Ga naar inhoud
  • 0

HijackThis CYN


Anoniem2

Vraag

Hallo\r\nzou u even kunnen kijken of er verdachte zaken inzitten, allerlei trojaanse zaken zijn per Malware eruit gehaald, maar dat komt omdat ik geen internet aansluiting had.\r\nNu wel en dus even dit logje\r\nalvast bedankt\r\nFarapom\r\n\r\nLogfile of Trend Micro HijackThis v2.0.2\r\nScan saved at 8:47:07, on 15-8-2009\r\nPlatform: Windows XP SP3 (WinNT 5.01.2600)\r\nMSIE: Internet Explorer v8.00 (8.00.6001.18702)\r\nBoot mode: Normal\r\n\r\nRunning processes:\r\nC:\\WINDOWS\\System32\\smss.exe\r\nC:\\WINDOWS\\system32\\winlogon.exe\r\nC:\\WINDOWS\\system32\\services.exe\r\nC:\\WINDOWS\\system32\\lsass.exe\r\nC:\\WINDOWS\\system32\\svchost.exe\r\nC:\\WINDOWS\\System32\\svchost.exe\r\nC:\\WINDOWS\\system32\\spoolsv.exe\r\nC:\\Program Files\\ABBYY FineReader 9.0\\NetworkLicenseServer.exe\r\nC:\\Program Files\\WIDCOMM\\Bluetooth Software\\bin\\btwdins.exe\r\nc:\\APPS\\Powercinema\\Kernel\\TV\\CLCapSvc.exe\r\nc:\\APPS\\Powercinema\\Kernel\\CLML_NTService\\CLMLServer.exe\r\nC:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe\r\nC:\\Program Files\\Java\\jre6\\bin\\jqs.exe\r\nC:\\WINDOWS\\system32\\svchost.exe\r\nC:\\Program Files\\Common Files\\Ulead Systems\\DVD\\ULCDRSvr.exe\r\nC:\\Program Files\\Sonic\\DigitalMedia LE v7\\MyDVD LE\\USBDeviceService.exe\r\nc:\\APPS\\Powercinema\\Kernel\\TV\\CLSched.exe\r\nC:\\WINDOWS\\System32\\svchost.exe\r\nC:\\WINDOWS\\Explorer.EXE\r\nC:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\r\nC:\\Program Files\\ControlSkype 1.4\\CSkype.exe\r\nC:\\WINDOWS\\system32\\igfxtray.exe\r\nC:\\WINDOWS\\system32\\hkcmd.exe\r\nC:\\WINDOWS\\system32\\igfxpers.exe\r\nC:\\WINDOWS\\AGRSMMSG.exe\r\nC:\\Program Files\\Sonic\\DigitalMedia LE v7\\MyDVD LE\\DetectorApp.exe\r\nC:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\r\nC:\\Program Files\\Common Files\\Ulead Systems\\AutoDetector\\monitor.exe\r\nC:\\APPS\\Powercinema\\PCMService.exe\r\nC:\\WINDOWS\\system32\\rundll32.exe\r\nC:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\r\nC:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\r\nC:\\Program Files\\Common Files\\ACD Systems\\EN\\DevDetect.exe\r\nC:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\r\nC:\\Program Files\\Java\\jre6\\bin\\jusched.exe\r\nC:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe\r\nC:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\r\nC:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\r\nC:\\WINDOWS\\system32\\ctfmon.exe\r\nC:\\APPS\\SMP\\SmpSys.exe\r\nC:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\r\nC:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\r\nC:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe\r\nC:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe\r\nC:\\WINDOWS\\system32\\wuauclt.exe\r\nC:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSTE08.exe\r\nC:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe\r\n\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]\r\nR0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]\r\nR1 - HKCU\\Software\\Microsoft\\Internet Connection Wizard,ShellNext = [url]http://format.packardbell.com/cgi-bin/redirect/?country=NL&range=AD&phase=6&key=OEM2[/url]\r\nR1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Window Title = Packard Bell\r\nR0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Koppelingen\r\nO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll\r\nO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre6\\bin\\ssv.dll\r\nO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll\r\nO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll\r\nO3 - Toolbar: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\\PROGRA~1\\Wanadoo\\GLOBAL\\Mstbr\\mstbr.dll\r\nO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar.dll\r\nO4 - HKLM\\..\\Run: [IMJPMIG8.1] \"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32\r\nO4 - HKLM\\..\\Run: [PHIME2002ASync] C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC\r\nO4 - HKLM\\..\\Run: [PHIME2002A] C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName\r\nO4 - HKLM\\..\\Run: [SynTPEnh] C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\r\nO4 - HKLM\\..\\Run: [ControlSkype] C:\\Program Files\\ControlSkype 1.4\\CSkype.exe\r\nO4 - HKLM\\..\\Run: [igfxtray] C:\\WINDOWS\\system32\\igfxtray.exe\r\nO4 - HKLM\\..\\Run: [igfxhkcmd] C:\\WINDOWS\\system32\\hkcmd.exe\r\nO4 - HKLM\\..\\Run: [igfxpers] C:\\WINDOWS\\system32\\igfxpers.exe\r\nO4 - HKLM\\..\\Run: [AGRSMMSG] AGRSMMSG.exe\r\nO4 - HKLM\\..\\Run: [DetectorApp] C:\\Program Files\\Sonic\\DigitalMedia LE v7\\MyDVD LE\\DetectorApp.exe\r\nO4 - HKLM\\..\\Run: [ISUSPM Startup] \"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup\r\nO4 - HKLM\\..\\Run: [ISUSScheduler] \"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start\r\nO4 - HKLM\\..\\Run: [Ulead AutoDetector v2] C:\\Program Files\\Common Files\\Ulead Systems\\AutoDetector\\monitor.exe\r\nO4 - HKLM\\..\\Run: [PCMService] \"c:\\APPS\\Powercinema\\PCMService.exe\"\r\nO4 - HKLM\\..