Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

ja alweer 'n hijack this log

Anoniem
None
7 antwoorden
  • ok dit is 'm, alvast bedankt! :D
    edit: kan ik die 'startnow.minisearch' weghalen? (google is startpag)

    Logfile of HijackThis v1.99.1
    Scan saved at 18:18:45, on 13-5-05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
    C:\WINDOWS\SYSTEM\ATI2EVAE.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\PROGRAM FILES\PROGRAMMA'S\USB FLASH DISK UTILITY\UFD UTILITY\UFDMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\PROGRAMMA'S\FIREWALL_ZONEALARM\ZLCLIENT.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    D:\FRANK\BITTORNADO\BTDOWNLOADGUI.EXE
    D:\FRANK\BITTORNADO\BTDOWNLOADGUI.EXE
    D:\FRANK\BITTORNADO\BTDOWNLOADGUI.EXE
    D:\FRANK\DOWNLOADS\HIJACKTHIS1991.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\PROGRAMMA'S\POPTHIS!\POPTHIS.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\PROGRAMMA'S\ACROBAT READER\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
    O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\Programma's\USB Flash Disk Utility\UFD Utility\UFDMon.exe
    O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\Programma's\USB Flash Disk Utility\UFD Utility\UsbTD.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\PROGRAMMA'S\ANTIVIR\AVGCTRL.EXE /min
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Programma's\Firewall_ZoneAlarm\zlclient.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe
    O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evae.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O8 - Extra context menu item: Download with Go!Zilla - file://C:\SPELLEN\GO!ZILLA\download-with-gozilla.html
    O8 - Extra context menu item: Download met Download &Express - E:\Frank\Download Express\Add_Url.htm
    O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\PROGRAMMA'S\POPTHIS!\POPTHIS.DLL
    O9 - Extra 'Tools' menuitem: PopThis! Options… - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\PROGRAMMA'S\POPTHIS!\POPTHIS.DLL
    O12 - Plugin for .pan: C:\PROGRA~1\Intern~1\PLUGINS\NpSmNp.dll
  • ik mis eigenlijk nog een stuk van je log

    o.a. de 023 nummers
  • Download en installeer CCleaner.
    Gebruik het programma nog niet.

    Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:c884ccac4e]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =[/b:c884ccac4e]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Start Ccleaner. Klik op de knop "Opschonen".

    Herstart de computer.

    Start HijackThis opnieuw, maak een nieuwe log en post deze.
  • [quote:6aaa4b6a01="sjouwer"]ik mis eigenlijk nog een stuk van je log

    o.a. de 023 nummers[/quote:6aaa4b6a01]Deze verschijnen nooit bij windows 9x systemen :wink:
  • ok, heb ik gedaan, crapcleaner had ik al :wink:
    nog andere dingen die weg kunnen?
    En weet iemand miss waarom het inet er telkens na 50min er +/-1 min uitklapt, heeft dat miss met een virus te maken?

    anyway, hier de nieuwe log:

    Logfile of HijackThis v1.99.1
    Scan saved at 19:39:42, on 13-5-05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
    C:\WINDOWS\SYSTEM\ATI2EVAE.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\PROGRAM FILES\PROGRAMMA'S\USB FLASH DISK UTILITY\UFD UTILITY\UFDMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\PROGRAMMA'S\FIREWALL_ZONEALARM\ZLCLIENT.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    D:\FRANK\BITTORNADO\BTDOWNLOADGUI.EXE
    D:\FRANK\BITTORNADO\BTDOWNLOADGUI.EXE
    D:\FRANK\BITTORNADO\BTDOWNLOADGUI.EXE
    D:\FRANK\DOWNLOADS\HIJACKTHIS1991.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\PROGRAMMA'S\POPTHIS!\POPTHIS.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\PROGRAMMA'S\ACROBAT READER\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
    O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\Programma's\USB Flash Disk Utility\UFD Utility\UFDMon.exe
    O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\Programma's\USB Flash Disk Utility\UFD Utility\UsbTD.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\PROGRAMMA'S\ANTIVIR\AVGCTRL.EXE /min
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Programma's\Firewall_ZoneAlarm\zlclient.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe
    O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evae.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O8 - Extra context menu item: Download with Go!Zilla - file://C:\SPELLEN\GO!ZILLA\download-with-gozilla.html
    O8 - Extra context menu item: Download met Download &Express - E:\Frank\Download Express\Add_Url.htm
    O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\PROGRAMMA'S\POPTHIS!\POPTHIS.DLL
    O9 - Extra 'Tools' menuitem: PopThis! Options… - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\PROGRAMMA'S\POPTHIS!\POPTHIS.DLL
    O12 - Plugin for .pan: C:\PROGRA~1\Intern~1\PLUGINS\NpSmNp.dll
  • deze kan nog weg:

    [b:5128f3a78a]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =[/b:5128f3a78a]
  • bedankt! :D :D

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.