Ga naar inhoud
  • 0

Hjackthis ajaxh00lig4n


Anoniem2

Vraag

Hallo, \r\n\r\nEen kennis heeft op deze computer wat van die dingen gedownload (gratis runescape member codes, zogenaamde ddos programma\'s , etc)\r\n\r\nNu heeft ie alles blind lopen openen, maar ik ben bang dat er hier of daar een trojan of keylogger bij heeft gezeten, daarom maar ff een hijackthis logje gemaakt :\r\n\r\n[code]Logfile of Trend Micro HijackThis v2.0.4\r\nScan saved at 23:13:06, on 26-12-2010\r\nPlatform: Windows Vista (WinNT 6.00.1904)\r\nMSIE: Internet Explorer v7.00 (7.00.6000.16386)\r\nBoot mode: Normal\r\n\r\nRunning processes:\r\nC:\\Windows\\system32\\Dwm.exe\r\nC:\\Windows\\system32\\taskeng.exe\r\nC:\\Windows\\Explorer.EXE\r\nC:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanlu.exe\r\nC:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\r\nC:\\Windows\\System32\\rundll32.exe\r\nC:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe\r\nC:\\Program Files\\PowerISO\\PWRISOVM.EXE\r\nC:\\Program Files\\Windows Sidebar\\sidebar.exe\r\nC:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\r\nC:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CCC.exe\r\nC:\\Users\\Gerco\\AppData\\Roaming\\iexplorer.exe\r\nC:\\Program Files\\Internet Explorer\\ieuser.exe\r\nC:\\Windows\\system32\\wuauclt.exe\r\nC:\\Windows\\system32\\SearchFilterHost.exe\r\nC:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe\r\nC:\\program files\\Trend Micro\\HiJackThis\\HiJackThis.exe\r\n\r\nR1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896\r\nR0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.google.nl/\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896\r\nR0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157\r\nR0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant = \r\nR0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch = \r\nR0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = \r\nR3 - URLSearchHook: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\\Program Files\\BittorrentBar_NL\\tbBitt.dll\r\nR3 - URLSearchHook: Softonic Netherlands Toolbar - {65ca59ee-9920-4d7f-8c41-bfa12403261a} - C:\\Program Files\\Softonic_Netherlands\\tbSoft.dll\r\nO1 - Hosts: ::1 localhost\r\nO2 - BHO: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\\Program Files\\BittorrentBar_NL\\tbBitt.dll\r\nO2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\\Program Files\\ConduitEngine\\ConduitEngine.dll\r\nO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)\r\nO2 - BHO: Softonic Netherlands Toolbar - {65ca59ee-9920-4d7f-8c41-bfa12403261a} - C:\\Program Files\\Softonic_Netherlands\\tbSoft.dll\r\nO2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre6\\bin\\ssv.dll\r\nO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll\r\nO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll\r\nO3 - Toolbar: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\\Program Files\\BittorrentBar_NL\\tbBitt.dll\r\nO3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\\Program Files\\ConduitEngine\\ConduitEngine.dll\r\nO3 - Toolbar: Softonic Netherlands Toolbar - {65ca59ee-9920-4d7f-8c41-bfa12403261a} - C:\\Program Files\\Softonic_Netherlands\\tbSoft.dll\r\nO4 - HKLM\\..