Vraag & Antwoord

Beveiliging & privacy

Mijn hijack log

Anoniem
M@rc
6 antwoorden
 • Ik ben behoorlijk bezig geweest maar volgens mij heb ik hem nu schoon…

  kan 1 van jullie eens kijken?


  Logfile of HijackThis v1.97.7
  Scan saved at 12:02:29, on 12-5-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\LEXBCES.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\LEXPPS.EXE
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
  C:\WINDOWS\System32\NMSSvc.exe
  C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
  C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\Mixer.exe
  C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
  C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
  C:\Program Files\Logitech\iTouch\iTouch.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
  C:\PROGRA~1\PESTPA~1\PPControl.exe
  C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
  C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
  C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
  C:\WINDOWS\System32\ctfmon.exe
  C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
  C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
  C:\Program Files\Microsoft Office\Office\1043\wfxmsrvr.exe
  C:\PROGRA~1\MICROS~2\Office\1043\OLFMOD32.EXE
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Documents and Settings\User\Bureaublad\DWNLDS\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = 203
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.customleathersaddlery.com/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 203
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = 203
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\y3ldubd9.slt\prefs.js)
  N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\y3ldubd9.slt\prefs.js)
  O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
  O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
  O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
  O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
  O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
  O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
  O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
  O9 - Extra button: Messenger (HKLM)
  O9 - Extra 'Tools' menuitem: Messenger (HKLM)
  O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
  O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38113.5721643519
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{1FB09ADD-83B1-4B02-8F54-68B94795FE35}: NameServer = 192.168.1.2
  O17 - HKLM\System\CS1\Services\Tcpip\..\{1FB09ADD-83B1-4B02-8F54-68B94795FE35}: NameServer = 192.168.1.2  Alvast bedankt
 • Ik zie zo geen rare dingen. Vind wel dat je veel processen hebt lopen, wellicht heb je die niet allemaal nodig.
 • Ik weet het, vooral die van lexmark…. Ik had ook een aantal programma's draaien op het moment van de scan…

  waar is trouwens die search assistent voor??

  Sander
 • Ben ik weer, dit maal voor mijn laptop. Ik heb alles uitgevoerd wat er in de FAQ staat van gerben plus PestPatrol.

  Toch vertrouw ik er geen klap van, de pc is trager dan normaal.

  btw Apoint is mijn "muis" van de laptop en de googlebar is met opzet geinstalleerd. Alle utilities geven aan dat mijn systeem schoon is behalve Pestpatrol, die vind van alles en nog wat, ook heb ik de kill box gebruikt maar die vindt ook niets… komt ie!


  Logfile of HijackThis v1.97.7
  Scan saved at 16:48:13, on 12/05/2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\CesarFTP\server.exe
  C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
  C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
  C:\WINDOWS\System32\nvsvc32.exe
  C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Apoint\Apoint.exe
  C:\WINDOWS\System32\ICO.EXE
  C:\Program Files\Apoint\Apntex.exe
  C:\WINDOWS\System32\ezSP_Px.exe
  C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
  C:\Program Files\Trust SpeedShare Turbo Pro LAN Adapter\WLANPRO.exe
  C:\WINDOWS\System32\rundll32.exe
  C:\Program Files\Messenger\msmsgs.exe
  \Server\dwnlds\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = 203
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = 203
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.club-vaio.sony-europe.com/
  O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
  O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
  O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
  O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
  O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
  O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
  O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
  O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
  O4 - Global Startup: Trust SpeedShare Turbo Pro LAN Adapter Configuration Utility.lnk = ?
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O9 - Extra button: Create Mobile Favorite (HKLM)
  O9 - Extra 'Tools' menuitem: Create Mobile Favorite… (HKLM)
  O9 - Extra button: Messenger (HKLM)
  O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
  O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
  O15 - Trusted Zone: *.renault1916v.nl
  O15 - Trusted Zone: *.sony-europe.com
  O15 - Trusted Zone: *.sonystyle-europe.com
  O15 - Trusted Zone: *.team1916v.com
  O15 - Trusted Zone: *.vaio-link.com
  O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download2.abetterinternet.com/download/cabs/FON19106/payload2.cab
  O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
  O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/FON19106/flash.cab
  O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38119.0367361111
  O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


  *edit* Dit is trouwens de pc waarmee ik de online securitytest van symantec niet mee kon uitvoeren, dit had ik al in een andere topic gemeld

  Ik hoop dat iemand me kan helpen.

  Sander
 • Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
  [b:bbbb74bbc0]
  O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll

  O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe

  O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download2.abetterinternet.com/download/cabs/FON19106/payload2.cab
  O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/FON19106/flash.cab
  [/b:bbbb74bbc0]
  Als je dit gedaan hebt start je de computer op in veilige modus.
  Zorg dat alle verborgen bestanden weergegeven worden, en verwijder de volgende bestanden of mappen indien aanwezig:
  C:\WINDOWS\Belt.exe <—dit bestand


  Heb je deze zelf in de trusted zone geplaatst?
  O15 - Trusted Zone: *.renault1916v.nl
  O15 - Trusted Zone: *.sony-europe.com
  O15 - Trusted Zone: *.sonystyle-europe.com
  O15 - Trusted Zone: *.team1916v.com
  O15 - Trusted Zone: *.vaio-link.com

  Zou je deze ook niet laten fixen door HijackThis?
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = 203
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = 203
  Ik ken ze niet.
 • ja die had ik in de trusted zone gezet..

  wat doet die belt.exe?? ik las dat dat bij "abetterinternet" hoorde maar die VX2.dll bende heeft de computer weer niet?

  die laatste ken ik ook niet, kan het geen kwaad om ze weg te knikkeren??

  Sander

  ps bedankt voor je reactie

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.