Vraag & Antwoord

Beveiliging & privacy

Logfile check Please.

Anoniem
T om
30 antwoorden
 • Voor dat ik dit allemaal doe wil ik wel even zeggen dat dat Dropbox 1 van
  de laastse programma's is die ik heb gedownload. Dit gebruik ik om
  foto's op internet te zetten om daar naar te verwijzen op forum's.
  Dus misschien is dat het probleem.

  Moet ik het programma maar verwijderen, of moet ik gewoon maar
  even doen wat je in de bericht had gezegt?

  Van die dropbox kon ik trouwens geen scan maken omdat het een map
  was. Hij doet alleen echt bestanden scannen volgens mij.

  Dat Dr. Web heb ik nog niet gedaan.
 • doe dr web maar alleen.
 • Ik heb gedaan wat je zei;

  Silent Runners.vbs;C:\Documents and Settings\Student\Desktop;Probably BATCH.Virus;Incurable.Moved.;
  VBAOL11.CHM\html/olobjAddressEntries.htm;C:\Program Files\Microsoft Office\OFFICE11\1043\VBAOL11.CHM;Modification of VBS.Petik;;
  VBAOL11.CHM;C:\Program Files\Microsoft Office\OFFICE11\1043;Archive contains infected objects;Moved.;
  SETUP.EXE;C:\TOINSTALL\OFFICE MEDIA CONTENT;Probably DLOADER.Trojan;Incurable.Moved.;


  P.S.
  Waarom moet ik alles op mijn bureaublad opslaan? Is dat nodig?
  Het wordt zo'n zootje op mijn desktop. :D

  Tom
 • maak anders een werkmap aan op je desktop en zet al die "rommel"daarin.

  Je logje is schoon.

  Eric
 • Ik zit nu dus bij een doodlopend einde. Want ik kraak blijft nog steeds.
  Of moeten we nog naar dat CPU kijken?

  Tom
 • Hmmm

  Als je ctrl + alt + delete doet komt je bij taakbeheer, je kan bij processen zien welk programma er zo aan je CPU zit te knabbelen, zet hier eens neer welk programma dat is aub.
 • Op dit moment is System Idle Process heel hoog.
  Die schommeld van 94 tot 97.

  Tom
 • Leeg je temp-mappen (
 • Ik heb bijna alles kunnen verwijderen. Een paar bestanden lukte niet
  omdat er een programma in gebruik was. Maar het meeste is weg.
  hier is de Startup log

  StartupList report, 6/6/2006, 10:08:48 PM
  StartupList version: 1.52.2
  Started from : E:\HijackThis\HijackThis2.EXE
  Detected: Windows XP SP2 (WinNT 5.01.2600)
  Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  * Using default options
  * Showing rarely important sections
  ==================================================

  Running processes:

  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Norton Internet Security\ISSVC.exe
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\system32\spoolsv.exe
  c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
  c:\apache\APACHE.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  c:\apache\APACHE.EXE
  C:\WINDOWS\system32\wscntfy.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\WINDOWS\SOUNDMAN.EXE
  C:\WINDOWS\AGRSMMSG.exe
  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\Launch Manager\QtZgAcer.EXE
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\Program Files\Acer\Notebook Manager\almxptray.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\NetPumper\NetPumperIEProxy.exe
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
  C:\Apache\mysql\bin\mysqld-nt.exe
  C:\Program Files\WinZip\WZQKPICK.EXE
  C:\Program Files\Active SMART\ActiveSMART.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Messenger\msmsgs.exe
  E:\HijackThis\HijackThis2.exe

  ————————————————–

  Listing of startup folders:

  Shell folders Startup:
  [C:\Documents and Settings\Student\Start Menu\Programs\Startup]
  Active SMART.lnk = C:\Program Files\Active SMART\ActiveSMART.exe

  Shell folders Common Startup:
  [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
  BTTray.lnk = ?
  MySQL- D-NT.lnk = C:\Apache\mysql\bin\mysqld-nt.exe
  WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

  ————————————————–

  Checking Windows NT UserInit:

  [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  UserInit = C:\WINDOWS\system32\userinit.exe,

  ————————————————–

  Autorun entries from Registry:
  HKLM\Software\Microsoft\Windows\CurrentVersion\Run

  LaunchApp = Alaunch
  ATIModeChange = Ati2mdxx.exe
  ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  SoundMan = SOUNDMAN.EXE
  AGRSMMSG = AGRSMMSG.exe
  SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  LManager = C:\Program Files\Launch Manager\QtZgAcer.EXE
  RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  AcerNotebookManager = C:\Program Files\Acer\Notebook Manager\almxptray.exe
  BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  NetPumper = "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
  TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
  ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
  SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

  ————————————————–

  Autorun entries from Registry:
  HKCU\Software\Microsoft\Windows\CurrentVersion\Run

  ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
  MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

  ————————————————–

  Enumerating Active Setup stub paths:
  HKLM\Software\Microsoft\Active Setup\Installed Components
  (* = disabled by HKCU twin)

  [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
  StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

  [>{26923b43-4d38-484f-9b9e-de460746276c}] *
  StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

  [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
  StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

  [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
  StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

  [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
  StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

  [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
  StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

  [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
  StubPath = regsvr32.exe /s /n /i:U shell32.dll

  [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
  StubPath = %SystemRoot%\system32\ie4uinit.exe

  ————————————————–

  Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

  Shell=*INI section not found*
  SCRNSAVE.EXE=*INI section not found*
  drivers=*INI section not found*

  Shell & screensaver key from Registry:

  Shell=Explorer.exe
  SCRNSAVE.EXE=C:\WINDOWS\yzf-r1.scr
  drivers=*Registry value not found*

  Policies Shell key:

  HKCU\..\Policies: Shell=*Registry key not found*
  HKLM\..\Policies: Shell=*Registry value not found*

  ————————————————–

  Checking for EXPLORER.EXE instances:

  C:\WINDOWS\Explorer.exe: PRESENT!

