Vraag & Antwoord

Beveiliging & privacy

Weer een hijackthislogje

Anoniem
None
5 antwoorden
 • Wie wil deze hijackthis-log even nakijken. Zit hier bij een ander die zonder beveiliging het internet opgegaan is Wordt aan gewerkt maar we zouden wel wat hulp kunnen gebruiken
  Logfile of HijackThis v1.98.2
  Scan saved at 20:43:25, on 17-11-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\SYSTEM32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\SOUNDMAN.EXE
  C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
  C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
  C:\WINDOWS\System32\twink64.exe
  C:\WINDOWS\System32\mmgr32.exe
  C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
  C:\WINDOWS\System32\ctfmon.exe
  C:\WINDOWS\System32\ir.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\WINDOWS\System32\rundll32.exe
  C:\Program Files\Webroot\Washer\wwDisp.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\WebSiteViewer\124488.dlr
  C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
  C:\WINDOWS\System32\wuauclt.exe
  C:\hijackthis\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\MARKJA~1\LOCALS~1\Temp\sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\MARKJA~1\LOCALS~1\Temp\sp.html
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/MStart2Page/Portal/portal.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\MARKJA~1\LOCALS~1\Temp\sp.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\MARKJA~1\LOCALS~1\Temp\sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\MARKJA~1\LOCALS~1\Temp\sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ls0.net/srchasst.html (obfuscated)
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\MARKJA~1\LOCALS~1\Temp\sp.html
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ls0.net/srchasst.html (obfuscated)
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStart2Page/Portal/portal.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - Default URLSearchHook is missing
  O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: (no name) - {B7BBA759-A79C-440E-A477-E7393D105C85} - C:\WINDOWS\System32\bcim.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [VOBID] c:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
  O4 - HKLM\..\Run: [IW ControlCenter] c:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
  O4 - HKLM\..\Run: [PinnacleDriverCheck] c:\WINDOWS\System32\PSDrvCheck.exe
  O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
  O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
  O4 - HKLM\..\Run: [Microsoft Restore] scrgrd.exe
  O4 - HKLM\..\Run: [MSUpdSrv] msupdsrv.exe
  O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
  O4 - HKLM\..\Run: [OpenMstart] C:\WINDOWS\System32\mmgr32.exe
  O4 - HKLM\..\RunServices: [Microsoft Services] lsrv.exe
  O4 - HKLM\..\RunServices: [Microsoft Restore] scrgrd.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [Microsoft Services] lsrv.exe
  O4 - HKCU\..\Run: [Microsoft Restore] scrgrd.exe
  O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
  O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
  O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O4 - Global Startup: officejet 6100.lnk = ?
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl
  O15 - Trusted Zone: *.blazefind.com
  O15 - Trusted Zone: *.clickspring.net
  O15 - Trusted Zone: *.flingstone.com
  O15 - Trusted Zone: *.mt-download.com
  O15 - Trusted Zone: *.my-internet.info
  O15 - Trusted Zone: *.searchbarcash.com
  O15 - Trusted Zone: *.searchmiracle.com
  O15 - Trusted Zone: *.skoobidoo.com
  O15 - Trusted Zone: *.slotch.com
  O15 - Trusted Zone: *.windupdates.com
  O15 - Trusted Zone: *.xxxtoolbar.com
  O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1015_EN_XP.cab
  O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=230270dab455d0e176941480ba0fc85f2978d245429f93809c10f10b815c8a96c9ba5c54063f7603d4945ab86ee97ff22322f046:375a82d108ec2e9d584f880889783bc3
  O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1040_pack_XP.cab
  O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_4_EN_XP.cab
  O16 - DPF: {C2326BDF-43B0-431F-940A-52D042621188} (Dial.getdial) - http://www.mediaswitch.nl/eromedia/mediaswitch.cab
  O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN_XP.cab
  O18 - Filter: application/hta - {D962EF38-5FB0-4761-8638-C86F085E25E6} - C:\WINDOWS\mwshelp.dll
  O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - C:\WINDOWS\mwshelp.dll
  O18 - Filter: text/html - {7DFF64C1-EFC8-4DF8-988A-EDF7527EFD84} - C:\WINDOWS\System32\bcim.dll
  O18 - Filter: text/plain - {7DFF64C1-EFC8-4DF8-988A-EDF7527EFD84} - C:\WINDOWS\System32\bcim.dll

  Alvast bedankt
 • * Ga via configuratiescherm naar software > programma's wijzigen/verwijderen en kijk of volgende programma's aanwezig zijn en de-installeer die:

  [b:8c1d88ba73]switch[/b:8c1d88ba73]

  * Start hijackthis en vink volgende items aan:

  [b:8c1d88ba73]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\MARKJA~1\LOCALS~1\Temp\sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\MARKJA~1\LOCALS~1\Temp\sp.html
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/MStart2Page/Portal/portal.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\MARKJA~1\LOCALS~1\Temp\sp.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\MARKJA~1\LOCALS~1\Temp\sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\MARKJA~1\LOCALS~1\Temp\sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ls0.net/srchasst.html (obfuscated)
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\MARKJA~1\LOCALS~1\Temp\sp.html
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ls0.net/srchasst.html (obfuscated)
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStart2Page/Portal/portal.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

