Vraag & Antwoord

Beveiliging & privacy

hijack log

5 antwoorden
  • Hoi ik heb dus een log gemaakt en hier is ie. Jullie bedankt voor de moeite en de goeie raad! [list:23f1887de7][b:23f1887de7] Logfile of HijackThis v1.98.1 Scan saved at 11:29:55, on 31-10-2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Grisoft\AVG6\avgcc32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\AdsGone\adsgone.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe c:\progra~1\intern~1\iexplore.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\interMute\SpySubtract\SpySub.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe E:\PROGRA~2\INCRED~1\bin\IMApp.exe C:\PROGRA~1\NORTON~2\NORTON~4\NPROTECT.EXE C:\PROGRA~1\NORTON~2\NORTON~4\SPEEDD~1\NOPDB.EXE C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Softwin\BitDefender Free Edition\bdmcon.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\Program Files\Messenger\msmsgs.exe E:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hopfwubdajpgeiexnjemvkdh.com/L6uxvfh/tVvrlffsykuVDYRdh9yDhwgsjsuZoqrgutkt3BHSTVawhUqAeA06HobA.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ercsxawdbsdggnq.com/L6uxvfh/tVs24XdRKWQyHUd/uZMBE_a6mEufRvIknHs.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {D3AFEC8A-25EC-224C-4853-983F20527598} - C:\DOCUME~1\Mirjam\APPLIC~1\THUNKC~1\licensebags.exe O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\bdnagent.exe O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [surfexitforkpile] C:\Documents and Settings\All Users\Application Data\Pure noun surf exit\mediahold.exe O4 - HKCU\..\Run: [IncrediMail] E:\PROGRA~2\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [Bin Start] C:\DOCUME~1\Mirjam\APPLIC~1\chinbleh\dash stop.exe O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\PROGRA~2\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: ChatSpace Full Java Client 4.0.0.301 - http://63.102.226.240:8000/Java/cfs40301.cab O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4313/mcfscan.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab [/b:23f1887de7][/list:u:23f1887de7] Ik hoop dat ik het goed heb gedaan want op het kladblok ziet het er wel wat anders uit(er staat nog iets voor) Ik hoor het(lees het)wel!
  • Druk op CTRL+ALT+DEL om Windows Taakbeheer te openen. Ga naar het tabblad processen en beëindig de volgende processen: MsgPlus.exe Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer het volgende programma: Messengerplus. Controleer of in deze lijst ook 1 van de volgende programma's voorkomt. Indien dit zo is deïnstalleer deze dan ook: Lop.com LOP SEARCH Window Searching Window Active Browser Enhancer Ultimate Browser Enhancer Run nadien deze 2 uninstallers: http://lop.com/new_uninstall.exe http://lop.com/toolbar_uninstall.exe Kan je de uninstallers niet downloaden gebruik dan deze alternatieven : http://members.rogers.com/rjmac/toolbar_uninstall.exe http://members.rogers.com/rjmac/new_uninstall.exe Reboot de computer. Start Hijackthis. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:d272c180d9] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hopfwubdajpgeiexnjemvkdh.com/L6uxvfh/tVvrlffsykuVDYRdh9yDhwgsjsuZoqrgutkt3BHSTVawhUqAeA06HobA.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ercsxawdbsdggnq.com/L6uxvfh/tVs24XdRKWQyHUd/uZMBE_a6mEufRvIknHs.html O2 - BHO: (no name) - {D3AFEC8A-25EC-224C-4853-983F20527598} - C:\DOCUME~1\Mirjam\APPLIC~1\THUNKC~1\licensebags.exe O4 - HKLM\..\Run: [surfexitforkpile] C:\Documents and Settings\All Users\Application Data\Pure noun surf exit\mediahold.exe O4 - HKCU\..\Run: [Bin Start] C:\DOCUME~1\Mirjam\APPLIC~1\chinbleh\dash stop.exe O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab [/b:d272c180d9] Als je dit gedaan hebt [url=http://users.pandora.be/marcvn/spyware/1378056.htm]start je de computer op in veilige modus[/url]. Zorg dat alle [url=http://users.pandora.be/marcvn/spyware/1117602.htm]verborgen bestanden weergegeven worden[/url], en verwijder de volgende bestanden of mappen indien aanwezig: C:\DOCUME~1\Mirjam\APPLIC~1\THUNKC~1 C:\Documents and Settings\All Users\Application Data\Pure noun surf exit C:\DOCUME~1\Mirjam\APPLIC~1\chinbleh Reboot de computer, run HijackThis opnieuw en post een nieuwe log. Wil Messengerplus blijven gebruiken, installeer het dan opnieuw maar kies voor de optie zonder sponsors. Succes. Marc
  • Zo daar ben ik weer, ik had even visite... Ik kon een paar dingen niet vinden nl; 02-bho:(no name)-d3afec8a enz. 04-hkcu\..\run [bin start] c:docume~1 enz. Daarna kon ik in de veilige modus de map met THUNKC~1 niet vinden. IK heb gelijk nog een probleempje, ik krijg met geen mogelijkheid mijn norton auto protect meer aan! Pff word een beetje flauw van die computer,ik ben al 2 dagen aan 't klooien ermee... Hier komt de log; [list:aabde67d9e][b:aabde67d9e]Logfile of HijackThis v1.98.1 Scan saved at 13:57:25, on 31-10-2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\Grisoft\AVG6\avgcc32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\AdsGone\adsgone.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\interMute\SpySubtract\SpySub.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe E:\PROGRA~2\INCRED~1\bin\IMApp.exe C:\PROGRA~1\NORTON~2\NORTON~4\NPROTECT.EXE C:\PROGRA~1\NORTON~2\NORTON~4\SPEEDD~1\NOPDB.EXE C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe E:\Program Files\hijackthis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\bdnagent.exe O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [IncrediMail] E:\PROGRA~2\INCRED~1\bin\IncMail.exe /c O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\PROGRA~2\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: ChatSpace Full Java Client 4.0.0.301 - http://63.102.226.240:8000/Java/cfs40301.cab O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4313/mcfscan.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab[/b:aabde67d9e][/list:u:aabde67d9e]
  • Logje ziet er goed uit. Ik zie Norton, Bitdefender, AVG.... Maak een keuze wat betreft je virsuscanner.
  • Hallo, Marc allereerst nog hartelijk dank voor alle hulp! Ik heb nog een klein vraagje, ik hou het liefste norton omdat ik daar bekend mee ben.(Hij doet 't inmiddels ook weer goed) maar kan ik die andere anti virus progamma's wel gewoon op mijn computer laten staan?Uitgeschakeld?,en die dan af en toe ook draaien? Groetjes Mirjam.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.