\\Run: [Windows Defender] %ProgramFiles%\\Windows Defender\\MSASCui.exe -hide\r\nO4 - HKLM\\..\\Run: [VolPanel] \"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanlu.exe\" /r\r\nO4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"\r\nO4 - HKLM\\..\\Run: [StartCCC] \"C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun\r\nO4 - HKLM\\..\\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry\r\nO4 - HKLM\\..\\Run: [JMB36X IDE Setup] C:\\Windows\\RaidTool\\xInsIDE.exe\r\nO4 - HKLM\\..\\Run: [PWRISOVM.EXE] C:\\Program Files\\PowerISO\\PWRISOVM.EXE\r\nO4 - HKCU\\..\\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter\r\nO4 - HKCU\\..\\Run: [Steam] \"C:\\Program Files\\Steam\\steam.exe\" -silent\r\nO4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun\r\nO4 - HKCU\\..\\Run: [msnmsgr] \"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background\r\nO4 - HKCU\\..\\Run: [1hDfjxIcqdQqNMo] C:\\Users\\Gerco\\AppData\\Roaming\\Setup.exe\r\nO4 - HKCU\\..\\Run: [Svchost] C:\\Users\\Gerco\\AppData\\Local\\Temp\\Setup.exe\r\nO4 - HKCU\\..\\Run: [HKCU] C:\\Users\\Gerco\\AppData\\Roaming\\spynet\\server.exe\r\nO4 - HKCU\\..\\Run: [] C:\\Users\\Gerco\\AppData\\Roaming\\iexplorer.exe\r\nO4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'LOCAL SERVICE\')\r\nO4 - HKUS\\S-1-5-19\\..\\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User \'LOCAL SERVICE\')\r\nO4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'NETWORK SERVICE\')\r\nO4 - Startup: Registratie van FIFA 11.lnk = C:\\Program Files\\EA Sports\\FIFA 11\\Support\\EAregister.exe\r\nO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab\r\nO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\\Windows\\system32\\browseui.dll\r\nO23 - Service: AMD External Events Utility - AMD - C:\\Windows\\system32\\atiesrxx.exe\r\nO23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\\Program Files\\Creative\\Shared Files\\CTAudSvc.exe\r\nO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\1150\\Intel 32\\IDriverT.exe\r\nO23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\\Windows\\system32\\libusbd-nt.exe\r\nO23 - Service: MSCSPTISRV - Sony Corporation - C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\MSCSPTISRV.exe\r\nO23 - Service: PACSPTISVR - Unknown owner - C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\PACSPTISVR.exe\r\nO23 - Service: SonicStage Back-End Service - Sony Corporation - C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\SsBeSvc.exe\r\nO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\SPTISRV.exe\r\nO23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\SSScsiSV.exe\r\nO23 - Service: Steam Client Service - Valve Corporation - C:\\Program Files\\Common Files\\Steam\\SteamService.exe\r\n\r\n--\r\nEnd of file - 6648 bytes\r\n[/code]\r\n\r\nIk hoop dat jullie weten of hier iets verkeerds bijzit ;)\r\n\r\ngr.\r\n\r\nGerco
Link naar reactie

