Vraag & Antwoord

Beveiliging & privacy

Log :D

Anoniem
maxrood
6 antwoorden
 • Kan iemand even naar mijn log kijken?
  Alvast bedankt :D :D :D :D :D

  LoG:

  Logfile of HijackThis v1.98.2
  Scan saved at 13:21:56, on 9-9-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\windows\System32\smss.exe
  C:\windows\system32\winlogon.exe
  C:\windows\system32\services.exe
  C:\windows\system32\lsass.exe
  C:\windows\system32\svchost.exe
  C:\windows\System32\svchost.exe
  C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  C:\Program Files\Sygate\SPF\smc.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\windows\system32\spoolsv.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\windows\System32\nvsvc32.exe
  C:\Program Files\Norton AntiVirus\SAVScan.exe
  C:\windows\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\windows\Explorer.EXE
  C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
  C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
  C:\windows\SOUNDMAN.EXE
  C:\WINDOWS\system32\dla\tfswctrl.exe
  C:\windows\System32\RUNDLL32.EXE
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
  C:\windows\StartupMonitor.exe
  c:\progra~1\intern~1\iexplore.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\CursorXP\CursorXP.exe
  C:\Program Files\FSG\DialerDetect\dd.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Documents and Settings\Max\Mijn documenten\hijackthis[1]\HijackThis.exe

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planet.nl
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eymlwisgbdzv.com/lIxyLMRg2nH6n45fuuN9maSRVDG3axHaf6_94sgCNadgXL0BnFGkoMLAAuEHneCp.cgi
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
  O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  O2 - BHO: (no name) - {8FED2A72-A59D-6DBF-AB90-19EB2186ADD4} - C:\PROGRA~1\chinmeal\Camp curb.exe
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
  O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
  O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
  O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
  O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
  O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
  O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
  O4 - HKLM\..\Run: [CheckRegDefragOnce] regopt.exe -checkdefrag
  O4 - HKLM\..\Run: [BORE LICENSE] C:\PROGRA~1\FILEOB~1\windowsecond.exe
  O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
  O4 - HKCU\..\Run: [PImenu] C:\Program Files\PImenu\PImenu.exe
  O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
  O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
  O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
  O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
  O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
  O4 - Startup: Dialer Detect.lnk = C:\Program Files\FSG\DialerDetect\dd.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1089646298401
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
  O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.18.69.102/activex/AxisCamControl.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{C0A194DD-403F-46B9-8309-088251C5C6BB}: NameServer = 195.121.1.34 195.121.1.66
 • lop.com infectie dus…
  Wat is die Bore License? Kan daar niks over terugvinden en vind het redelijk verdacht. Kijk eens in je softwarelijst of je daar een verwijzing naar vindt en deïnstalleer het.
  Daarna fixen in hijackthis:

  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eymlwisgbdzv.com/lIxyLMRg2nH6n45fuuN9maSRVDG3axHaf6_94sgCNadgXL0BnFGkoMLAAuEHneCp.cgi
  O2 - BHO: (no name) - {8FED2A72-A59D-6DBF-AB90-19EB2186ADD4} - C:\PROGRA~1\chinmeal\Camp curb.exe
  O4 - HKLM\..\Run: [BORE LICENSE] C:\PROGRA~1\FILEOB~1\windowsecond.exe
  O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.18.69.102/activex/AxisCamControl.cab

  Pc opstarten in veilige mode en deze map in je program files verwijderen: chinmeal

  pc terug opnieuw opstarten en hijackthis terug runnen.
  Indien je deze: R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eymlwisgbdzv.com/lIxyLMRg2nH6n45fuuN9maSRVDG3axHaf6_94sgCNadgXL0BnFGkoMLAAuEHneCp.cgi
  (zal waarschijnlijk wel weer andere karakters hebben) nog aanwezig moest zijn dan helpt het om de lop.com uninstall te doen.
  deze kan je hier vinden: http://users.pandora.be/bluepatchy/www/new_uninstall.exe
 • Bore License is lop.

  Beëindig dit proces indien het actief is met windows taakbeheer:
  windowsecond.exe

  Deïnstalller Messenger plus.

  Run dan deze uninstallers:
  http://lop.com/new_uninstall.exe
  http://lop.com/toolbar_uninstall.exe

  Reboot.

  Wil je Mesengerplus blijven gebruiken dan installeer je het opnieuw, maar dan zonder sponsors.
 • Als ik klik op de links:
  http://lop.com/new_uninstall.exe
  http://lop.com/toolbar_uninstall.exe
  Dan staat er: de huidige beveiligingsinstellingen staan niet toe dat dit bestand wordt gedownload ?!?!

  Nieuwe Log:

  Logfile of HijackThis v1.98.2
  Scan saved at 17:52:16, on 9-9-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\windows\System32\smss.exe
  C:\windows\system32\winlogon.exe
  C:\windows\system32\services.exe
  C:\windows\system32\lsass.exe
  C:\windows\system32\svchost.exe
  C:\windows\System32\svchost.exe
  C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  C:\Program Files\Sygate\SPF\smc.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\windows\system32\spoolsv.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\windows\System32\nvsvc32.exe
  C:\Program Files\Norton AntiVirus\SAVScan.exe
  C:\windows\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
  C:\windows\SOUNDMAN.EXE
  C:\WINDOWS\system32\dla\tfswctrl.exe
  C:\windows\System32\RUNDLL32.EXE
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\windows\StartupMonitor.exe
  C:\Program Files\CursorXP\CursorXP.exe
  C:\Program Files\FSG\DialerDetect\dd.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\windows\explorer.exe
  C:\Documents and Settings\Max\Mijn documenten\hijackthis[1]\HijackThis.exe

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planet.nl
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
  O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
  O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
  O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
  O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
  O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
  O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
  O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
  O4 - HKLM\..\Run: [CheckRegDefragOnce] regopt.exe -checkdefrag
  O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\windows\system32\cmd.exe /C "C:\DOCUME~1\Max\LOCALS~1\Temp\MsgPlusUninst.bat"
  O4 - HKCU\..\Run: [PImenu] C:\Program Files\PImenu\PImenu.exe
  O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
  O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
  O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
  O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
  O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
  O4 - Startup: Dialer Detect.lnk = C:\Program Files\FSG\DialerDetect\dd.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1089646298401
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{C0A194DD-403F-46B9-8309-088251C5C6BB}: NameServer = 195.121.1.34 195.121.1.66
 • Zie hieronder.
 • Dat komt omdat je spybot s&d en/of spywareblaster deze download blokkeert omdat het van de lop.com-site afkomstig is. Daarom heb ik deze uninstall op men eigen webspace gezet die je dus in vorige post van mij kon downloaden.

  Succes! ;-)

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.