Vraag & Antwoord

Beveiliging & privacy

hijackthis log

Anoniem
steggel
3 antwoorden
  • :wink: Die allerlaatste regel is die normaal? Via google vind ik zowel dat het een veilig bestand is als dat het een trojan is.

    Logfile of HijackThis v1.99.1
    Scan saved at 22:00:54, on 6/07/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Ahead\InCD\InCDsrv.exe
    D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    D:\Program Files\Sygate\SPF\smc.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\SOUNDMAN.EXE
    J:\Filezilla server\FileZilla Server.exe
    D:\Program Files\Eset\nod32krn.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Eset\nod32kui.exe
    D:\Program Files\Ahead\InCD\InCD.exe
    D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    J:\Winamp\winampa.exe
    D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    J:\Filezilla server\FileZilla Server Interface.exe
    J:\power cinema\PowerCinema\PCMService.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    D:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    E:\PROGRA~1\MOZILL~1\THUNDE~1.EXE
    D:\Program Files\SpeedFan\speedfan.exe
    J:\power cinema\PowerCinema\PCM2.exe
    J:\Azureus\Azureus.exe
    D:\Program Files\Java\jre1.5.0_02\bin\javaw.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    J:\dynDNS dynamic\DynDNS Updater\DynDNS.exe
    K:\security\Hijackthis\HijackThis-1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [WinampAgent] J:\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [FileZilla Server Interface] "J:\Filezilla server\FileZilla Server Interface.exe"
    O4 - HKLM\..\Run: [PCMService] "J:\power cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
    O4 - HKLM\..\RunOnce: [WMC_RebootCheck] D:\WINDOWS\inf\unregmp2.exe /FixUps
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [STYLEXP] D:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] D:\WINDOWS\inf\unregmp2.exe /Fixups
    O4 - Startup: Stardock ObjectDock.lnk = J:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120334167890
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - J:\Filezilla server\FileZilla Server.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - D:\Program Files\Eset\nod32krn.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - J:\OC\SiSoftware Sandra Lite 2005.SR1\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - J:\OC\SiSoftware Sandra Lite 2005.SR1\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: StyleXPService - Unknown owner - D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - D:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  • [quote:f127b0bd51="lycan"]Die allerlaatste regel is die normaal? Via google vind ik zowel dat het een veilig bestand is als dat het een trojan is.

    O23 - Service: X10 Device Network Service (x10nets) - X10 - D:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[/quote:f127b0bd51]
    Legaal.
    [quote:f127b0bd51]
    X10 video streaming devices. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems[/quote:f127b0bd51]
  • thanx Marc :wink:

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.