Vraag & Antwoord

Beveiliging & privacy

Controle Hijackthis

Anoniem
Abraham54
6 antwoorden
 • Hallo Gerben, het log vertoont geen echte bedreigingen.

 • Bedankt voor de informatie.

  Na het verwijderen van Avast anti Virus en het installeren van een ander AV programma en het opschonen met CCleaner was de pcmal een stuk sneller geworden.

  Zal de overige acties op termijn uitvoeren. PC staat op een andere locatie.
 • Graag een controle op het volgende logje:

  Logfile of Trend Micro HijackThis v2.0.4
  Scan saved at 20:30:15, on 23-10-2012
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v8.00 (8.00.6001.18702)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Windows Defender\MsMpEng.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Tablet\Pen\Pen_TouchService.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\stsystra.exe
  C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
  C:\Program Files\Dell\Media Experience\DMXLauncher.exe
  C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
  C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
  C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
  C:\Program Files\Fighters\SPAMfighter\sfagent.exe
  C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
  C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
  C:\Program Files\Sitecom\Common\RegistryWriter.exe
  C:\Program Files\Fighters\SPAMfighter\sfus.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Fighters\FighterSuiteService.exe
  C:\Program Files\Tablet\Pen\Pen_Tablet.exe
  C:\Program Files\Fighters\Tray\FightersTray.exe
  C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
  C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Tablet\Pen\Pen_Tablet.exe
  C:\Program Files\Windows Live\Messenger\msnmsgr.exe
  C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  C:\Program Files\Sitecom\Common\RaUI.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
  C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
  C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
  C:\WINDOWS\system32\HPZipm12.exe
  C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\WINDOWS\system32\msiexec.exe
  C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
  C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
  C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
  C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
  C:\Program Files\Mozilla Firefox\plugin-container.exe
  C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
  O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
  O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
  O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
  O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
  O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
  O4 - HKLM\..\Run: [mnu] C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe /S:T
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
  O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
  O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\SPAMfighter\sfagent.exe
  O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
  O4 - HKLM\..\Run: [KPN Assistent] C:\Program Files\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe /auto
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  O4 - HKLM\..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe
  O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
  O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
  O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  O4 - Global Startup: HP Photosmart Premier Snelstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
  O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Common\RaUI.exe
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\th reijnen\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
  O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
  O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
  O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
  O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
  O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
  O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
  O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
  O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
  O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
  O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
  O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
  O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
  O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
  O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
  O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
  O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
  O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Sitecom\Common\RegistryWriter.exe
  O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\SPAMfighter\sfus.exe
  O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe
  O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
  O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe


  End of file - 13963 bytes
 • [quote:4be6388532="gerben3"]Bedankt voor de informatie.

  Na het verwijderen van Avast anti Virus en het installeren van een ander AV programma en het opschonen met CCleaner was de pcmal een stuk sneller geworden.

  Zal de overige acties op termijn uitvoeren. PC staat op een andere locatie.[/quote:4be6388532]

  Dat begrijp ik niet helemaal.
  Ik ben geen Avast in het log tegengekomen, wel de gratis versie van Panda Cloud Antivirus.

  En die draait net zo als Avast bijzonder licht in Windows.

  En welke ander antivirusprogramma heb je dan nu geïnstalleerd?
 • Abraham54 ik twijfel totaal niet aan je kennis , maar bij running process zie ik wel staan: C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe
 • [quote:5fc056ec3c="Abraham54"][quote:5fc056ec3c="gerben3"]Bedankt voor de informatie.

  Na het verwijderen van Avast anti Virus en het installeren van een ander AV programma en het opschonen met CCleaner was de pcmal een stuk sneller geworden.

  Zal de overige acties op termijn uitvoeren. PC staat op een andere locatie.[/quote:5fc056ec3c]

  Dat begrijp ik niet helemaal.
  Ik ben geen Avast in het log tegengekomen, wel de gratis versie van Panda Cloud Antivirus.

  En die draait net zo als Avast bijzonder licht in Windows.

  En welke ander antivirusprogramma heb je dan nu geïnstalleerd?[/quote:5fc056ec3c]

  Dat klopt. Het log is gemaakt na het verwijderen van Avast en het klopt dat Panda Cloud AV nu is geinstalleerd.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.