|
|
#1
23 februari 2008, 09:13
| |||
| |||
| Hallo, Ik ging onlangs door het proces van schoonmaken mijn PC van malware en ik merkte dat nu het duurt heel lang om op te starten. Als Windows is geladen en logt in (automatisch), wordt het scherm leeg voor een paar minuten. Aftewards, zal mijn bureaublad verschijnen en het zal normaal laden. Kunt u me helpen met dit? Hier is een HJT log in geval het helpt. Logbestand van Trend Micro HijackThis v2.0.2 Scan saved at 11:11:48, op 02.23.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Draaiende processen: C: \ WINDOWS \ System32 \ Smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Program Files \ Windows Defender \ MsMpEng.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe C: \ WINDOWS \ explorer.exe C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe C: \ Program Files \ Intel \ Wireless \ Bin \ WLKeeper.exe C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe C: \ Program Files \ Comodo \ CBOClean \ BOCORE.exe C: \ Program Files \ Widcomm \ Bluetooth Software \ bin \ btwdins.exe C: \ WINDOWS \ system32 \ cisvc.exe C: \ Program Files \ Diskeeper Corporation \ Diskeeper \ DkService.exe C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ Mdm.exe C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ system32 \ tlntsvr.exe C: \ WINDOWS \ system32 \ fxssvc.exe C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe C: \ WINDOWS \ stsystra.exe C: \ Program Files \ Synaptics \ SynTP \ Syntpenh.exe C: \ Program Files \ Intel \ Wireless \ bin \ ZCfgSvc.exe C: \ Program Files \ Intel \ Wireless \ Bin \ ifrmewrk.exe C: \ Program Files \ Dell \ QuickSet \ quickset.exe C: \ Program Files \ Creative \ SBAudigy \ Surround Mixer \ CTSysVol.exe C: \ WINDOWS \ system32 \ hkcmd.exe C: \ WINDOWS \ system32 \ igfxpers.exe C: \ Program Files \ Windows Defender \ MSASCui.exe C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe C: \ WINDOWS \ system32 \ igfxsrvc.exe C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe C: \ PROGRA ~ 1 \ Comodo \ CBOClean \ BOC425.EXE C: \ Program Files \ Intel \ Wireless \ Bin \ Dot1XCfg.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe C: \ Program Files \ Widcomm \ Bluetooth Software \ BTTray.exe C: \ Program Files \ Hamachi \ hamachi.exe C: \ Program Files \ Microsoft Office \ Office12 \ OUTLOOK.EXE C: \ WINDOWS \ system32 \ cidaemon.exe C: \ WINDOWS \ system32 \ cidaemon.exe C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.ca/ R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. lokale F3 - REG: win.ini: load = F3 - REG: win.ini: run = O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ Syntpenh.exe O4 - HKLM \ .. \ Run: [IntelZeroConfig] "C: \ Program Files \ Intel \ Wireless \ bin \ ZCfgSvc.exe" O4 - HKLM \ .. \ Run: [IntelWireless] "C: \ Program Files \ Intel \ Wireless \ Bin \ ifrmewrk.exe" / tf Intel PROSet / Wireless O4 - HKLM \ .. \ Run: [Dell QuickSet] C: \ Program Files \ Dell \ QuickSet \ quickset.exe O4 - HKLM \ .. \ Run: [CTSysVol] C: \ Program Files \ Creative \ SBAudigy \ Surround Mixer \ CTSysVol.exe / r O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe O4 - HKLM \ .. \ Run: [Persistence] C: \ WINDOWS \ system32 \ igfxpers.exe O4 - HKLM \ .. \ Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide O4 - HKLM \ .. \ Run: [ZoneAlarm Client] "C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe" O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe O4 - HKLM \ .. \ Run: [Google Desktop Search] "C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe" / startup O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe O4 - HKLM \ .. \ Run: [BOC-425] C: \ PROGRA ~ 1 \ Comodo \ CBOClean \ BOC425.EXE O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / geminimaliseerd O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKCU \ .. \ Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user') O4 - Startup: Hamachi.lnk = C: \ Program Files \ Hamachi \ hamachi.exe O4 - Global Startup: Bluetooth.lnk =? O8 - Extra context menu item: E & xporteren naar Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office11 \ EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar & Bluetooth-apparaat ... - C: \ Program Files \ Widcomm \ Bluetooth Software \ btsendto_ie_ctx.htm O9 - Extra button: (geen naam) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll O9 - Extra