Mededeling

Collapse
No announcement yet.

Hulp gevraagd: log

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Hulp gevraagd: log

    Logfile of HijackThis v1.98.2
    Scan saved at 14:29:14, on 19-11-2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\ati2plxx.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\Atiptaxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINNT\system32\OnSrvr.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINNT\system32\AChkr.exe
    C:\WINNT\system32\wuauclt.exe
    C:\WINNT\system32\ntvdm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dothesearch.com/user/sidetemp.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 207.44.240.65 rad.msn.com
    O1 - Hosts: 216.93.174.28 view.atdmt.com
    O1 - Hosts: 216.93.174.28 ad.doubleclick.net
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: My BHO - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINNT\system32\AdEnh.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [OnSrvr] C:\WINNT\system32\OnSrvr.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    Labels: Geen
    • Citaat
  • #2
    Hoi klaphark,

    1. Vink onderstaande aan in HijackThis:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dothesearch.com/user/sidetemp.htm

    R3 - Default URLSearchHook is missing

    O1 - Hosts: 207.44.240.65 rad.msn.com
    O1 - Hosts: 216.93.174.28 view.atdmt.com
    O1 - Hosts: 216.93.174.28 ad.doubleclick.net

    O2 - BHO: My BHO - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINNT\system32\AdEnh.dll

    O4 - HKLM\..\Run: [OnSrvr] C:\WINNT\system32\OnSrvr.exe

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    2. Sluit alle andere vensters en browsers, en klik op de knop “Fix Checked”.

    3. Start opnieuw op in veilige modus.
    Zorg ervoor dat verborgen bestanden en mappen zichtbaar zijn: Verkenner > Extra > Mapopties > Tablad Weergave > scroll naar beneden en vink het vakje voor "Verborgen bestanden en mappen weergeven" aan.

    4. Ga naar Windows Verkenner (Rechtsklikken op Start - Verkennen). Zoek en verwijder het volgende:
    Bestand:
    C:\WINNT\system32\OnSrvr.exe

    5. Start opnieuw op in normale modus, maak een nieuw logje aan met HijackThis, en post dat hier
    • Citaat

    Comment

    • #3
      Hallo Hans,

      hierbij het nieuwe logje. Alvast bedankt voor je hulp!

      Groeten,
      Klaphark

      Logfile of HijackThis v1.98.2
      Scan saved at 10:03:34, on 22-11-2004
      Platform: Windows 2000 SP4 (WinNT 5.00.2195)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINNT\System32\smss.exe
      C:\WINNT\system32\winlogon.exe
      C:\WINNT\system32\services.exe
      C:\WINNT\system32\lsass.exe
      C:\WINNT\system32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINNT\system32\spoolsv.exe
      C:\WINNT\System32\ati2plxx.exe
      C:\WINNT\System32\svchost.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\WINNT\system32\regsvc.exe
      C:\Program Files\Norton AntiVirus\SAVScan.exe
      C:\WINNT\system32\MSTask.exe
      C:\WINNT\System32\WBEM\WinMgmt.exe
      C:\WINNT\system32\mspmspsv.exe
      C:\WINNT\system32\svchost.exe
      C:\WINNT\Explorer.EXE
      C:\WINNT\system32\Atiptaxx.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
      C:\WINNT\system32\OnSrvr.exe
      C:\WINNT\system32\internat.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\WINNT\system32\AChkr.exe
      C:\WINNT\system32\wuauclt.exe
      C:\unzipped\hijackthis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O2 - BHO: My BHO - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINNT\system32\AdEnh.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
      O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
      O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
      O4 - HKLM\..\Run: [OnSrvr] C:\WINNT\system32\OnSrvr.exe
      O4 - HKCU\..\Run: [internat.exe] internat.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      • Citaat

      Comment

      • #4
        Hoi Klaphark,

        Start opnieuw op in veilige modus, en fix deze regel:
        O4 - HKLM\..\Run: [OnSrvr] C:\WINNT\system32\OnSrvr.exe

        Start weer opnieuw op in veilige modus, en verwijder:
        C:\WINNT\system32\OnSrvr.exe << bestand

        Start opnieuw op in normale modus, maak een nieuw HijackThis logje aan, en post dat hier
        • Citaat

        Comment

        • #5
          Hans,

          de nieuwe log.

          Logfile of HijackThis v1.98.2
          Scan saved at 9:46:15, on 23-11-2004
          Platform: Windows 2000 SP4 (WinNT 5.00.2195)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

          Running processes:
          C:\WINNT\System32\smss.exe
          C:\WINNT\system32\winlogon.exe
          C:\WINNT\system32\services.exe
          C:\WINNT\system32\lsass.exe
          C:\WINNT\system32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          C:\WINNT\system32\spoolsv.exe
          C:\WINNT\System32\ati2plxx.exe
          C:\WINNT\System32\svchost.exe
          C:\Program Files\Norton AntiVirus\navapsvc.exe
          C:\WINNT\system32\regsvc.exe
          C:\Program Files\Norton AntiVirus\SAVScan.exe
          C:\WINNT\system32\MSTask.exe
          C:\WINNT\System32\WBEM\WinMgmt.exe
          C:\WINNT\system32\mspmspsv.exe
          C:\WINNT\system32\svchost.exe
          C:\WINNT\Explorer.EXE
          C:\WINNT\system32\Atiptaxx.exe
          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
          C:\WINNT\system32\internat.exe
          C:\Program Files\WinZip\WZQKPICK.EXE
          C:\PROGRA~1\WINZIP\winzip32.exe
          C:\WINNT\system32\wuauclt.exe
          C:\unzipped\hijackthis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
          O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O2 - BHO: My BHO - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINNT\system32\AdEnh.dll
          O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
          O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
          O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
          O4 - HKCU\..\Run: [internat.exe] internat.exe
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
          O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
          O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
          O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
          O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
          O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
          O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
          • Citaat

          Comment

          • #6
            Ziet er weer keurig uit, problemen opgelost?
            • Citaat

            Comment

            Vorige template Volgende
            Sorry, you are not authorized to view this page
            Working...
            X