Ga naar inhoud
  • 0

Hijackt this Sam Tosha


Anoniem2

Vraag

Er is wederom \'iets\' wat mijn CPU usage opvreet. Als iemand iets in onderstaand log ziet, hoor ik het heel graag. Bvb dank\r\n\r\ndeel1\r\n\r\nLogfile of Trend Micro HijackThis v2.0.2\r\nScan saved at 18:30:39, on 14-6-2010\r\nPlatform: Windows XP SP3 (WinNT 5.01.2600)\r\nMSIE: Internet Explorer v8.00 (8.00.6001.18702)\r\nBoot mode: Normal\r\n\r\nRunning processes:\r\nC:\\WINDOWS\\System32\\smss.exe\r\nC:\\WINDOWS\\system32\\winlogon.exe\r\nC:\\WINDOWS\\system32\\services.exe\r\nC:\\WINDOWS\\system32\\lsass.exe\r\nC:\\WINDOWS\\system32\\Ati2evxx.exe\r\nC:\\WINDOWS\\system32\\svchost.exe\r\nC:\\WINDOWS\\System32\\svchost.exe\r\nC:\\Program Files\\TGTSoft\\StyleXP\\StyleXPService.exe\r\nC:\\Program Files\\TOOLS\\AVG\\AVG9\\avgchsvx.exe\r\nC:\\Program Files\\TOOLS\\AVG\\AVG9\\avgrsx.exe\r\nC:\\Program Files\\TOOLS\\AVG\\AVG9\\avgcsrvx.exe\r\nC:\\WINDOWS\\system32\\spoolsv.exe\r\nC:\\Program Files\\TOOLS\\AVG\\AVG9\\avgwdsvc.exe\r\nC:\\Program Files\\Bonjour\\mDNSResponder.exe\r\nC:\\WINDOWS\\system32\\CTsvcCDA.exe\r\nC:\\Program Files\\TOOLS\\DISKEEPER\\DkService.exe\r\nC:\\WINDOWS\\system32\\svchost.exe\r\nC:\\WINDOWS\\system32\\Tablet.exe\r\nC:\\WINDOWS\\system32\\MsPMSPSv.exe\r\nC:\\WINDOWS\\system32\\svchost.exe\r\nC:\\WINDOWS\\Explorer.EXE\r\nC:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe\r\nC:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE\r\nC:\\WINDOWS\\system32\\CTHELPER.EXE\r\nC:\\WINDOWS\\LOGI_MWX.EXE\r\nC:\\Program Files\\DEVELOPE\\ADOBE CS3\\Acrobat 8.0\\Acrobat\\Acrotray.exe\r\nC:\\Program Files\\MULTIMEDIA\\CyberLink\\PowerDVD\\DVDLauncher.exe\r\nC:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\r\nC:\\PROGRA~1\\TOOLS\\AVG\\AVG9\\avgtray.exe\r\nC:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\r\nC:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\r\nC:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\r\nC:\\WINDOWS\\system32\\ctfmon.exe\r\nC:\\PROGRA~1\\MICROS~3\\rapimgr.exe\r\nC:\\Program Files\\Logitech\\SetPoint\\SetPoint.exe\r\nC:\\WINDOWS\\system32\\WTablet\\TabUserW.exe\r\nC:\\Program Files\\Common Files\\Logishrd\\KHAL2\\KHALMNPR.EXE\r\nC:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe\r\nC:\\Program Files\\TOOLS\\HijackThis\\HijackThis.exe\r\n\r\nR0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]\r\nR0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]\r\nR1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyOverride = *.local\r\nO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll\r\nO2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\\Program Files\\Freecorder\\tbFre0.dll\r\nO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll\r\nO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\\Documents and Settings\\All Users\\Application Data\\Real\\RealPlayer\\BrowserRecordPlugin\\IE\\rpbrowserrecordplugin.dll\r\nO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\\Program Files\\TOOLS\\AVG\\AVG9\\avgssie.dll (file missing)\r\nO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)\r\nO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll\r\nO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar1.dll\r\nO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\\Program Files\\DEVELOPE\\ADOBE CS3\\Acrobat 8.0\\Acrobat\\AcroIEFavClient.dll\r\nO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.4.4525.1752\\swg.dll\r\nO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\\Program Files\\DEVELOPE\\ADOBE CS3\\Acrobat 8.0\\Acrobat\\AcroIEFavClient.dll\r\nO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar1.dll\r\nO3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\\PROGRA~1\\1-CLIC~1\\IEToolbar\\AnswersToolbarU.dll\r\nO3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\\Program Files\\Freecorder\\tbFre0.dll\r\nO3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Link naar reactie

