Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Even een kijkje in mijn hijackfiltje alstublieft

juisterr
10 antwoorden
  • Goedenavond,

    De PC heeft weer kuren.
    Hij start heel traag op en bij het overschakelen naar een ander gebruiker in XP blijft de pc steeds "hangen"

    Hieronder mijn hijacklog.
    Staat er iets bijzonders bij?


    Logfile of HijackThis v1.99.1
    Scan saved at 18:19:57, on 20-1-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Rob\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Iris\Menu Start\Programma's\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com
    esource/download/scanner/wlscbase8460.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161674795796
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • ogenschijnlijk schoon.

    probeer dit eens.

    Download [b:2592dc3faf]MWAV Antivirus and Spyware scanner 8.x[/b:2592dc3faf][/color:2592dc3faf] [list:2592dc3faf] [*:2592dc3faf]Vul de adresvelden in en klik > submit [*:2592dc3faf][b:2592dc3faf]Let op!![/color:2592dc3faf][/b:2592dc3faf] Scrol helemaal omlaag tot aan de diverse mirrors ”voor Download MWAV” en klik op één van de downloadlinks [*:2592dc3faf]Kies “uitvoeren” en installeer [b:2592dc3faf]mwav.exe[/b:2592dc3faf] [*:2592dc3faf]Vink aan “scan all files” en klik “scan and clean” [*:2592dc3faf]Negeer de melding “to buy eScan” als een virus wordt gedetecteerd en klik met OK de popup weg [*:2592dc3faf]Als de scan klaar is ga je met de cursor in het onderste veld staan en kies CTRL + A en dan CRTL + C (alles selecteren en kopieren) [*:2592dc3faf]Plak (CTRL + V) deze tekst in je volgende antwoord.[/list:u:2592dc3faf]


    Plaats ook een nieuw HJT logje aub.

    J
  • Dit heeft hij gevonden.

    bedtekend dit dat mijn huidige virusscan deze heeft doorgelaten?

    Object "grokster Spyware/Adware" found in File System! Action Taken: Entries Removed.
    Object "conducent flexpak Spyware/Adware" found in File System! Action Taken: Entries Removed.
    Object "ezula Spyware/Adware" found in File System! Action Taken: Entries Removed.
    Object "wareout Adware" found in File System! Action Taken: Entries Removed.
    Object "w32.rontokbro.d@mm Worm" found in File System! Action Taken: Entries Removed.
    Entry "HKCR\ActiveSkin4.Skin5" refers to invalid object "{DC47DD42-E06B-44be-8BD4-B0C5F5892F72}". Action Taken: Entries Removed.
    Entry "HKCR\ActiveSkin4.SkinLabel5" refers to invalid object "{DC47DD48-E06B-44be-8BD4-B0C5F5892F72}". Action Taken: Entries Removed.
    Entry "HKCR\MorpheusToolbar.PopSwatterBarButton" refers to invalid object "{679B8632-EDAB-4448-A065-E80A389B3665}". Action Taken: Entries Removed.
    Entry "HKCR\MorpheusToolbar.PopSwatterSettingsControl" refers to invalid object "{E7DEA1F1-FB46-457f-ABB7-04FCD5212CB0}". Action Taken: Entries Removed.
    Entry "HKCR\MsnPhotoUpload.PhotoUploadCtl" refers to invalid object "{4F1E5B1A-2A80-42ca-8532-2D05CB959537}". Action Taken: Entries Removed.
    Entry "HKCR\SharePoint.WebPartPage.Document.1.0" refers to invalid object "{388ED91D-7FD2-11D0-A60B-00A0C90A43FF}". Action Taken: Entries Removed.
    Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll". Action Taken: Entries Removed.
    Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\MsnPUpld.dll". Action Taken: Entries Removed.
    Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\MsnPUpld.dll". Action Taken: Entries Removed.
    Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\mnviewer.dll". Action Taken: Entries Removed.
    Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\rufsi.dll". Action Taken: Entries Removed.
    Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SAIX.dll". Action Taken: Entries Removed.
    Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll". Action Taken: Entries Removed.
    Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""C:\Program Files\Java Web Start\javaws.exe"". Action Taken: Entries Removed.
    Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""C:\Program Files\Java\jre1.5.0_03\bin\javaws.exe"". Action Taken: Entries Removed.
    Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""C:\Program Files\Java\jre1.5.0_05\bin\javaws.exe"". Action Taken: Entries Removed.
    Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files". Action Taken: Entries Removed.
    Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll". Action Taken: Entries Removed.
    Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\MsnPUpld.dll". Action Taken: Entries Removed.
    Entry "HKLM\Software\Microsoft\Shared Tools\DAO350" refers to invalid object "C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL". Action Taken: Entries Removed.
    Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cod". Action Taken: Entries Removed.
    Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".org/forum/". Action Taken: Entries Removed.
    Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".org/forum/admin/". Action Taken: Entries Removed.
    Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".org/forum/cache/". Action Taken: Entries Removed.
    Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NS Plan V/T for MSTS v0.5beta". Action Taken: Entries Removed.
    Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Train Simulator 1.0". Action Taken: Entries Removed.
  • Ja dus.

