Vraag & Antwoord

Beveiliging & privacy

hijackthislog

Anoniem
M@rc
3 antwoorden
  • Hallo allemaal.
    Naar het draaien van
    Ad-Aware
    Spy Bouncer
    SpyBot
    Spyware remover

    Heb ik nog steeds last van een k*t startpagina (search)

    Hier volgt me hijackthislog weten jullie hoe ik deze zooi weg krijg?

    Logfile of HijackThis v1.99.0
    Scan saved at 13:41:46, on 18-12-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Norman\NVC\BIN\Zanda.exe
    C:\NORMAN\nvc\BIN\NJEEVES.EXE
    C:\NORMAN\nvc\BIN\NVCSCHED.EXE
    C:\NORMAN\nvc\BIN\nvcoas.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\00THotkey.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\BulletProofSoft.com\SpywareRemover\SpyWatch.exe
    C:\Program Files\BulletProofSoft.com\SpywareRemover\2AF6518F.DLL
    C:\DOCUME~1\mho\LOCALS~1\Temp\Rar$EX00.996\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\mho\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\mho\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\mho\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\mho\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\mho\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\mho\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.planet.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {015FC87A-123A-4E56-9430-CAED265CC0BC} - (no file)
    O2 - BHO: (no name) - {01C1DB4A-D5B8-4B23-9BCF-AF4407E04F9A} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {0A85762F-4A2A-48EE-AC66-F471FF11092F} - (no file)
    O2 - BHO: (no name) - {2584E5DA-75A4-4613-B423-BE87EA0F4AB2} - (no file)
    O2 - BHO: (no name) - {27276672-FF19-4F8F-8B20-E2B30675BFD5} - (no file)
    O2 - BHO: (no name) - {583E3704-72F3-4BC3-ACE6-B7632C2D4ACC} - (no file)
    O2 - BHO: (no name) - {5BBFF78F-CD7A-4010-AD9F-8EE759940232} - (no file)
    O2 - BHO: (no name) - {5BF1CFFF-8673-4D0E-A298-12FE107E2E78} - (no file)
    O2 - BHO: (no name) - {83AB0F08-A68F-4075-806B-9D218C40B901} - (no file)
    O2 - BHO: (no name) - {9819873E-90D1-4E68-8074-64784B09CDD8} - C:\WINDOWS\system32\lgff.dll
    O2 - BHO: (no name) - {A1889A7F-A862-4CA6-8B63-03AEE64021A3} - (no file)
    O2 - BHO: (no name) - {A69659A0-5F22-45A8-976E-02ECAAD3C4C4} - (no file)
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 10
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Bouncer RunStartup] C:\Program Files\Bouncer\liveupdate.exe 110
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://www.plaxo.com/activex/PlaxoInstall.cab
    O16 - DPF: {A02780C3-7F77-4E28-855B-28890F3CF37A} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMLIB_1031_pack_XP.cab
    O16 - DPF: {B73BC7C7-858B-49FA-BBDB-74DD77D1D9F3} ({B73BC7C7-858B-49FA-BBDB-74DD77D1D9F3}) - http://dialer.medianed.nl/installcab.php
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PetrolSystems.nl
    O17 - HKLM\Software\..\Telephony: DomainName = PetrolSystems.nl
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PetrolSystems.nl
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = PetrolSystems.nl
    O18 - Filter: text/html - {45D0DD1F-4AC1-44BA-8388-DB84C679D9BF} - C:\WINDOWS\system32\lgff.dll
    O18 - Filter: text/plain - {45D0DD1F-4AC1-44BA-8388-DB84C679D9BF} - C:\WINDOWS\system32\lgff.dll
    O23 - Service: Norman NJeeves - Unknown - C:\NORMAN\nvc\BIN\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Unknown - C:\Norman\NVC\BIN\Zanda.exe
    O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\nvc\BIN\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\nvc\BIN\NVCSCHED.EXE

    Gr. Crazyme
  • Sla HijackThis op in een eigen map. Niet op je bureaublad of in je Temp-files. HijackThis maakt namelijk backups in de map waar het opgestart wordt.

