Vraag & Antwoord

Beveiliging & privacy

ja alweer 'n hijack this log

Anoniem
None
7 antwoorden
  • ok dit is 'm, alvast bedankt! :D
    edit: kan ik die 'startnow.minisearch' weghalen? (google is startpag)

    Logfile of HijackThis v1.99.1
    Scan saved at 18:18:45, on 13-5-05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
    C:\WINDOWS\SYSTEM\ATI2EVAE.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\PROGRAM FILES\PROGRAMMA'S\USB FLASH DISK UTILITY\UFD UTILITY\UFDMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\PROGRAMMA'S\FIREWALL_ZONEALARM\ZLCLIENT.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    D:\FRANK\BITTORNADO\BTDOWNLOADGUI.EXE
    D:\FRANK\BITTORNADO\BTDOWNLOADGUI.EXE
    D:\FRANK\BITTORNADO\BTDOWNLOADGUI.EXE
    D:\FRANK\DOWNLOADS\HIJACKTHIS1991.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\PROGRAMMA'S\POPTHIS!\POPTHIS.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\PROGRAMMA'S\ACROBAT READER\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
    O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\Programma's\USB Flash Disk Utility\UFD Utility\UFDMon.exe
    O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\Programma's\USB Flash Disk Utility\UFD Utility\UsbTD.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\PROGRAMMA'S\ANTIVIR\AVGCTRL.EXE /min
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Programma's\Firewall_ZoneAlarm\zlclient.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe
    O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evae.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O8 - Extra context menu item: Download with Go!Zilla - file://C:\SPELLEN\GO!ZILLA\download-with-gozilla.html
    O8 - Extra context menu item: Download met Download &Express - E:\Frank\Download Express\Add_Url.htm
    O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\PROGRAMMA'S\POPTHIS!\POPTHIS.DLL
    O9 - Extra 'Tools' menuitem: PopThis! Options… - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\PROGRAMMA'S\POPTHIS!\POPTHIS.DLL
    O12 - Plugin for .pan: C:\PROGRA~1\Intern~1\PLUGINS\NpSmNp.dll
  • ik mis eigenlijk nog een stuk van je log

    o.a. de 023 nummers
  • Download en installeer CCleaner.
    Gebruik het programma nog niet.

    Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:c884ccac4e]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =[/b:c884ccac4e]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Start Ccleaner. Klik op de knop "Opschonen".

    Herstart de computer.

    Start HijackThis opnieuw, maak een nieuwe log en post deze.
  • [quote:6aaa4b6a01="sjouwer"]ik mis eigenlijk nog een stuk van je log

    o.a. de 023 nummers[/quote:6aaa4b6a01]Deze verschijnen nooit bij windows 9x systemen :wink:
  • ok, heb ik gedaan, crapcleaner had ik al :wink:
    nog andere dingen die weg kunnen?
    En weet iemand miss waarom het inet er telkens na 50min er +/-1 min uitklapt, heeft dat miss met een virus te maken?

    anyway, hier de nieuwe log:

    Logfile of HijackThis v1.99.1
    Scan saved at 19:39:42, on 13-5-05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
    C:\WINDOWS\SYSTEM\ATI2EVAE.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\PROGRAM FILES\PROGRAMMA'S\USB FLASH DISK UTILITY\UFD UTILITY\UFDMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\PROGRAMMA'S\FIREWALL_ZONEALARM\ZLCLIENT.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    D:\FRANK\BITTORNADO\BTDOWNLOADGUI.EXE
    D:\FRANK\BITTORNADO\BTDOWNLOADGUI.EXE
    D:\FRANK\BITTORNADO\BTDOWNLOADGUI.EXE
    D:\FRANK\DOWNLOADS\HIJACKTHIS1991.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\PROGRAMMA'S\POPTHIS!\POPTHIS.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\PROGRAMMA'S\ACROBAT READER\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
    O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\Programma's\USB Flash Disk Utility\UFD Utility\UFDMon.exe
    O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\Programma's\USB Flash Disk Utility\UFD Utility\UsbTD.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\PROGRAMMA'S\ANTIVIR\AVGCTRL.EXE /min
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Programma's\Firewall_ZoneAlarm\zlclient.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe
    O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evae.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O8 - Extra context menu item: Download with Go!Zilla - file://C:\SPELLEN\GO!ZILLA\download-with-gozilla.html
    O8 - Extra context menu item: Download met Download &Express - E:\Frank\Download Express\Add_Url.htm
    O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\PROGRAMMA'S\POPTHIS!\POPTHIS.DLL
    O9 - Extra 'Tools' menuitem: PopThis! Options… - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\PROGRAMMA'S\POPTHIS!\POPTHIS.DLL
    O12 - Plugin for .pan: C:\PROGRA~1\Intern~1\PLUGINS\NpSmNp.dll
  • deze kan nog weg:

    [b:5128f3a78a]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =[/b:5128f3a78a]
  • bedankt! :D :D

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.