\\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent\r\nO4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime\r\nO4 - HKLM\\..\\Run: [Adobe Photo Downloader] \"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\"\r\nO4 - HKLM\\..\\Run: [Google Desktop Search] \"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup\r\nO4 - HKLM\\..\\Run: [Device Detector] DevDetect.exe -autorun\r\nO4 - HKLM\\..\\Run: [Regedit32] C:\\WINDOWS\\system32\\regedit.exe\r\nO4 - HKLM\\..\\Run: [Home Antivirus 2010] \"C:\\Program Files\\HomeAntivirus2010\\HomeAntivirus2010.exe\" /hide\r\nO4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\"\r\nO4 - HKLM\\..\\Run: [egui] \"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe\" /hide /waitservice\r\nO4 - HKLM\\..\\Run: [ms18_word] C:\\WINDOWS\\system32\\ms18_word.exe\r\nO4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"\r\nO4 - HKCU\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\ctfmon.exe\r\nO4 - HKCU\\..\\Run: [SmpcSys] C:\\APPS\\SMP\\SmpSys.exe\r\nO4 - HKCU\\..\\Run: [swg] C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\r\nO4 - HKCU\\..\\Run: [ms18_word] C:\\Documents and Settings\\Cynthia\\ms18_word.exe\r\nO4 - HKUS\\S-1-5-19\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Lokale service\')\r\nO4 - HKUS\\S-1-5-20\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Netwerkservice\')\r\nO4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')\r\nO4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')\r\nO4 - Global Startup: BTTray.lnk = ?\r\nO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe\r\nO8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\\Program Files\\Adobe\\Acrobat 7.0\\Acrobat\\AcroIEFavClient.dll/AcroIEAppend.html\r\nO8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office12\\EXCEL.EXE/3000\r\nO8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\\Program Files\\Adobe\\Acrobat 7.0\\Acrobat\\AcroIEFavClient.dll/AcroIEAppendSelLinks.html\r\nO8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\\Program Files\\Adobe\\Acrobat 7.0\\Acrobat\\AcroIEFavClient.dll/AcroIECapture.html\r\nO8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\\Program Files\\Adobe\\Acrobat 7.0\\Acrobat\\AcroIEFavClient.dll/AcroIEAppend.html\r\nO8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\\Program Files\\Adobe\\Acrobat 7.0\\Acrobat\\AcroIEFavClient.dll/AcroIEAppend.html\r\nO8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie_ctx.htm\r\nO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre6\\bin\\jp2iexp.dll\r\nO9 - Extra \'Tools\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre6\\bin\\jp2iexp.dll\r\nO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\Office12\\REFIEBAR.DLL\r\nO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie.htm\r\nO9 - Extra \'Tools\' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie.htm\r\nO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe\r\nO9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe\r\nO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe\r\nO9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe\r\nO14 - IERESET.INF: START_PAGE_URL=file://C:\\APPS\\IE\\offline\\nl.htm\r\nO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]\r\nO16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - [url]http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll[/url]\r\nO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [url]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url]\r\nO18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\\Program Files\\Google\\Google Toolbar\\Component\\fastsearch_A8904FB862BD9564.dll\r\nO20 - AppInit_DLLs: C:\\PROGRA~1\\Google\\GOOGLE~3\\GOEC62~1.DLL\r\nO23 - Service: ABBYY FineReader 9.0 Licentieservice (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\\Program Files\\ABBYY FineReader 9.0\\NetworkLicenseServer.exe\r\nO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\bin\\btwdins.exe\r\nO23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\\APPS\\Powercinema\\Kernel\\TV\\CLCapSvc.exe\r\nO23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\\APPS\\Powercinema\\Kernel\\TV\\CLSched.exe\r\nO23 - Service: CyberLink Media Library Service - Cyberlink - c:\\APPS\\Powercinema\\Kernel\\CLML_NTService\\CLMLServer.exe\r\nO23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\EHttpSrv.exe\r\nO23 - Service: Eset Service (ekrn) - ESET - C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe\r\nO23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\r\nO23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe\r\nO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe\r\nO23 - Service: Pml Driver HPZ12 - HP - C:\\WINDOWS\\system32\\HPZipm12.exe\r\nO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\\Program Files\\Common Files\\Ulead Systems\\DVD\\ULCDRSvr.exe\r\nO23 - Service: USBDeviceService - Unknown owner - C:\\Program Files\\Sonic\\DigitalMedia LE v7\\MyDVD LE\\USBDeviceService.exe\r\n\r\n--\r\nEnd of file - 11602 bytes
Link naar reactie