6 antwoorden op deze vraag

Aanbevolen berichten

  • 0
deel 2\n\nO4 - HKLM\\..\\Run: [ATIPTA] C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\nO4 - HKLM\\..\\Run: [CTSysVol] C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe\nO4 - HKLM\\..\\Run: [CTDVDDet] C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE\nO4 - HKLM\\..\\Run: [CTHelper] CTHELPER.EXE\nO4 - HKLM\\..\\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL\nO4 - HKLM\\..\\Run: [UpdReg] C:\\WINDOWS\\UpdReg.EXE\nO4 - HKLM\\..\\Run: [Logitech Utility] LOGI_MWX.EXE\nO4 - HKLM\\..\\Run: [Acrobat Assistant 8.0] \"C:\\Program Files\\DEVELOPE\\ADOBE CS3\\Acrobat 8.0\\Acrobat\\Acrotray.exe\"\nO4 - HKLM\\..\\Run: [Adobe_ID0EYTHM] C:\\PROGRA~1\\COMMON~1\\Adobe\\ADOBEV~1\\Server\\bin\\VERSIO~2.EXE\nO4 - HKLM\\..\\Run: [NeroFilterCheck] C:\\WINDOWS\\system32\\NeroCheck.exe\nO4 - HKLM\\..\\Run: [DVDLauncher] \"C:\\Program Files\\MULTIMEDIA\\CyberLink\\PowerDVD\\DVDLauncher.exe\"\nO4 - HKLM\\..\\Run: [MOD] c:\\program files\\develope\\Microangelo\\muamgr.exe\nO4 - HKLM\\..\\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE\nO4 - HKLM\\..\\Run: [Adobe ARM] \"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"\nO4 - HKLM\\..\\Run: [TkBellExe] \"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot\nO4 - HKLM\\..\\Run: [AVG9_TRAY] C:\\PROGRA~1\\TOOLS\\AVG\\AVG9\\avgtray.exe\nO4 - HKCU\\..\\Run: [swg] \"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"\nO4 - HKCU\\..\\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] \"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\"\nO4 - HKCU\\..\\Run: [STYLEXP] C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide\nO4 - HKCU\\..\\Run: [H/PC Connection Agent] \"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\"\nO4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe\nO4 - HKCU\\..\\Run: [Google Update] \"C:\\Documents and Settings\\pnina design\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe\" /c\nO4 - HKCU\\..\\Run: [AdobeBridge] \"C:\\Program Files\\DEVELOPE\\ADOBE CS4\\Adobe Bridge CS4\\Bridge.exe\" -stealth\nO4 - HKCU\\..\\Run: [Handy Backup 4.1] C:\\Program Files\\TOOLS\\Handy Backup\\hbagent.exe -logon\nO4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')\nO4 - HKUS\\S-1-5-18\\..\\Run: [DWQueuedReporting] \"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t (User \'SYSTEM\')\nO4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')\nO4 - Startup: Adobe Gamma.lnk = C:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe\nO4 - Startup: Mozilla Firefox.lnk = C:\\Program Files\\Mozilla Firefox\\firefox.exe\nO4 - Global Startup: 1-Click Answers.lnk = C:\\Program Files\\1-Click Answers\\answers.exe\nO4 - Global Startup: Logitech SetPoint.lnk = C:\\Program Files\\Logitech\\SetPoint\\SetPoint.exe\nO4 - Global Startup: TabUserW.exe.lnk = C:\\WINDOWS\\system32\\WTablet\\TabUserW.exe\nO8 - Extra context menu item: Answers... - file://C:\\Program Files\\1-Click Answers\\Html\\atiemenu.htm\nO8 - Extra context menu item: Append to existing PDF - res://C:\\Program Files\\DEVELOPE\\ADOBE CS3\\Acrobat 8.0\\Acrobat\\AcroIEFavClient.dll/AcroIEAppend.html\nO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\\Program Files\\DEVELOPE\\ADOBE CS3\\Acrobat 8.0\\Acrobat\\AcroIEFavClient.dll/AcroIECapture.html\nO8 - Extra context menu item: Convert link target to existing PDF - res://C:\\Program Files\\DEVELOPE\\ADOBE CS3\\Acrobat 8.0\\Acrobat\\AcroIEFavClient.dll/AcroIEAppend.html\nO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\\Program Files\\DEVELOPE\\ADOBE CS3\\Acrobat 8.0\\Acrobat\\AcroIEFavClient.dll/AcroIECaptureSelLinks.html\nO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\\Program Files\\DEVELOPE\\ADOBE CS3\\Acrobat 8.0\\Acrobat\\AcroIEFavClient.dll/AcroIEAppendSelLinks.html\nO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\\Program Files\\DEVELOPE\\ADOBE CS3\\Acrobat 8.0\\Acrobat\\AcroIEFavClient.dll/AcroIECapture.html\nO8 - Extra context menu item: Convert selection to existing PDF - res://C:\\Program Files\\DEVELOPE\\ADOBE CS3\\Acrobat 8.0\\Acrobat\\AcroIEFavClient.dll/AcroIEAppend.html\nO8 - Extra context menu item: Convert to Adobe PDF - res://C:\\Program