    Zorg dat alle verborgen bestanden weergegeven worden.

    Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig de volgende programma's:
    SpyBouncer
    SpyRemover

    Start de computer in veilige modus.

    Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
    [b:748f631110]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\mho\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\mho\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\mho\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\mho\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\mho\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\mho\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    O2 - BHO: (no name) - {015FC87A-123A-4E56-9430-CAED265CC0BC} - (no file)
    O2 - BHO: (no name) - {01C1DB4A-D5B8-4B23-9BCF-AF4407E04F9A} - (no file)

    O2 - BHO: (no name) - {0A85762F-4A2A-48EE-AC66-F471FF11092F} - (no file)
    O2 - BHO: (no name) - {2584E5DA-75A4-4613-B423-BE87EA0F4AB2} - (no file)
    O2 - BHO: (no name) - {27276672-FF19-4F8F-8B20-E2B30675BFD5} - (no file)
    O2 - BHO: (no name) - {583E3704-72F3-4BC3-ACE6-B7632C2D4ACC} - (no file)
    O2 - BHO: (no name) - {5BBFF78F-CD7A-4010-AD9F-8EE759940232} - (no file)
    O2 - BHO: (no name) - {5BF1CFFF-8673-4D0E-A298-12FE107E2E78} - (no file)
    O2 - BHO: (no name) - {83AB0F08-A68F-4075-806B-9D218C40B901} - (no file)
    O2 - BHO: (no name) - {9819873E-90D1-4E68-8074-64784B09CDD8} - C:\WINDOWS\system32\lgff.dll
    O2 - BHO: (no name) - {A1889A7F-A862-4CA6-8B63-03AEE64021A3} - (no file)
    O2 - BHO: (no name) - {A69659A0-5F22-45A8-976E-02ECAAD3C4C4} - (no file)

    O4 - HKLM\..\Run: [Bouncer RunStartup] C:\Program Files\Bouncer\liveupdate.exe 110

    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://www.plaxo.com/activex/PlaxoInstall.cab
    O16 - DPF: {A02780C3-7F77-4E28-855B-28890F3CF37A} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMLIB_1031_pack_XP.cab
    O16 - DPF: {B73BC7C7-858B-49FA-BBDB-74DD77D1D9F3} ({B73BC7C7-858B-49FA-BBDB-74DD77D1D9F3}) - http://dialer.medianed.nl/installcab.php

    O18 - Filter: text/html - {45D0DD1F-4AC1-44BA-8388-DB84C679D9BF} - C:\WINDOWS\system32\lgff.dll
    O18 - Filter: text/plain - {45D0DD1F-4AC1-44BA-8388-DB84C679D9BF} - C:\WINDOWS\system32\lgff.dll
    [/b:748f631110]

    Verwijder de volgende bestanden en/of mappen indien aanwezig:
    C:\WINDOWS\system32\lgff.dll

    Reboot de computer, run HijackThis opnieuw en post een nieuwe log.
  • Hallo.

    Ik heb alles gedaan Hier mijn laatste log

    Logfile of HijackThis v1.99.0
    Scan saved at 15:22:12, on 18-12-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Norman\NVC\BIN\Zanda.exe
    C:\WINDOWS\Explorer.EXE
    C:\NORMAN\nvc\BIN\NJEEVES.EXE
    C:\NORMAN\nvc\BIN\NVCSCHED.EXE
    C:\WINDOWS\System32\00THotkey.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\NORMAN\nvc\BIN\nvcoas.exe
    C:\NORMAN\nvc\BIN\cclaw.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 10
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PetrolSystems.nl
    O17 - HKLM\Software\..\Telephony: DomainName = PetrolSystems.nl
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PetrolSystems.nl
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = PetrolSystems.nl
    O23 - Service: Norman NJeeves - Unknown - C:\NORMAN\nvc\BIN\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Unknown - C:\Norman\NVC\BIN\Zanda.exe
    O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\nvc\BIN\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\nvc\BIN\NVCSCHED.EXE

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.