Vraag & Antwoord

Beveiliging & privacy

Hijackthis Log van Trage PC

6 antwoorden
  • Betreft: http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=173806 Hierbij een Hijackthis logje van deze PC. Alvast bedankt !! Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 20:05:38, on 21-4-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\carpserv.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\harrie\Bureaublad\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bvwojdogwe.com/p0eURctaQem/rxyI7tAaFYTfq5WQ_TQgxp2KA0hjOerG3iu5LZxCwdbP1HldU2_d.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.home.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {D67D28EB-E024-FCF3-7A45-EBECADE64DBD} - (no file) O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Policies\Explorer\Run: [{08FAC1E0-0965-1043-1028-02102820001f}] "C:\Program Files\Common Files\{08FAC1E0-0965-1043-1028-02102820001f}\Update.exe" mc-110-12-0001411 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: ppctlcab - http://69.44.122.156/scanner/ppctlcab.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://wa.azlnet.nl/Citrix/ICAWEB/en/ica32/wficat.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171887186508 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\p4p60e7seh.dll (file missing) O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\mcapsspc.dll (file missing) O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\irpol5731.dll (file missing) O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\fpp0037me.dll (file missing) O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\hrl6053se.dll (file missing) O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\h00qlad51d0.dll (file missing) O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\f6j2lg1o16.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7886 bytes
  • Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:e7caa7ae89]Combofix[/b:e7caa7ae89][/url] naar je bureaublad. Dubbelklik [b:e7caa7ae89]combofix.exe[/b:e7caa7ae89] Volg de instructies. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix gedaan heeft en na herstart, zal de log combofix.txt openen. Plaats deze log in je volgende post. Groeten smeenk ;)
  • Bedankt voor je reply smeenk ! Hierbij de log van ComboFix Alvast bedankt voor je tijd !! "harrie" - 07-04-22 11:54:38 Service Pack 2 ComboFix 07-04-21.2V - Running from: C:\Documents and Settings\harrie\Bureaublad\ ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log )))))))))))))))))))))))))))))))))))))))))))))))))) Granting SeDebugPrivilege to Administrators ... successful (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe C:\Program Files\pedevice\communication.xml C:\Program Files\pedevice\Domain.Watchlist.txt C:\Program Files\pedevice\pae-options.xml C:\Program Files\pedevice\pae_url.xml C:\Program Files\pedevice\PeDev.dll C:\Program Files\pedevice\PeDev.exe C:\Program Files\pedevice\pedevPS.dll C:\Program Files\pedevice\search.watchlist.txt C:\Program Files\pedevice\watchlist.xml C:\Program Files\install.log C:\WINDOWS\system32\unsvchosts.lzma C:\WINDOWS\system32\wnscpsu.exe C:\lswmv.ini C:\Program Files\Common Files\Uninstall Information C:\Program Files\pedevice C:\Program Files\Common Files\{08FAC~2 C:\Program Files\Common Files\{08FAC~1 C:\Program Files\Common Files\{38FAC~1 ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\C\WINDOWS\PPPATC~1 C:\qoobox\purity\C\WINDOWS\PPPATC~1\?vchost.exe ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_COM+_MESSAGES ((((((((((((((((((((((((((((((( Files Created from 2007-03-22 to 2007-04-22 )))))))))))))))))))))))))))))))))) 2007-04-21 19:26 <DIR> dr-h----- C:\DOCUME~1\harrie\Onlangs geopend 2007-04-21 19:23 75,512 --a------ C:\WINDOWS\zllsputility.exe 2007-04-21 19:22 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-04-21 14:18 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll 2007-04-21 14:16 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007 2007-04-21 14:16 <DIR> d-------- C:\DOCUME~1\harrie\APPLIC~1\TuneUp Software 2007-04-21 14:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software 2007-04-21 14:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-04-20 23:22 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2007-04-20 23:12 <DIR> d-------- C:\Program Files\Western Digital 2007-04-20 22:08 <DIR> d-------- C:\Program Files\Western Digital Technologies 2007-03-28 21:23 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-03-28 20:27 <DIR> d-------- C:\Program Files\ATI Technologies 2007-03-28 19:58 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2007-03-28 19:42 11,264 -ra------ C:\WINDOWS\system32\drivers\EIO.sys 2007-03-24 20:31 <DIR> d-------- C:\WINDOWS\pss (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-22 12:00 24 --a------ C:\WINDOWS\system32\dvcstatebkp-{00000002-00000000-0000000c-00001102-00000002-80651102}.dat 2007-04-22 12:00 24 --a------ C:\WINDOWS\system32\dvcstate-{00000002-00000000-0000000c-00001102-00000002-80651102}.dat 2007-04-21 20:09 -------- d-------- C:\Program Files\hitman pro 2007-04-21 19:32 -------- d-------- C:\Program Files\Common Files\panda software 2007-04-21 19:24 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-04-21 14:25 -------- d-------- C:\Program Files\messengerplus! 3 2007-04-20 23:12 -------- d--h----- C:\Program Files\installshield installation information 2007-04-14 12:59 -------- d-------- C:\Program Files\spyware doctor 2007-04-13 18:05 -------- d-------- C:\Program Files\msn messenger 2007-04-13 17:05 -------- d-------- C:\Program Files\dc++ 2007-04-11 16:19 -------- d-------- C:\Program Files\messenger 2007-03-28 20:51 -------- d-------- C:\Program Files\spywareblaster 2007-03-28 20:19 75474 --a------ C:\WINDOWS\system32\perfc013.dat 2007-03-28 20:19 498208 --a------ C:\WINDOWS\system32\perfh013.dat 2007-03-17 15:45 293376 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-09 23:55 -------- d-------- C:\Program Files\kazaa 2007-03-08 21:57 -------- d-------- C:\Program Files\panda software 2007-03-08 17:39 579072 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:39 40960 --------- C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:39 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:37 1843712 --------- C:\WINDOWS\system32\win32k.sys 2007-03-07 21:17 -------- d-------- C:\Program Files\intervideo 2007-02-05 22:20 185344 --------- C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "EM_EXEC"="C:\\PROGRA~1\\Logitech\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE" "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\"" "CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run" "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe" "WINDVDPatch"="CTHELPER.EXE" "CARPService"="carpserv.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" "ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup] "CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "SetDefaultMIDI"="" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe" "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\"" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs* UxTuneUp *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_PAVDRV *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_PAVSRV Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Click Maintenance.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-04-22 12:08:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-22 12:11:10 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 07-04-22 12:11
  • Er is veel verwijderd door Combofix :) Post maar even een nieuw logje van Hijackthis en vertel of er nog problemen zijn ;)
  • Beste Smeenk, Eigenlijk, voel ik wel verschil en denk ik dat de pc op zn oude snelheid terug is ! Nogmaals bedankt voor je hulp !
  • Graag gedaan hoor :) Deze map mag je verwijderen:(bevat alle zooi die Combofix verwijderd heeft) C:\[b:806fd490d9]qoobox[/b:806fd490d9]\

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.