Files\\DEVELOPE\\ADOBE CS3\\Acrobat 8.0\\Acrobat\\AcroIEFavClient.dll/AcroIECapture.html\nO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\OFFICE11\\EXCEL.EXE/3000\nO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\\PROGRA~1\\MICROS~3\\INetRepl.dll\nO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\\PROGRA~1\\MICROS~3\\INetRepl.dll\nO9 - Extra \'Tools\' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\\PROGRA~1\\MICROS~3\\INetRepl.dll\nO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll\nO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\OFFICE11\\REFIEBAR.DLL\nO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe\nO9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe\nO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe\nO9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe\nO16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - [url]http://www.linkedin.com/cab/LinkedInContactFinderControl.cab[/url]\nO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab[/url]\nO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]\nO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [url]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url]\nO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\COMMON~1\\Skype\\SKYPE4~1.DLL\nO20 - Winlogon Notify: avgrsstarter - C:\\WINDOWS\\SYSTEM32\\avgrsstx.dll\nO23 - Service: Adobe LM Service - Adobe Systems - C:\\Program Files\\Common Files\\Adobe Systems Shared\\Service\\Adobelmsvc.exe\nO23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe\nO23 - Service: Ati HotKey Poller - Unknown owner - C:\\WINDOWS\\system32\\Ati2evxx.exe\nO23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\\Program Files\\TOOLS\\AVG\\AVG9\\avgwdsvc.exe\nO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe\nO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\\WINDOWS\\system32\\CTsvcCDA.exe\nO23 - Service: Diskeeper - Executive Software International, Inc. - C:\\Program Files\\TOOLS\\DISKEEPER\\DkService.exe\nO23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe\nO23 - Service: Google Updateservice (gupdate1ca049944df3d4e) (gupdate1ca049944df3d4e) - Google Inc. - C:\\Program Files\\Google\\Update\\GoogleUpdate.exe\nO23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe\nO23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\\Program Files\\Common Files\\Logishrd\\Bluetooth\\LBTServ.exe\nO23 - Service: StyleXPService - Unknown owner - C:\\Program Files\\TGTSoft\\StyleXP\\StyleXPService.exe\nO23 - Service: TabletService - Wacom Technology, Corp. - C:\\WINDOWS\\system32\\Tablet.exe\n\n--\nEnd of file - 12477 bytes
Link naar reactie
  • 0
Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b][color=blue]Combofix [/color][/b][/url]\n\nnaar je Bureaublad en gebruik het volgens [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden]deze handleiding[/url].\n\n[i][color=Red]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b]download Combofix opnieuw[/b].\nSommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color][/i][list][*]Dubbelklik op [b]Combofix.exe[/b] om het te starten.\n[*][i]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i]\n[*]Klik op [b]OK[/b] in het \"NirCmd\" venstertje.\n[*][i]Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b]JA[/b] te klikken in het \"Query - Recovery Console\" venster.[/i]\n[*]Klik op [b]OK[/b] en [b]Ja[/b] om automatisch de Recovery Console te laten installeren.\n[*]Klik na afloop terug op [b]Ja[/b] om het scannen op malware te starten.\n[*]Tijdens het runnen van de fix, [b]NIET[/b] in het venster klikken, want dit zal je pc doen vasthangen.\n[*]Wanneer de fix voltooid is en na herstart, zal de log [b]Combofix.txt[/b] openen.[/list]Post dit logje in je volgende antwoord.
Link naar reactie

Om een reactie te plaatsen, moet je eerst inloggen

Gast
Antwoord op deze vraag...

×   Geplakt als verrijkte tekst.   Herstel opmaak

  Er zijn maximaal 75 emoji toegestaan.

×   Je link werd automatisch ingevoegd.   Tonen als normale link

×   Je vorige inhoud werd hersteld.   Leeg de tekstverwerker

×   Je kunt afbeeldingen niet direct plakken. Upload of voeg afbeeldingen vanaf een URL in

×
×
  • Nieuwe aanmaken...