    mag ik ook een nieuw HJT logje en vertel eens of je probleem al over is.
  • Juisterr,


    Hierbij de Hijack logfile.
    De pc wil nog steeds niet afsluiten.

    Groet,
    Rob


    Logfile of HijackThis v1.99.1
    Scan saved at 16:46:25, on 21-1-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Rob\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Iris\Menu Start\Programma's\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com
    esource/download/scanner/wlscbase8460.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161674795796
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • Download en installeer CCleaner
    (De CCLeaner Yahoo Toolbar is niet nodig)
    Nog niet gebruiken.

    Installeer hijackthis.exe bijv. in C:\Program Files\[b:3706d05960]Hijackthis[/b:3706d05960]
    Dit in verband met de backups die dit programma maakt.

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:3706d05960]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    [/b:3706d05960]
    Klik op 'Fix checked' om de items te verwijderen.

    Start Ccleaner.
    Ccleaner biedt je de mogelijkheid om in te stellen wat er opgeschoond moet worden.
    Selecteer nu alleen de volgende items:
    Internet Explorer:
    - Tijdelijke Internet bestanden
    Systeem:
    - Prullenbak leegmaken
    - Tijdelijke bestanden
    klik nu in Ccleaner op [b:3706d05960]opschonen[/b:3706d05960] (rechts onderaan).

    voor de rest is het logje schoon.
  • Ik heb nog één probleempje met deze pc.

    In Xp heb ik 5 gebruikers aangemaakt.
    Ik kan niet meer overschakelen van de ene gebruiker naar de andere zonder iedereen af te melden.
    Ik kan wel terug komen naar het beginscherm maar kan dan niet overschakelen naar een andere gebruiker. Hij komt steeds terug in het begin scherm.

    Groet,
    Rob
  • ik weet daar het antwoord niet op ben ik bang.
  • Download sophos-anti-rootkit:

    *Plaats het op je buroblad
    *Dubbelklik sarsfx.exe om het uit te pakken (laat de default settings staan)
    *Open de map C:\SOPHTEMP en dubbelklik sargui.exe
    * zorg dat er een vinkje staat bij:

    [list:d20db4be99]Running processes
    Windows Registry
    Local Hard Drives[/list:u:d20db4be99]
    *Klik op "Start Scan"
    *Klik op ok nadat je de melding krijgt dat de scan klaar is, het programma zal sluiten
    *Ga naar start uitvoeren en kopieer en plak het volgende daarin:

    [b:d20db4be99]%temp%\sarscan.log[/b:d20db4be99]

    Nu opent een logje, post dat in je volgende antwoord.
  • Juisterrr zie pb

    ik heb zelf hier nog niet mee temaken gehad dus moet ik je antwoord schuldig blijven

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.