Vraag & Antwoord

Beveiliging & privacy

Hijack this log wie zal even willen kijken

Anoniem
Martijn Hogendorf
6 antwoorden
  • Logfile of HijackThis v1.98.2
    Scan saved at 13:12:36, on 3-10-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\Program Files\Messenger Plus! 3\MsgPlus.exe
    D:\documents and settings\leo bos\local settings\temp\fsg_4203.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\Program Files\iMesh\Client\iMeshClient.exe
    D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    D:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    D:\WINDOWS\system32\slserv.exe
    D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - D:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet6_38.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: D:\WINDOWS\lbbho.dll - {BFCBEA99-A60E-496B-8310-D26FB1DF3A85} - D:\WINDOWS\lbbho.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - D:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Trickler] "d:\documents and settings\leo bos\local settings\temp\fsg_4203.exe"
    O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: iMesh.lnk = D:\Program Files\iMesh\Client\iMeshClient.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net


    Wie zal even willen kijken ?

    Alvast bedankt
  • Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig de volgende programma's:
    MyWay Speed Bar
    New.net Application
    NewDotNet (Domains)

    Reboot de computer, run Hijackthis opnieuw en plaaats een nieuw logje.
    Dan kunnen we verder gaan ruimen..
  • De gevraagde dingen gedaan en hier is de nieuwe log:

    Logfile of HijackThis v1.98.2
    Scan saved at 19:54:52, on 3-10-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    D:\WINDOWS\system32\slserv.exe
    D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\Program Files\Messenger Plus! 3\MsgPlus.exe
    D:\documents and settings\leo bos\local settings\temp\fsg_4203.exe
    D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\iMesh\Client\iMeshClient.exe
    D:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: D:\WINDOWS\lbbho.dll - {BFCBEA99-A60E-496B-8310-D26FB1DF3A85} - D:\WINDOWS\lbbho.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Trickler] "d:\documents and settings\leo bos\local settings\temp\fsg_4203.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: iMesh.lnk = D:\Program Files\iMesh\Client\iMeshClient.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  • Hallo Martijn,

    Druk op CTRL+ALT+DEL om Windows Taakbeheer te openen. Ga naar het tabblad processen en beëindig de volgende processen:
    fsg_4203.exe
    iMeshClient.exe

    Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
    [b:a23a3ddc75]O2 - BHO: D:\WINDOWS\lbbho.dll - {BFCBEA99-A60E-496B-8310-D26FB1DF3A85} - D:\WINDOWS\lbbho.dll

    O4 - HKLM\..\Run: [Trickler] "d:\documents and settings\leo bos\local settings\temp\fsg_4203.exe"
    O4 - Startup: iMesh.lnk = D:\Program Files\iMesh\Client\iMeshClient.exe
    [/b:a23a3ddc75]

    Als je dit gedaan hebt start je de computer op in veilige modus.
    Zorg dat alle verborgen bestanden weergegeven worden, en verwijder de volgende bestanden of mappen indien aanwezig:
    D:\WINDOWS\lbbho.dll <–dit bestand

    Maak je Temp-map leeg: Start - Uitvoeren tik in: %TEMP%
    Reboot de computer.

    groeten,
  • Heb gedaan wat je zei en hier is nog even een log:

    Logfile of HijackThis v1.98.2
    Scan saved at 20:23:17, on 3-10-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    D:\WINDOWS\system32\slserv.exe
    D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\Program Files\Messenger Plus! 3\MsgPlus.exe
    D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  • Ziet er goed uit Martijn.
    Houden zo.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.