Mededeling

Collapse
No announcement yet.

loggie van alfred

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    loggie van alfred

    Logfile of HijackThis v1.98.2
    Scan saved at 19:56:53, on 13-12-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
    C:\Program Files\BenQ\QMusic2\QMAgent.exe
    C:\Program Files\BenQ\Q-HotkeyMgr\HotkeySensor.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\MSN\MSNCoreFiles\msn6.exe
    C:\Documents and Settings\alfred\Mijn documenten\hijack this\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/MStartEnter/Portal/portal.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://WWW.BenQ.COM/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStartEnter/Portal/portal.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\spybot\SPYBOT~1\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
    O4 - HKLM\..\Run: [QMusic] "C:\Program Files\BenQ\QMusic2\QMAgent.exe"
    O4 - HKLM\..\Run: [Q-HotkeyMgr] "C:\Program Files\BenQ\Q-HotkeyMgr\HotkeySensor.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\RunOnce: [SpybotSnD] "D:\spybot\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://WWW.BenQ.COM/
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    Labels: Geen
    • Citaat
  • #2
    Hoi Alfred,

    Ga via configuratiescherm naar software > programma's wijzigen/verwijderen en kijk of volgende programma's aanwezig zijn en de-installeer die:

    switch
    P2P Networking     => is een nutteloze kazaa-add-on die verantwoordelijk is voor een vertraging van je systeem.

    Doe daarna een volledige scan met adaware Se want ik zie dat je kazaa gebruikt en deze kan spyware met zich meebrengen. (Moest je deze nog niet hebben, download Adaware se.)

    Reboot daarna je pc en post een nieuw logje.
    Microsoft MVP - Consumer Security
    Director of Research @ Malwarebytes
    Mijn Blog
    • Citaat

    Comment

    • #3
      2de log van alfred

      Logfile of HijackThis v1.98.2
      Scan saved at 15:28:19, on 14-12-2004
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\System32\igfxtray.exe
      C:\WINDOWS\System32\hkcmd.exe
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
      C:\Program Files\BenQ\QMusic2\QMAgent.exe
      C:\Program Files\BenQ\Q-HotkeyMgr\HotkeySensor.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\MSN\MSNCoreFiles\msn6.exe
      C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
      C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
      C:\Program Files\Trend Micro\PC-cillin 2002\PCCCLIENT.EXE
      C:\Program Files\Trend Micro\PC-cillin 2002\PCCGUIDE.EXE
      C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
      C:\Program Files\Trend Micro\PC-cillin 2002\POP3TRAP.EXE
      C:\Documents and Settings\alfred\Mijn documenten\hijack this\hijackthis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/MStartEnter/Portal/portal.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://WWW.BenQ.COM/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStartEnter/Portal/portal.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\spybot\SPYBOT~1\SDHelper.dll
      O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
      O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
      O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
      O4 - HKLM\..\Run: [QMusic] "C:\Program Files\BenQ\QMusic2\QMAgent.exe"
      O4 - HKLM\..\Run: [Q-HotkeyMgr] "C:\Program Files\BenQ\Q-HotkeyMgr\HotkeySensor.exe"
      O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
      O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
      O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=http://WWW.BenQ.COM/

      alsnog bedankt voor de moeite

      groetjes,
      alfred
      • Citaat

      Comment

      • #4
        Ik heb nu je 2e log bij het eerste gezet.

        Het is de bedoeling, als er om een nieuw log gevraagd wordt, deze in dezelfde topic te plaatsen.
        Gebruik hiervoor de knop "Reply".

        Uiteraard nadat je de instrukties hebt uitgevoerd.
        Grtz Lex.

        Kijk ook even naar ==> de huisregels <==, dit kan zeer verhelderend werken.
        Moederbord / Processor; Gigabyte GA-X58 Extreme / Core i7 920 2,66GHz @3,67GHz.
        Koeler; Thermal right 120 Ultra Extreme met Sharkoon 120x120x25mm fan.
        Geheugen / Harddisks; Dominator GT 6GB 1600MHz in Triple-channel / OCZ Agility 2 60GB (SSD), OCZ Agility 2 120GB (SSD).
        Videokaarten / Monitoren; 2x Club3d GTX460 Overclocked Edition in SLI / 2x Samsung 2253BW (22 inch).
        Branders; Plextor 820SA.
        Speakers; Logitech z5500.
        Toetsenbord / Muis; Logitech G15 / G5.
        • Citaat

        Comment

        • #5
          Hoi Alfred, je was dus even verdwaald?

          * Start hijackthis en vink volgende items aan:

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/MStartEnter/Portal/portal.html
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStartEnter/Portal/portal.html

          * Sluit alle open vensters behalve hijackthis en klik: Fix Checked.

          * Kijk daarna via je verkenner of volgende map nog aanwezig is en verwijder die:

          C:/Program Files/MStartEnter <==deze map

          Reboot daarna je pc nog eens en post een nieuw hijackthislogje als laatste controle.
          Ondervind je verder nog problemen?
          Microsoft MVP - Consumer Security
          Director of Research @ Malwarebytes
          Mijn Blog
          • Citaat

          Comment

          Vorige template Volgende
          Sorry, you are not authorized to view this page
          Working...
          X