Vraag & Antwoord

Beveiliging & privacy

Kan iemand mijn Hijackthis logfile beoordelen?

Anoniem
De huismeester
7 antwoorden
 • Tja, hieronder het log als zodanig. Mij zegt het niets.Als er iets niet deugt, wat moet ik dan doen?

  Logfile of HijackThis v1.97.7
  Scan saved at 0:07:39, on 5-4-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
  C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\DOCUME~1\CEESKL~1\LOCALS~1\Temp\msbb.exe
  C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
  C:\WINDOWS\SysUpd.exe
  C:\WINDOWS\System32\ctfmon.exe
  C:\Program Files\Kazaa K++\Kazaa.kpp
  C:\Program Files\Skype\Phone\Skype.exe
  C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
  C:\ScanPanel\ScnPanel.exe
  C:\Program Files\Kazaa K++\speed up.exe
  C:\Documents and Settings\Cees Klijn\Mijn documenten\Progjes\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.rub.to
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.rub.to
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.rub.to
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
  O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
  O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
  O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
  O4 - HKLM\..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
  O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
  O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
  O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
  O4 - HKLM\..\Run: [JQA] C:\WINDOWS\JQA.exe
  O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
  O4 - HKLM\..\Run: [msbb] C:\DOCUME~1\CEESKL~1\LOCALS~1\Temp\msbb.exe
  O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
  O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SysUpd.exe
  O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa K++\kpp.exe" "C:\Program Files\Kazaa K++\Kazaa.kpp" /SYSTRAY
  O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
  O4 - Startup: Registration-Studio 8.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
  O4 - Global Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
  O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
  O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
  O9 - Extra button: Translate (HKLM)
  O9 - Extra 'Tools' menuitem: LingoWare Translator… (HKLM)
  O9 - Extra button: Related (HKLM)
  O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
  O9 - Extra button: Messenger (HKLM)
  O9 - Extra 'Tools' menuitem: Messenger (HKLM)
  O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O16 - DPF: Win32 Classes -
  O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
  O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/bridge.cab
  O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash5/cabs/swflash.cab
  O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
  O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/en/SysWebTelecom.cab
  O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{99E70898-1575-4A1C-8A45-8F5CEE17D8EB}: NameServer = 195.96.96.97 195.96.96.33
 • Ik zie een aantal dingen die niet goed zijn, download Adaware update adaware en laat dan alles repareren wat Adaware vind.
  Download daarna Spybot search and destroy, update en draai het programma, verwijder hier ALLEEN DE RODE ITEMS.

  Post daarna een nieuw Hijacklog.
 • Het valt mij wel op dat velen hier hun hijacklog posten vooraleer ze eerst hun pc laten scannen met een spywarescanner(s).

  Je hebt redelijk veel spyware staan… en laat je pc ook maar eens scannen met je (up-to-date)virusscanner of trojanscanner… (Belt.exe)

  Succes. ;-)
 • [quote:b5119f2722="De huismeester"]Ik zie een aantal dingen die niet goed zijn, download Adaware update adaware en laat dan alles repareren wat Adaware vind.
  Download daarna Spybot search and destroy, update en draai het programma, verwijder hier ALLEEN DE RODE ITEMS.

  Post daarna een nieuw Hijacklog.[/quote:b5119f2722]

  Ziehier het nieuwe log. Ik heb eerst spybot gedaan, want toen ik naar adaware ging, werd ik automatisch naar spybot doorgesluisd. Ik hoop dat dit een goede actie was. Affijn: spybot gerund en daarna Spyblaster geinstalleerd (dit werd weer door spybot aangeraden).Hierna heb ik Hijack weer gerund met als volgend resultaat. Wel had ik graag willen weten op wat voor soort "dingetjes" er gelet wordt, dan kan ik zelf ook wat in de gaten houden. Groetjes.

  Logfile of HijackThis v1.97.7
  Scan saved at 23:53:18, on 5-4-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Program Files\Kazaa K++\Kazaa.kpp
  C:\Program Files\Skype\Phone\Skype.exe
  C:\ScanPanel\ScnPanel.exe
  C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
  C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Documents and Settings\Cees Klijn\Mijn documenten\Progjes\HijackThis.exe
  C:\Program Files\Messenger\msmsgs.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
  O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
  O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
  O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa K++\kpp.exe" "C:\Program Files\Kazaa K++\Kazaa.kpp" /SYSTRAY
  O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SysUpd.exe
  O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
  O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
  O4 - HKLM\..\Run: [JQA] C:\WINDOWS\JQA.exe
  O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
  O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
  O4 - HKLM\..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
  O4 - HKLM\..\Run: [Belt] C:\WINDOWS\belt.exe
  O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O4 - Startup: Registration-Studio 8.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
  O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
  O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
  O4 - Global Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
  O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
  O9 - Extra button: Translate (HKLM)
  O9 - Extra 'Tools' menuitem: LingoWare Translator… (HKLM)
  O9 - Extra button: Related (HKLM)
  O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
  O9 - Extra button: Messenger (HKLM)
  O9 - Extra 'Tools' menuitem: Messenger (HKLM)
  O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O16 - DPF: Win32 Classes -
  O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
  O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/bridge.cab
  O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash5/cabs/swflash.cab
  O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
  O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/en/SysWebTelecom.cab
  O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{99E70898-1575-4A1C-8A45-8F5CEE17D8EB}: NameServer = 195.96.96.97 195.96.96.33
 • Geen virusscan gedaan blijkbaar?

  Hetgeen verwijderd mag worden is het volgende:

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
  O4 - HKLM\..\Run: [Belt] C:\WINDOWS\belt.exe

  Die JQA.exe lijkt me ook iets verdachts, maar daar weet ik geen zekerheid over.

  succes.
 • Kijk eerst bij je taakmanager of belt.exe voorkomt in de lijst, zoja schakel die dan eerst uit.
  start nu Hijackthis en laat de volgende dingen repareren:

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
  O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
  O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
  O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
  O4 - HKLM\..\Run: [Belt] C:\WINDOWS\belt.exe
  O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SysUpd.exe


  JQA.exe kan ik geen informatie over vinden, kom ik nog op terug want dat vertrouw ik niet helemaal.

  Als je spywareblaster en spybot en adaware heb dan ben je al aardig beschermd.
  De informatie over de spyware haal ik bij verschillende sites vandaan (links staan in de spywarefaq, http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=115358

  Edit: net te laat.
 • Ik ben net thuis en heb het log wat beter bekeken, en deze mogen er ook uit:
  O16 - DPF: Win32 Classes -
  O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
  O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/bridge.cab
  O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/en/SysWebTelecom.cab

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.