2 antwoorden op deze vraag

Aanbevolen berichten

  • 0
Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator\" of \"Uitvoeren als administrator\". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:\r\n\r\n[B]O4 - HKLM\\..\\Run: [Regedit32] C:\\WINDOWS\\system32\\regedit.exe\r\nO4 - HKLM\\..\\Run: [Home Antivirus 2010] \"C:\\Program Files\\HomeAntivirus2010\\HomeAntivirus2010.exe\" /hide\r\nO4 - HKLM\\..\\Run: [ms18_word] C:\\WINDOWS\\system32\\ms18_word.exe\r\nO4 - HKCU\\..\\Run: [ms18_word] C:\\Documents and Settings\\Cynthia\\ms18_word.exe[/B]\r\n\r\nKlik op \'Fix checked\' om de items te verwijderen.\r\n\r\nDownload [b][url=http://www.besttechie.net/tools/mbam-setup.exe]MBAM (Malwarebytes\' Anti-Malware).[/url][/b]\r\n\r\nDubbelklik op mbam-setup.exe om het programma te installeren.\r\n\r\nZorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes\' Anti-Malware en Start Malwarebytes\' Anti-Malware, Klik daarna op \"Voltooien\".\r\nIndien een update gevonden werd, zal die gedownload en geïnstalleerd worden.\r\nWanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : \"Snelle Scan\", daarna klik op Scan.\r\nHet scannen kan een tijdje duren, dus wees geduldig.\r\nWanneer de scan voltooid is, klik op OK, daarna \"Bekijk Resultaten\" om de resultaten te zien.\r\nZorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.\r\nNa het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder). De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de \"Logs\" tab te klikken in MBAM.\r\n\r\nIndien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.\r\n\r\nPlak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.
Link naar reactie

Om een reactie te plaatsen, moet je eerst inloggen

Gast
Antwoord op deze vraag...

×   Geplakt als verrijkte tekst.   Herstel opmaak

  Er zijn maximaal 75 emoji toegestaan.

×   Je link werd automatisch ingevoegd.   Tonen als normale link

×   Je vorige inhoud werd hersteld.   Leeg de tekstverwerker

×   Je kunt afbeeldingen niet direct plakken. Upload of voeg afbeeldingen vanaf een URL in

×
×
  • Nieuwe aanmaken...