Vraag & Antwoord

Beveiliging & privacy

HiJackThis log

Anoniem
None
3 antwoorden
  • Kan iemand hier svp naar kijken?
    Ik heb het idee dat mijn internetserver op de één of andere manier gebruikt wordt.. Ik begin met een stukje van de logfile waarin een heleboel sites staan die niet door mijn partner of mijzelf bezocht zijn.
    Daaronder staat de hjt-log.
    Heel erg bedankt.
    Marcel

    Weblog:

    15:28:04;219.134.110.78;24106;.Default;;;00-00-00-00-00-00;xml.nbcsearch.com;80;2006-07-19 15:28:03;2006-07-19 15:28:04;314;2019,/xml.php, http[HTTP]
    15:28:52;222.248.201.221;3299;.Default;;;00-00-00-00-00-00;www.hitbuddies.com;80;2006-07-19 15:28:50;2006-07-19 15:28:52;2839;2017.10054,/index1.php, http[HTTP]
    15:29:11;219.134.110.78;28896;.Default;;;00-00-00-00-00-00;www.blazerunner.com;80;2006-07-19 15:29:08;2006-07-19 15:29:11;10126;2019,/ppc/search.php, http[HTTP]
    15:29:38;222.248.201.221;4710;.Default;;;00-00-00-00-00-00;www.gigalaxia.com;80;2006-07-19 15:29:37;2006-07-19 15:29:38;367;2019,/search.php, http[HTTP]
    15:30:07;219.134.110.78;33293;.Default;;;00-00-00-00-00-00;www.aries-search.com;80;2006-07-19 15:29:50;2006-07-19 15:30:07;10598;2020 send data timeout,/index.php, http[HTTP]
    15:30:40;222.248.201.221;2413;.Default;;;00-00-00-00-00-00;www.servergridlock.com;80;2006-07-19 15:30:39;2006-07-19 15:30:40;1234;2017.10054,/index1.php, http[HTTP]
    15:31:06;219.134.110.78;39161;.Default;;;00-00-00-00-00-00;www.probesearch.net;80;2006-07-19 15:31:00;2006-07-19 15:31:06;11240;2019,/index.php, http[HTTP]
    15:31:37;221.237.29.159;42934;.Default;;;00-00-00-00-00-00;www.artlend.com;80;2006-07-19 15:31:29;2006-07-19 15:31:37;22163;2019,/portal.php, http[HTTP]
    15:31:45;219.134.110.78;42788;.Default;;;00-00-00-00-00-00;xml.nbcsearch.com;80;2006-07-19 15:31:44;2006-07-19 15:31:45;319;2019,/xml.php, http[HTTP]
    15:31:50;221.237.29.159;42995;.Default;;;00-00-00-00-00-00;www.artlend.com;80;2006-07-19 15:31:46;2006-07-19 15:31:50;3570;2019,/smart/search.php, http[HTTP]
    15:31:52;222.248.201.221;4032;.Default;;;00-00-00-00-00-00;www.andsearch.com;80;2006-07-19 15:31:47;2006-07-19 15:31:52;7126;2019,/cgi-bin/smartsearch.cgi, http[HTTP]
    15:31:59;222.248.201.221;4411;.Default;;;00-00-00-00-00-00;69.20.69.173;80;2006-07-19 15:31:58;2006-07-19 15:31:59;694;2019,/clk/, http[HTTP]
    15:32:02;222.248.201.221;4450;.Default;;;00-00-00-00-00-00;www.exactsearch.net;80;2006-07-19 15:31:59;2006-07-19 15:32:02;26054;2019,/searchon.php, http[HTTP]
    15:32:15;222.248.201.221;1078;.Default;;;00-00-00-00-00-00;207.97.227.17;80;2006-07-19 15:32:14;2006-07-19 15:32:15;711;2019,/clk/, http[HTTP]
    15:32:19;222.248.201.221;1113;.Default;;;00-00-00-00-00-00;www.brainfox.com;80;2006-07-19 15:32:15;2006-07-19 15:32:19;25628;2019,/sresults.php, http[HTTP]
    15:32:24;219.134.110.78;45917;.Default;;;00-00-00-00-00-00;www.vision-search.net;80;2006-07-19 15:32:20;2006-07-19 15:32:24;16573;2019,/index.php, http[HTTP]
    15:32:29;222.248.201.221;1400;.Default;;;00-00-00-00-00-00;69.20.69.167;80;2006-07-19 15:32:28;2006-07-19 15:32:29;1034;2019,/clk/, http[HTTP]
    15:32:30;222.248.201.221;1189;.Default;;;00-00-00-00-00-00;xml.allfeeds.com;80;2006-07-19 15:32:19;2006-07-19 15:32:30;195;2019,/, http[HTTP]
    15:32:30;222.248.201.221;1420;.Default;;;00-00-00-00-00-00;us01.xmlsearch.findwhat.com;80;2006-07-19 15:32:29;2006-07-19 15:32:30;537;2019,/bin/findwhat.dll, http[HTTP]
    15:32:35;222.248.201.221;1450;.Default;;;00-00-00-00-00-00;www.casinofreemoney.com;80;2006-07-19 15:32:31;2006-07-19 15:32:35;52374;2019,/, http[HTTP]
    15:33:01;222.248.201.221;2152;.Default;;;00-00-00-00-00-00;www.vision-search.net;80;2006-07-19 15:32:59;2006-07-19 15:33:01;16804;2019,/index.php, http[HTTP]
    15:33:21;219.134.110.78;49383;.Default;;;00-00-00-00-00-00;www.infoseekweb.com;80;2006-07-19 15:33:03;2006-07-19 15:33:21;15948;2020 send data timeout,/index.php, http[HTTP]
    15:33:35;219.134.110.78;51841;.Default;;;00-00-00-00-00-00;www.yoomy.com;80;2006-07-19 15:33:33;2006-07-19 15:33:35;4899;2019,/Search1.php, http[HTTP]
    15:33:36;221.237.29.159;43372;.Default;;;00-00-00-00-00-00;www.artlend.com;80;2006-07-19 15:33:26;2006-07-19 15:33:36;22163;2019,/portal.php, http[HTTP]
    15:33:50;219.134.110.78;53251;.Default;;;00-00-00-00-00-00;www.infoseekweb.com;80;2006-07-19 15:33:49;2006-07-19 15:33:50;676;2019,/o.php, http[HTTP]
    15:33:53;219.134.110.78;53553;.Default;;;00-00-00-00-00-00;arx.us.miva.com;80;2006-07-19 15:33:52;2006-07-19 15:33:53;398;2019,/rd/Clk.jsp, http[HTTP]
    15:34:01;219.134.110.78;54077;.Default;;;00-00-00-00-00-00;us01.xmlsearch.findwhat.com;80;2006-07-19 15:34:00;2006-07-19 15:34:01;573;2019,/bin/findwhat.dll, http[HTTP]


