Mededeling

Collapse
No announcement yet.

hijack log wonnink

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    hijack log wonnink

    Hoi, dit is mijn hijack logje.. ik heb het probleem dat er af en toe een bericht op mijn computer verschijnt dat er spyware op zit, dit bericht komt ook nadat ik mijn computer al gescand heb met ad-aware en spybot. Zou jij misschien naar mijn hijack log kunnen kijken?

    groeten wonnink

    Logfile of HijackThis v1.98.2
    Scan saved at 19:25:16, on 1-11-2004
    Platform: Windows 2000 SP2 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\WINNT\System32\CTSvcCDA.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
    C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    C:\WINNT\loadqm.exe
    C:\WINNT\System32\atiptaxx.exe
    C:\WINNT\System32\rundll32.exe
    C:\WINNT\System32\internat.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Palm\HOTSYNC.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINNT\system32\ntvdm.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
    O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
    O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [TrustInstaller] E:\Setup.exe
    O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Global Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.msn.nl
    O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.nl
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://activex.microsoft.com/activex/controls/macromedia/Swdir.cab
    O16 - DPF: {5F1ABCDB-A875-46C1-8345-B72A4567E490} - http://www.dotcomtoolbar.com/nl/toolbar_nieuw13.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2DF2AA05-6661-4FA7-9F1F-0C7A8322F619}: NameServer = 195.121.1.34 195.121.1.66
    Labels: Geen
    • Citaat
  • #2
    Hoi Wonnink,

    1. Ga naar Start - Configuratiescherm - Software, en de-installeer:
    - New.Net (NewDotNet)

    2. Start opnieuw op, maak een nieuw logje aan, en post dat hier
    • Citaat

    Comment

    • #3
      Ik heb newnet eraf gegooid.. en krijg nu deze hijack log! Alvast bedankt voor het er na kijken!

      Groeten Mark

      Logfile of HijackThis v1.98.2
      Scan saved at 19:33:32, on 2-11-2004
      Platform: Windows 2000 SP2 (WinNT 5.00.2195)
      MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)

      Running processes:
      C:\WINNT\System32\smss.exe
      C:\WINNT\system32\winlogon.exe
      C:\WINNT\system32\services.exe
      C:\WINNT\system32\lsass.exe
      C:\WINNT\system32\svchost.exe
      C:\WINNT\system32\spoolsv.exe
      C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
      C:\WINNT\System32\CTSvcCDA.exe
      C:\WINNT\System32\svchost.exe
      C:\WINNT\system32\regsvc.exe
      C:\WINNT\system32\MSTask.exe
      C:\WINNT\System32\WBEM\WinMgmt.exe
      C:\WINNT\System32\mspmspsv.exe
      C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
      C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
      C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
      C:\WINNT\Explorer.EXE
      C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
      C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
      C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
      C:\WINNT\loadqm.exe
      C:\WINNT\System32\atiptaxx.exe
      C:\WINNT\System32\internat.exe
      C:\Program Files\Microsoft Office\Office\OSA.EXE
      C:\Palm\HOTSYNC.EXE
      C:\hijackthis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.nl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
      O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
      O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
      O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
      O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
      O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
      O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
      O4 - HKLM\..\Run: [LoadQM] loadqm.exe
      O4 - HKLM\..\Run: [TrustInstaller] E:\Setup.exe
      O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
      O4 - HKCU\..\Run: [internat.exe] internat.exe
      O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
      O4 - Global Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
      O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
      O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
      O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
      O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
      O14 - IERESET.INF: START_PAGE_URL=http://www.msn.nl
      O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.nl
      O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
      O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://activex.microsoft.com/activex/controls/macromedia/Swdir.cab
      O16 - DPF: {5F1ABCDB-A875-46C1-8345-B72A4567E490} - http://www.dotcomtoolbar.com/nl/toolbar_nieuw13.cab
      • Citaat

      Comment

      • #4
        Hoi Wonnink,

        1. Vink onderstaande aan in HijackThis:

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

        O4 - HKLM\..\Run: [TrustInstaller] E:\Setup.exe

        O16 - DPF: {5F1ABCDB-A875-46C1-8345-B72A4567E490} - http://www.dotcomtoolbar.com/nl/toolbar_nieuw13.cab
        2. Sluit alle andere vensters en browsers, en klik op de knop “Fix Checked”.

        3. Start opnieuw op, maak een nieuw logje aan, en post dat hier.
        • Citaat

        Comment

        • #5
          Hoi Wonnink,

          Het is al weer even geleden, maar zijn je problemen nu opgelost? Zo niet, moet je even updaten naar HijackThis 1.99.0:

          Nucia Security Forums
          http://www.nucia.eu/downloads/hijackthis/index.html


          Maak hiermee een nieuw logje aan, en post dat hier.
          • Citaat

          Comment

          Vorige template Volgende
          Sorry, you are not authorized to view this page
          Working...
          X