button: Onderzoek - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office11 \ REFIEBAR.DLL O9 - Extra button: @ btrez.dll, -4015 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Program Files \ Widcomm \ Bluetooth Software \ btsendto_ie.htm O9 - Extra 'Tools' MENUITEM: @ btrez.dll, -12650 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Program Files \ Widcomm \ Bluetooth Software \ btsendto_ie.htm O9 - Extra button: (geen naam) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nwprovau.dll O16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) (Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/micr...?1192932319484 O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1192932290562 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe O23 - Service: BOCore - Comodo - C: \ Program Files \ Comodo \ CBOClean \ BOCORE.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C: \ Program Files \ Widcomm \ Bluetooth Software \ bin \ btwdins.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C: \ Program Files \ Common Files \ Creative Labs Shared \ Service \ CreativeLicensing.exe O23 - Service: Diskeeper - Diskeeper Corporation - C: \ Program Files \ Diskeeper Corporation \ Diskeeper \ DkService.exe O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1050 \ Intel 32 \ IDriverT.exe O23 - Service: LVCOMSer - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ LVMVFM \ LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe O23 - Service: Msinfo Framework Service (MSInfoFrv) - Onbekende eigenaar - C: \ Program Files \ Common Files \ Microsoft Shared \ Msinfo \ MSInfnd.exe (bestand ontbreekt) O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe O23 - Service: Cyberlink RichVideo Service (CRVS) (RichVideo) - Onbekende eigenaar - C: \ Program Files \ CyberLink \ Shared files \ RichVideo.exe O23 - Service: Intel (R) PROSet / Wireless Service (S24EventMonitor) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe O23 - Service: Symantec Core LC - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe O23 - Service: Intel (R) PROSet / Wireless SSO Service (WLANKEEPER) - Intel (R) Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ WLKeeper.exe -- End of file - 10040 bytes |
|
#2
23 februari 2008, 12:22
| |||
| |||
| O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nwprovau.dll F3 - REG: win.ini: load = F3 - REG: win.ini: run = Die kijken verdacht, maar contact op met evilfantasy eerste. |
|
#3
23 februari 2008, 12:32
| ||||||||||||
| ||||||||||||
| Het eerste ding is dat je meer dan een firewall draaien: 1. Zone Alarm Firewall 2. Comodo Firewall Verwijder een van hen, omdat lopen twee firewalls conflicten zal veroorzaken. U kunt deze twee vermeldingen: F3 - REG: win.ini: load = F3 - REG: win.ini: run = Ze zijn net overblijfsel van iets anders. Afgezien van dat de computer schoon is voor zover ik kan zien. Axegrinder: De O10 u noemde is iets te maken met Netware en is prima. http://www.bleepingcomputer.com/star...dll-13129.html
__________________
__________________
serverguy  Mijn Systeem: Eclipse
|
|
#4
23 februari 2008, 15:28
| |||
| |||
| Edit: Gevonden iets anders. Je moet het uitvoeren van de Norton Removal Tool. http://service1.symantec.com/SUPPORT...05033108162039 Oorspronkelijk geplaatst door serverguy  Het eerste ding is dat je meer dan een firewall draaien:Zeker niet te Comodo BOClean met Comodo Firewall verwarren. Na het volgen van de bovengenoemde adviezen kunt u het volgende. Scan Verdachte File (s) Please visit een van de volgende kenmerken: (Meerdere locaties zijn te vinden in een geval niet werkt) (Indien meer dan een bestand moet gescand moeten worden gedaan afzonderlijk en logs geplaatst voor elk een)Kopieer het bestand pad in de code onderstaande vak. Code: C: \ Program Files \ Common Files \ Microsoft Shared \ Msinfo \ MSInfnd.exe
__________________  |
|
#5
23 februari 2008, 15:45
| ||||||||||||
| ||||||||||||
| Misschien u moet scannen voor virus?
__________________
Mijn Systeem: pctipsntricks.com
|
|
#6
23 feb 2008, 15:54
| |||
| |||
| Citaat:
U waarschijnlijk niet nodig hebben voor het verwijderen van een firewall. Ik verward BOClean met Comodo Firewall. BOClean is zeer goede software. U kunt geïnstalleerd evenals het verlaten van Zone Alarm geïnstalleerd.  Rok: Dat was niet echt een zeer nuttige post ...
__________________ serverguy |