    Logfile of HijackThis v1.99.1
    Scan saved at 5:33:38 PM, on 20/07/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINNT\system32\crypserv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ezProxy\ezEngine.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system\hplampc.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Dynalink\Adsl\dslstat.exe
    C:\Program Files\Dynalink\Adsl\dslagent.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\DGDR Hermes\DGDR Hermes.exe
    C:\Program Files\MightyFax\MFNTCTL.EXE
    C:\Program Files\Internode\mum.exe
    C:\hj\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bluegum5/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://telstra.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Dynalink\Adsl\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Dynalink\Adsl\dslagent.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
    O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~2\mum.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Hermes Messenger.lnk = C:\Program Files\DGDR Hermes\DGDR Hermes.exe
    O4 - Global Startup: Internode.lnk = ?
    O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax\MFNTCTL.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O14 - IERESET.INF: START_PAGE_URL=http://telstra.com
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/208c58cc741044183406/netzip/RdxIE601.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A0068F69-65EB-4034-9455-1AAA85E80C4A}: NameServer = 192.231.203.132 192.231.203.3
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ezProxy - Unknown owner - C:\Program Files\ezProxy\ezEngine.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ShareMail - Unknown owner - C:\Program Files\LavaSoft\ShareMail\ShareMail.exe (file missing)
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[code:1:c9a218076a][/code:1:c9a218076a]
    Anoniem
    Anoniem
  • Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:c9478290bc]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/208c58cc741044183406/netzip/RdxIE601.cab[/b:c9478290bc]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Voor de rest ziet het logje er goed uit.
    Anoniem
    Anoniem
  • dankjewel!
    Anoniem
    Anoniem

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Gerelateerde vragen

We hebben je een e-mail gestuurd!

Oops… er ging wat mis.

Hoera, je account is nu geactiveerd!

Dit token is niet meer valide.

Wachtwoord vergeten?

Je aanvraag is verstuurd

Wachtwoord herstellen

Wachtwoord herstellen

Dit token is niet meer valide.

Je vraag is geplaatst!

Je antwoord is geplaatst!

Bevestigingsmail verstuurd!