Vraag & Antwoord

Beveiliging & privacy

[HJT-log]

2 antwoorden
  • Pop-ups etc. 2 screenshots: [img:5a64c9f771]http://lars.bus3.nl/Screen%201.JPG[/img:5a64c9f771] [img:5a64c9f771]http://lars.bus3.nl/screen%202.JPG[/img:5a64c9f771] HJT log: Logfile of HijackThis v1.99.1 Scan saved at 14:41:58, on 12-12-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Aquarius Soft\PC Shutdown\svchost.exe D:\WINDOWS\eHome\ehRecvr.exe D:\WINDOWS\eHome\ehSched.exe D:\Program Files\Norton AntiVirus\navapsvc.exe D:\WINDOWS\system32\nvsvc32.exe D:\Program Files\Norton AntiVirus\SAVScan.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe D:\WINDOWS\system32\dllhost.exe D:\WINDOWS\system32\wuauclt.exe D:\WINDOWS\ehome\ehtray.exe D:\WINDOWS\system32\RUNDLL32.EXE D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\ASUS\Probe\AsusProb.exe D:\Program Files\D-Tools\daemon.exe D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe D:\WINDOWS\eHome\ehmsas.exe D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe D:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\WINDOWS\system32\paytime.exe C:\windows\adtech2006a.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\MSN Messenger\MsnMsgr.Exe D:\Program Files\Messenger\msmsgs.exe C:\winstall.exe D:\WINDOWS\system32\paytime.exe D:\PROGRA~1\COMMON~1\zqio\zqiom.exe D:\Program Files\Aquarius Soft\PC Shutdown\assdtray.exe D:\PROGRA~1\COMMON~1\zqio\zqioa.exe D:\Program Files\Norton AntiVirus\OPScan.exe D:\Program Files\Internet Explorer\iexplore.exe D:\PROGRA~1\COMMON~1\zqio\zqiol.exe D:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Documents and Settings\Lars Bisschops\Bureaublad\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ehTray] D:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ASUS Probe] D:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [PayTime] D:\WINDOWS\system32\paytime.exe O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006a.exe O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - HKCU\..\Run: [PayTime] D:\WINDOWS\system32\paytime.exe O4 - HKCU\..\Run: [zqio] D:\PROGRA~1\COMMON~1\zqio\zqiom.exe O4 - HKCU\..\Run: [CU1] D:\Program Files\Common Files\VCClient\VCClient.exe O4 - HKCU\..\Run: [CU2] D:\Program Files\Common Files\VCClient\VCMain.exe O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Aquarius Soft PC Shutdown Tray Icon.lnk = D:\Program Files\Aquarius Soft\PC Shutdown\assdtray.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Aquarius Soft PC Shutdown NT Service - Aquarius Soft - D:\Program Files\Aquarius Soft\PC Shutdown\svchost.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Bvd
  • [quote:633af775a3="Lars Bisschops"] [b:633af775a3]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html O4 - HKLM\..\Run: [PayTime] D:\WINDOWS\system32\paytime.exe O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006a.exe O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - HKCU\..\Run: [PayTime] D:\WINDOWS\system32\paytime.exe [/b:633af775a3][/quote:633af775a3] Bovenstaande dingen fixen. De dingen hieronder heb ik twijfels over. Messenger 2x starten is waarschijnlijk niet nodig, hij is natuurlijk wel gewoon veilig ;) [quote:633af775a3="Lars Bisschops"] O4 - HKCU\..\Run: [zqio] D:\PROGRA~1\COMMON~1\zqio\zqiom.exe O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Aquarius Soft PC Shutdown Tray Icon.lnk = D:\Program Files\Aquarius Soft\PC Shutdown\assdtray.exe O23 - Service: Aquarius Soft PC Shutdown NT Service - Aquarius Soft - D:\Program Files\Aquarius Soft\PC Shutdown\svchost.exe Bvd[/quote:633af775a3] Dingen laten fixen, daarna opnieuw starten in veilige modus en je pctje scannen op virussen en adware (met spybot en adaware)

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.