADOO CABLE\APP\ENTERNET.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.EXE
C:\WINDOWS\SYSTEM\ID85255.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\WINDOWS\SYSTEM\MS7531.EXE
C:\WINDOWS\SYSTEM\MSCNT.EXE
C:\WINDOWS\RUNDLL32.EXE
D:\PROGRAM FILES\WANADOO\UPTODATEMATE\UPTODATEMATE.EXE
C:\PROGRAM FILES\COMMON FILES\EACCELERATION\SYSTIMER.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
D:\PROGRAM FILES\E-COLOR\TRUE INTERNET COLOR\TICICON.EXE
D:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKJOBS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\PRECISIONTIME\PRECISIONTIME.EXE
D:\SYSTEM WORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
D:\System Works\Norton CleanSweep\Monwow.exe
D:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKTOPASS.EXE
D:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKSLAPI.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
E:\MSN 6.11\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freehqmovies.com/enter.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\SYSTEM\ms7531.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freehqmovies.com/enter.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.freehqmovies.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freehqmovies.com/enter.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.freehqmovies.com/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.freehqmovies.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = C:\WINDOWS\SYSTEM\ms7531.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.freehqmovies.com/enter.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Cable Wanadoo V1.0b NL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 216.65.3.76 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBHOSTIE.DLL (file missing)
O2 - BHO: Testthunkadmin - {48A63C7A-A0F5-9838-2AD2-73B2C0A869AC} - C:\PROGRAM FILES\SKIPLONG\DELETEDALE.DLL
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_30.dll
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBHOSTIE.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Bits Global Funk - {374E9581-706C-822F-0576-E05BF0933798} - C:\PROGRAM FILES\SKIPLONG\DELETEDALE.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Eac_Download] C:\PROGRAM FILES\COMMON FILES\EACCELERATION\DOWNLOAD.EXE -k
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [KAZAA] D:\KAZAA\KAZAA.EXE /SYSTRAY
O4 - HKLM\..\Run: [$EnterNet] C:\PROGRAM FILES\NTS\WANADOO CABLE\APP\EnterNet.exe -AutoStart
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [WebScan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.EXE -k
O4 - HKLM\..\Run: [Id8525] "C:\WINDOWS\SYSTEM\ID85255.EXE"
O4 - HKLM\..\Run: [No Credit Card] c:\windows\plugin-19-nl.exe /m
O4 - HKLM\..\Run: [Netherlands_sex] c:\program files\dialers\netherlands_sex\netherlands_sex.exe /noconnect
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [startl.exe] "C:\PROGRAM FILES\LINGOCOM\startl.exe" ###
O4 - HKLM\..\Run: [MS7531] "C:\WINDOWS\SYSTEM\MS7531.EXE"
O4 - HKLM\..\Run: [NPROTECT] D:\System Works\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [Mscnt] c:\windows\system\mscnt.exe /noconnect
O4 - HKLM\..\Run: [Hotbar] C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBINST.EXE /Upgrade
O4 - HKLM\..\Run: [doespeak] C:\WINDOWS\APPLIC~1\slowfreedent\Hopeiso.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [CSINJECT.EXE] D:\System Works\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] D:\System Works\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [MessengerPlus3] "E:\MSN 6.11\MsgPlus.exe"
O4 - HKLM\..\RunOnce: [MPE0] "D:\System Works\Norton CleanSweep\csinsm32.exe" -s "D:\System Works\Norton CleanSweep\IM010280.CIL" rundll32.exe streamci,StreamingDeviceSetup {8E60217D-A2EE-47f8-B0C5-0F44C55F66DC},GLOBAL,{FD0A5AF4-B41D-11d2-9C95-00C04F7971E0},C:\WINDOWS\INF\mpe.inf,BDAcodec
O4 - HKCU\..\Run: [UpToDateMate] D:\Program Files\Wanadoo\UpToDateMate\UpToDateMate.exe
O4 - HKCU\..\Run: [Babylon Translator] D:\Program Files\Babylon\Babylon.exe
O4 - HKCU\..\Run: [5-1-25-560] c:\windows\5-1-25-560.exe -m
O4 - HKCU\..\Run: [5-1-26-38] c:\windows\5-1-26-38.exe -m
O4 - HKCU\..\Run: [MessengerPlus3] "E:\MSN 6.11\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: True Internet Color Icon.lnk = D:\Program Files\E-Color\True Internet Color\TICIcon.exe
O4 - Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: SonnReg.lnk = D:\Program Files\E-Color\Registration\SonnReg.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PageKeeper Taken.lnk = D:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Startup: 3Deep.lnk = D:\Program Files\E-Color\3Deep\3Deepctl.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Date Manager.lnk = C:\Program Files\ecdc_v403a_up.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = D:\System Works\Norton CleanSweep\csinsm32.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\PROGRAM FILES\LINGOCOM\Translator.lnk (file missing)
O9 - Extra 'Tools' menuitem: Translator - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\PROGRAM FILES\LINGOCOM\Translator.lnk (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Winipcfg - {EA3F4D00-D938-11D4-A0DC-9CD60F37186D} - C:\WINDOWS\WINIPCFG.EXE (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O20 - AppInit_DLLs: APITRAP.DLL
BVD… - Daar staat zo verschrikkelijk veel rotzooi op, dat we eerst opruiming gaan houden.
Download en update dan Ad-Aware en Spybot, herstart je computer in [b:dc545f9480]veilige modus[/b:dc545f9480] en scan je computer met deze twee programma's.
Klaar herstart je computer dan.
Download nu CWShredder. Run het programma en klik op de 'fix-button'.
Herstart je computer nu.
Draai nu een nieuw Hijacklog.
Kopieer en plak de inhoud van dat logbestand in je volgende bericht.
Dan gaan we de hijacker aanpakken met de lspfix, maar voer eerst bovenstaande uit. - Ja sorry het is niet mijn pc e die persoon kan ik waarschijnlijk morgen pas helpen maar tot zover bedankt…
- babette zeker?
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