  C:\Explorer.exe: not present
  C:\WINDOWS\Explorer\Explorer.exe: not present
  C:\WINDOWS\System\Explorer.exe: not present
  C:\WINDOWS\System32\Explorer.exe: not present
  C:\WINDOWS\Command\Explorer.exe: not present
  C:\WINDOWS\Fonts\Explorer.exe: not present

  ————————————————–

  Checking for superhidden extensions:

  .lnk: HIDDEN! (arrow overlay: yes)
  .pif: HIDDEN! (arrow overlay: yes)
  .exe: not hidden
  .com: not hidden
  .bat: not hidden
  .hta: not hidden
  .scr: not hidden
  .shs: HIDDEN!
  .shb: HIDDEN!
  .vbs: not hidden
  .vbe: not hidden
  .wsh: not hidden
  .scf: HIDDEN! (arrow overlay: NO!)
  .url: HIDDEN! (arrow overlay: yes)
  .js: not hidden
  .jse: not hidden

  ————————————————–

  Enumerating Browser Helper Objects:

  (no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
  (no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
  (no name) - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
  (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
  (no name) - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

  ————————————————–

  Enumerating Task Scheduler jobs:

  Easy Onderhoud.job
  Norton AntiVirus - Mijn computer scannen - Student.job
  Symantec NetDetect.job

  ————————————————–

  Enumerating Download Program Files:

  [CryptoRSA Control]
  InProcServer32 = C:\WINDOWS\DOWNLO~1\CRYPTO~1.OCX
  CODEBASE = https://www.p3.postbank.nl/sesam/CAX.cab

  [QuickTime Object]
  InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
  CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

  [Shockwave ActiveX Control]
  InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
  CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

  [Office Update Installation Engine]
  InProcServer32 = C:\WINDOWS\opuc.dll
  CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

  [Shockwave Flash Object]
  InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx
  CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

  ————————————————–

  Enumerating Winsock LSP files:

  NameSpace #4: C:\WINDOWS\system32\wshbth.dll

  ————————————————–

  Enumerating Windows NT/2000/XP services

  acernbm: \SystemRoot\system32\drivers\acernbm.sys (autostart)
  Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart)
  Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
  Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
  Bluetooth Support Service: %SystemRoot%\system32\svchost.exe -k bthsvcs (autostart)
  Bluetooth Serial Driver: \??\C:\WINDOWS\System32\drivers\btserial.sys (autostart)
  Bluetooth Port Client Driver: \??\C:\WINDOWS\System32\drivers\btslbcsp.sys (autostart)
  Bluetooth Service: c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (autostart)
  Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
  Symantec Network Proxy: "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" (autostart)
  Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
  Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
  DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
  DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
  Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
  DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
  Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
  Event Log: %SystemRoot%\system32\services.exe (autostart)
  Fax: %systemroot%\system32\fxssvc.exe (autostart)
  Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
  IrDA Protocol: System32\DRIVERS\irda.sys (autostart)
  Infrared Monitor: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
  ISSvc: "C:\Program Files\Norton Internet Security\ISSVC.exe" (autostart)
  Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
  Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
  TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
  Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
  Norton AntiVirus Auto-Protect-service: "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe" (autostart)
  osadmi: \SystemRoot\system32\drivers\osadmi.sys (autostart)
  PHPGeekUtil: "c:\apache\APACHE.EXE" –ntservice (autostart)
  Plug and Play: %SystemRoot%\system32\services.exe (autostart)
  IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
  Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
  Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
  Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
  Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
  ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
  Smart Card: %SystemRoot%\System32\SCardSvr.exe (autostart)
  Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
  Secdrv: System32\DRIVERS\secdrv.sys (autostart)
  Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
  System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
  Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
  Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
  Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (autostart)
  Symantec SPBBCSvc: "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" (autostart)
  Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
  System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
  Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
  Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)
  symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)
  SymWMI Service: "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" (autostart)
  Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
  Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
  Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
  Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
  WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
  Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
  Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
  Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
  Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


  ————————————————–

  Enumerating ShellServiceObjectDelayLoad items:

  PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
  CDBurn: C:\WINDOWS\system32\SHELL32.dll
  WebCheck: C:\WINDOWS\System32\webcheck.dll
  SysTray: C:\WINDOWS\System32\stobject.dll
  UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

  ————————————————–
  End of report, 14,832 bytes
  Report generated in 0.241 seconds

  Command line options:
  /verbose - to add additional info on each section
  /complete - to include empty sections and unsuspicious data
  /full - to include several rarely-important sections
  /force9x - to include Win9x-only startups even if running on WinNT
  /forcent - to include WinNT-only startups even if running on Win9x
  /forceall - to include all Win9x and WinNT startups, regardless of platform
  /history - to list version history only
 • tja mooi hoor, schoon verklaart.

  Is het probleem nu ook over??

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.