  R3 - Default URLSearchHook is missing

  O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
  O2 - BHO: (no name) - {B7BBA759-A79C-440E-A477-E7393D105C85} - C:\WINDOWS\System32\bcim.dll

  O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
  O4 - HKLM\..\Run: [Microsoft Restore] scrgrd.exe
  O4 - HKLM\..\Run: [MSUpdSrv] msupdsrv.exe
  O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
  O4 - HKLM\..\Run: [OpenMstart] C:\WINDOWS\System32\mmgr32.exe
  O4 - HKLM\..\RunServices: [Microsoft Services] lsrv.exe
  O4 - HKLM\..\RunServices: [Microsoft Restore] scrgrd.exe
  O4 - HKCU\..\Run: [Microsoft Services] lsrv.exe
  O4 - HKCU\..\Run: [Microsoft Restore] scrgrd.exe
  O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess

  O15 - Trusted Zone: *.blazefind.com
  O15 - Trusted Zone: *.clickspring.net
  O15 - Trusted Zone: *.flingstone.com
  O15 - Trusted Zone: *.mt-download.com
  O15 - Trusted Zone: *.my-internet.info
  O15 - Trusted Zone: *.searchbarcash.com
  O15 - Trusted Zone: *.searchmiracle.com
  O15 - Trusted Zone: *.skoobidoo.com
  O15 - Trusted Zone: *.slotch.com
  O15 - Trusted Zone: *.windupdates.com
  O15 - Trusted Zone: *.xxxtoolbar.com
  O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1015_EN_XP.cab
  O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=230270dab455d0e176941480ba0fc85f2978d245429f93809c10f10b815c8a96c9ba5c54063f7603d4945ab86ee97ff22322f046:375a82d108ec2e9d584f880889783bc3
  O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1040_pack_XP.cab
  O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_4_EN_XP.cab
  O16 - DPF: {C2326BDF-43B0-431F-940A-52D042621188} (Dial.getdial) - http://www.mediaswitch.nl/eromedia/mediaswitch.cab

  O18 - Filter: application/hta - {D962EF38-5FB0-4761-8638-C86F085E25E6} - C:\WINDOWS\mwshelp.dll
  O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - C:\WINDOWS\mwshelp.dll
  O18 - Filter: text/html - {7DFF64C1-EFC8-4DF8-988A-EDF7527EFD84} - C:\WINDOWS\System32\bcim.dll
  O18 - Filter: text/plain - {7DFF64C1-EFC8-4DF8-988A-EDF7527EFD84} - C:\WINDOWS\System32\bcim.dll [/b:8c1d88ba73]

  * Sluit nu [b:8c1d88ba73]alle[/b:8c1d88ba73] vensters behalve hijackthis en klik op 'fix checked'

  * Start nu je pc op in VEILIGE MODE. Hoe start ik in veilige mode op.

  * Zorg ervoor dat je verborgen mappen en bestanden weergegeven zijn. Hoe deze weer te geven.

  * Zoek daarna via verkenner volgende items en verwijder deze manueel indien nog aanwezig:

  C:\WINDOWS\System32\[b:8c1d88ba73]mmgr32.exe[/b:8c1d88ba73]
  C:\WINDOWS\System32\[b:8c1d88ba73]twink64.exe[/b:8c1d88ba73]
  C:\Program Files\[b:8c1d88ba73]WebSiteViewer[/b:8c1d88ba73] <==deze map
  C:/Program Files/[b:8c1d88ba73]MStart2Page[/b:8c1d88ba73] <==deze map

  *Start CWShredder en klik op [b:8c1d88ba73]fix[/b:8c1d88ba73]

  * Ga daarna naar start > uitvoeren en typ: [b:8c1d88ba73]cleanmgr[/b:8c1d88ba73] en klik op ok.
  Laat het je systeem scannen op bestanden die moeten verwijderd worden.
  Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
  Klik daarna op ok.

  * Ga naar start > uitvoeren en typ: %temp% , selecteer heel die inhoud en verwijder het.

  *Klik op killbox.exe.
  Selecteer de optie "Delete on reboot".

  In het veld "Full path of file to delete" zet je onderstaande quote:

  [quote:8c1d88ba73] C:\WINDOWS\System32\bcim.dll[/quote:8c1d88ba73]

  Wanneer het programma vraagt om te rebooten klik je op YES

  *Na reboot; start hijackthis, 'scan', 'save log' en post hier een nieuw logje.
 • En hoog tijd om je een antivirusscan en firewall aan te schaffen. ;)
 • bedankt nog miekimoes, hebben toch de boel opnieuw geinstalleerd het systeem was te vervuild(68 virussen, enz)
 • Ach ja, zo is je systeem zeker 'schoon'
  Schaf je nu wel een antivirus en firewall aan hé! :wink:

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.