5 antwoorden op deze vraag

Aanbevolen berichten

  • 0
Ja er zit wel iets verkeerds bij, of dat het enige is weet ik niet maar hier moet je toch even op letten:\r\nO4 - HKCU\\..\\Run: [1hDfjxIcqdQqNMo] C:\\Users\\Gerco\\AppData\\Roaming\\Setup.exe\r\nO4 - HKCU\\..\\Run: [Svchost] C:\\Users\\Gerco\\AppData\\Local\\Temp\\Setup.exe\r\nO4 - HKCU\\..\\Run: [HKCU] C:\\Users\\Gerco\\AppData\\Roaming\\spynet\\server.exe\r\n\r\nDie zijn toch behoorlijk verdacht en horen daar niet te staan.\r\nJe kunt ze verwijderen met Hijackthis, als je dat doet haal dan ook even die lege weg een stuk hogerop:\r\nO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)\r\n\r\nMaar of je dan van eventuele problemen ook helemaal verlost bent durf ik niet met zekerheid te zeggen. Daarvoor moeten de meer gespecialiseerde mensen hier kjiken.\r\n\r\nIk zou zeker Malwarebytes en CCcleaner eens goed hun best laten doen.
Link naar reactie
  • 0
[CODE]Malwarebytes\' Anti-Malware 1.50.1.1100\r\nwww.malwarebytes.org\r\n\r\nDatabaseversie: 5402\r\n\r\nWindows 6.0.6000\r\nInternet Explorer 7.0.6000.16386\r\n\r\n27-12-2010 9:42:11\r\nmbam-log-2010-12-27 (09-42-11).txt\r\n\r\nScantype: Snelle scan\r\nObjecten gescand: 130047\r\nVerstreken tijd: 2 minuut/minuten, 40 seconde(n)\r\n\r\nGeheugenprocessen geïnfecteerd: 0\r\nGeheugenmodulen geïnfecteerd: 0\r\nRegistersleutels geïnfecteerd: 3\r\nRegisterwaarden geïnfecteerd: 3\r\nRegisterdata geïnfecteerd: 0\r\nMappen geïnfecteerd: 0\r\nBestanden geïnfecteerd: 14\r\n\r\nGeheugenprocessen geïnfecteerd:\r\n(Geen kwaadaardige objecten gedetecteerd)\r\n\r\nGeheugenmodulen geïnfecteerd:\r\n(Geen kwaadaardige objecten gedetecteerd)\r\n\r\nRegistersleutels geïnfecteerd:\r\nHKEY_CLASSES_ROOT\\CLSID\\{1WF3qNxc-jaBZ-F90j-5T4O-Y0kSMpg0zpLf} (Backdoor.Bot) -> Quarantined and deleted successfully.\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{1WF3QNXC-JABZ-F90J-5T4O-Y0KSMPG0ZPLF} (Backdoor.Bot) -> Quarantined and deleted successfully.\r\nHKEY_CURRENT_USER\\Software\\Windows Firewall (Malware.Trace) -> Quarantined and deleted successfully.\r\n\r\nRegisterwaarden geïnfecteerd:\r\nHKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\Windows Update System (Backdoor.IRCBot) -> Value: Windows Update System -> Quarantined and deleted successfully.\r\nHKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\HKCU (Trojan.Agent) -> Value: HKCU -> Quarantined and deleted successfully.\r\nHKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List\\Windows Update System (Trojan.Backdoor) -> Value: Windows Update System -> Quarantined and deleted successfully.\r\n\r\nRegisterdata geïnfecteerd:\r\n(Geen kwaadaardige objecten gedetecteerd)\r\n\r\nMappen geïnfecteerd:\r\n(Geen kwaadaardige objecten gedetecteerd)\r\n\r\nBestanden geïnfecteerd:\r\nc:\\$Recycle.Bin\\s-1-5-21-1652958345-579672569-3877589386-1000\\$RIEE3TO.exe (Trojan.PWS) -> Quarantined and deleted successfully.\r\nc:\\Users\\Gerco\\AppData\\Local\\Temp\\server.exe (Trojan.PWS) -> Quarantined and deleted successfully.\r\nc:\\Users\\Gerco\\AppData\\Local\\Temp\\RS.exe (Backdoor.Agent) -> Quarantined and deleted successfully.\r\nc:\\Users\\Gerco\\AppData\\Local\\Temp\\rs2market.exe (Trojan.KeyLogger) -> Quarantined and deleted successfully.\r\nc:\\Users\\Gerco\\AppData\\Local\\Temp\\rs_-_ddos_tool.exe (Backdoor.Agent) -> Quarantined and deleted successfully.\r\nc:\\Users\\Gerco\\local settings\\temporary internet files\\Content.IE5\\C5K7B79D\\tomshauger[1].exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.\r\nc:\\Users\\Gerco\\AppData\\Roaming\\iexplorer.exe (Trojan.Downloader) -> Quarantined and deleted successfully.\r\nc:\\Users\\Gerco\\AppData\\Roaming\\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.\r\nc:\\Users\\Gerco\\AppData\\Local\\Temp\\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.\r\nc:\\Users\\Gerco\\AppData\\Local\\Temp\\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.\r\nc:\\Users\\Gerco\\AppData\\Local\\Temp\\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.\r\nc:\\Users\\Gerco\\AppData\\Local\\Temp\\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.\r\nc:\\Users\\Gerco\\AppData\\Roaming\\microsoft\\windows firewall\\WIN32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.\r\nc:\\Users\\Gerco\\AppData\\Roaming\\reader.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.[/CODE]
Link naar reactie

Om een reactie te plaatsen, moet je eerst inloggen

Gast
Antwoord op deze vraag...

×   Geplakt als verrijkte tekst.   Herstel opmaak

  Er zijn maximaal 75 emoji toegestaan.

×   Je link werd automatisch ingevoegd.   Tonen als normale link

×   Je vorige inhoud werd hersteld.   Leeg de tekstverwerker

×   Je kunt afbeeldingen niet direct plakken. Upload of voeg afbeeldingen vanaf een URL in

  • Populaire leden

    Er is nog niemand die deze week reputatie heeft ontvangen.

  • Leden

    Geen leden om te tonen

×
×
  • Nieuwe aanmaken...