Tweet
Logfile of HijackThis v1.98.2
Admin edit. Zie onderstaand bericht van [email protected]
groeten Aart
Admin edit. Zie onderstaand bericht van [email protected]
groeten Aart
-
Last edited by Eagle Creek; 20-09-04, 20:05. -
Hoi Aart,
Zou je je logje willen posten ZONDER de witruimtes ertussen?
Dank
-
Logfile of HijackThis v1.98.2
Scan saved at 9:32:33, on 20-9-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\NORMAN\NVC\BIN\ZANDA.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\NORMAN\NVC\BIN\CCLAW.EXE
C:\WINDOWS\EXPLORER.EXE
C:\NORMAN\NVC\BIN\NJEEVES.EXE
C:\NORMAN\NVC\BIN\NIP.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\NORMAN\NVC\BIN\ZLH.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\WININET32.EXE
C:\WINDOWS\RUNWIN32.EXE
C:\NORMAN\NVC\BIN\NYMSE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url="http://DF809JOW4WJ2304LFD0SF9FSD0A2....BIZ/search.htm"]http://DF809JOW4WJ2304LFD0SF9FSD0A2....BIZ/search.htm (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.nl/"]http://www.google.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.kennisnet.nl:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 69.50.170.20 [url="http://www.google.com"]www.google.com
O1 - Hosts: 69.50.170.21 search.yahoo.com
O1 - Hosts: 69.50.170.22 search.msn.com
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTWARE\QUICKF~1\PLUGINS\IEHELP.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\NVC\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [Norman ZANDA] C:\NORMAN\NVC\BIN\ZANDA.EXE /LOAD
O4 - HKCU\..\Run: [Plug and Play] C:\WINDOWS\wininet32.exe
O4 - HKCU\..\Run: [Remote Packet Capture Protocol v.2.0] C:\WINDOWS\runwin32.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: SEARCH - {0B5F1910-F111-11d2-BB9E-00C04F7956B1} - [url="http://DF809JOW4WJ2304LFD0SF9FSD0A2...%49%5A/find.htm"]http://DF809JOW4WJ2304LFD0SF9FSD0A2...%49%5A/find.htm (file missing)
O9 - Extra button: ENTERTAINMENT - {0B5F1910-F111-11d2-BB9E-00C04F7956B2} - [url="http://DF809JOW4WJ2304LFD0SF9FSD0A2...42%49%5A/av.htm"]http://DF809JOW4WJ2304LFD0SF9FSD0A2...42%49%5A/av.htm (file missing)
O9 - Extra button: PILLS - {0B5F1910-F111-11d2-BB9E-00C04F7956B3} - [url="http://DF809JOW4WJ2304LFD0SF9FSD0A2...2%49%5A/med.htm"]http://DF809JOW4WJ2304LFD0SF9FSD0A2...2%49%5A/med.htm (file missing)
O9 - Extra button: SECURITY - {0B5F1910-F111-11d2-BB9E-00C04F7956B4} - [url="http://DF809JOW4WJ2304LFD0SF9FSD0A2...49%5A/check.htm"]http://DF809JOW4WJ2304LFD0SF9FSD0A2...49%5A/check.htm (file missing)
O9 - Extra button: SEARCH - {0B5F1910-F111-11d2-BB9E-00C04F7956B5} - [url="http://DF809JOW4WJ2304LFD0SF9FSD0A2...4LD%2E%42%49%5A"]http://DF809JOW4WJ2304LFD0SF9FSD0A2...4LD%2E%42%49%5A (file missing)
O12 - Plugin for .pif: C:\PROGRAM FILES\SURFKIT\NETSCAPE-EN\COMMUNICATOR\PROGRAM\PLUGINS\NPAUDIO.DLL
O12 - Plugin for .swf: C:\PROGRAM FILES\SURFKIT\NETSCAPE-EN\COMMUNICATOR\PROGRAM\PLUGINS\NPSWF32.DLL
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://super-gals.com/scj/rotation/.../x.chm::/ad.exe
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\SYSTEM\TEXTWAREILLUMINATORBASEPROTOCOL.DLLmaarnatulijk kan dat
groeten aartComment
-
Hoi aart,
1. Vink onderstaande aan in HijackThis, sluit alle andere vensters en browsers, en klik op Fix Checked.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://DF809JOW4WJ2304LFD0SF9FSD0A2....BIZ/search.htm (obfuscated)
O1 - Hosts: 69.50.170.20 www.google.com
O1 - Hosts: 69.50.170.21 search.yahoo.com
O1 - Hosts: 69.50.170.22 search.msn.com
O4 - HKCU\..\Run: [Plug and Play] C:\WINDOWS\wininet32.exe
O9 - Extra button: SEARCH - {0B5F1910-F111-11d2-BB9E-00C04F7956B1} - http://DF809JOW4WJ2304LFD0SF9FSD0A2...%49%5A/find.htm (file missing)
O9 - Extra button: ENTERTAINMENT - {0B5F1910-F111-11d2-BB9E-00C04F7956B2} - http://DF809JOW4WJ2304LFD0SF9FSD0A2...42%49%5A/av.htm (file missing)
O9 - Extra button: PILLS - {0B5F1910-F111-11d2-BB9E-00C04F7956B3} - http://DF809JOW4WJ2304LFD0SF9FSD0A2...2%49%5A/med.htm (file missing)
O9 - Extra button: SECURITY - {0B5F1910-F111-11d2-BB9E-00C04F7956B4} - http://DF809JOW4WJ2304LFD0SF9FSD0A2...49%5A/check.htm (file missing)
O9 - Extra button: SEARCH - {0B5F1910-F111-11d2-BB9E-00C04F7956B5} - http://DF809JOW4WJ2304LFD0SF9FSD0A2...4LD%2E%42%49%5A (file missing)
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://super-gals.com/scj/rotation/.../x.chm::/ad.exe
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\SYSTEM\TEXTWAREILLUMINATORBASEPROTOCOL.DLL
2. Start opnieuw op in veilige modus, en verwijder:
C:\WINDOWS\wininet32.exe << bestand
3. Start opnieuw op in normale modus, maak een nieuw logje aan, en post dat hier.Comment
Comment