Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hijackthis - logfile [opgelost]

Anoniem
windowsXP-PRO
4 antwoorden
  • wil iemand deze logfile nakijken
    ik heb last van een hardnekkig virus

    graag met uitleg hoe te handelen

    [code:1:604b030fb6]Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:39:45, on 27-11-2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16671)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\CyberLink\Shared files\brs.exe
    C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Windows\System32\audiohd.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\NetLimiter 3\NLClientApp.exe
    C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
    C:\Program Files\TechSmith\Snagit 10\snagiteditor.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Adblock Pro - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files\Adblock Pro\AdblockPro.dll
    O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\IEPro\IEProRecorder.dll
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
    O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
    O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
    O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice
    O4 - HKLM\..\Run: [Audio HD Driver] C:\Users\evert\AppData\Local\Temp\winlogon.exe
    O4 - HKLM\..\Run: [Windows Audio HDi Driver] "C:\Windows\system32\audiohd.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
    O4 - HKCU\..\Run: [Audio HD Driver] C:\Users\evert\AppData\Local\Temp\winlogon.exe
    O4 - HKCU\..\Policies\Explorer\Run: [Audio HD Driver] C:\Users\evert\AppData\Roaming\winlogon.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: OpenOffice.org 3.3 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Snagit 10.lnk = C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Block This Image (ABP) - C:\Program Files\Adblock Pro\blockimg.html
    O8 - Extra context menu item: &Blokkeer dit figuur (ABP) - C:\Program Files\Adblock Pro\blockimg.html
    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
    O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
    O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll
    O9 - Extra 'Tools' menuitem: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1CC9E3B0-40CE-4011-962D-6F742F167646}: NameServer = 156.154.70.22,156.154.71.22
    O17 - HKLM\System\CCS\Services\Tcpip\..\{94D61982-8CD0-4ADA-BA07-6429D229600D}: NameServer = 156.154.70.22,156.154.71.22
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1CC9E3B0-40CE-4011-962D-6F742F167646}: NameServer = 156.154.70.22,156.154.71.22
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1CC9E3B0-40CE-4011-962D-6F742F167646}: NameServer = 156.154.70.22,156.154.71.22
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
    O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
    O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
    O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
    O23 - Service: COMODO livePCsupport Service (CLPSLS) - Unknown owner - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (file missing)
    O23 - Service: DirMngr - Unknown owner - C:\Program Files\GNU\GnuPG\dirmngr.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
    O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
    O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 3
    lsvc.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe


    End of file - 11610 bytes
    [/code:1:604b030fb6]
  • Hallo windowsXP-PRO, jouw Windows 7 heeft inderdaad een behoorlijk probleem!


    Eerst nog een vraag: is de door jou gebruikte Eset/Nod32 antivirus legitiem of heb je die geactiveerd met een fix?


    Dan absoluut het volgende als eerste doen:

    [b:c060885562]Deaktiveer
  • bedankt voor je antwoord
    nee,, nod32 is legaal gekocht via spycilemon.
    evenals de firewall,, ook legaal

    ik zit inmiddels op opensuse., mijn vertrouwen in het systeem was gisteravond volledig weg.
    wellicht dat ik ooit nog eens windows overweeg.

    groetjes
  • Wow.

    Ik kan mij er iets bij voorstellen, alhoewel Windows 7 echt de beste Windows tot nu is.

    En hoe bevalt Suse je nu?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.