hijackthis lock!! computerverbinding valt weg, misschien hier iets raars tussen?

Status
Niet open voor verdere reacties.
R

Rened

Gebruiker
Lid geworden
27 mei 2004
Berichten
95
hier alle info die ik via kladblok kreeg:

LET OP!!!! HEB INMIDDELS 2 BERICHTEN HIERONDER DE NIEUWSTE LOGFILE, DUS DEZE IS VEROUDERD,

Logfile of HijackThis v1.99.0
Scan saved at 15:37:52, on 16-12-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\marjan\Local Settings\Temporary Internet Files\Content.IE5\G5VUIM6O\hijackthis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = file://C:\APPS\IE\offline\nl.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {C02E7579-8CC1-8EE0-242E-2096328FAA04} - C:\DOCUME~1\marjan\APPLIC~1\OWNSEA~1\Mp3up.exe
O2 - BHO: C:\WINDOWS\lbbho.dll - {E04BB608-C72C-4324-9D61-8C854049E71B} - C:\WINDOWS\lbbho.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Setup Test Debug Grid] C:\Documents and Settings\All Users\Application Data\Atomdrawsetuptest\MoreHeck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\marjan\LOCALS~1\Temp\20041216152926_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\marjan\LOCALS~1\Temp\20041216152926_mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MailChecker] C:\Program Files\mailchk.exe
O4 - HKCU\..\Run: [Joyloud] C:\DOCUME~1\marjan\APPLIC~1\GLUEBA~1\SizeClock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4415/mcfscan.cab
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Virtual CD v4 Security service (SDK - Version) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

T is een hele reeks, Ik heb zelf nog even gekeken bij software of daar iets bijstond wat niet goed was, maar hier zag ik o.a. startnow navigation helper ( v1.0.1.1.) ik heb eens op internet gezocht, maar volgens mij is dit niet iets positiefs. alleen ben ik er niet achter hoe ik dit het beste kan verwijderen.

Bij processen staat o,a. ook 7x svchost.exe, en 3x iexplorer, en 2 x rundll32.exe

Dit zag ik pas toen ik het op alfabet had gezet.

Hoop dat jullie wat dingen zien, en dat het probleem van uitvallen van de verbinding dan ophoudt.

Als jullie iets zien, kunnen jullie op een zo makkelijk mogelijke manier zeggen hoe ik iets moet verwijderen of maken, ik heb echt heel weinig verstand van het systeem, en wil niets kapot maken uiteraard.
 
Laatst bewerkt:
ik heb trouwens rechastry mechanic erdoor heen gehaald, en hierna heb ik even gekeken bij processen. Aangezien dit programma iets van 900 fouten eruit heeft gehaald :confused:

En ik zie nu opeens dat er nog maar 6x svchost.exe staat, en 2x iexplorer ( als ik website aan heb staan) als alles uit staat nog maar 1x ( alsnog teveel natuurlijk) en 1x rundll32.exe gelukkig.

Ik zal even een nieuwe hijack this uitvoeren, en in een nieuwe reactie neerzetten.
 
nieuwe hijack this

Logfile of HijackThis v1.99.0
Scan saved at 19:01:14, on 16-12-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\snfqlj.exe
C:\Program Files\Archive\archive.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Documents and Settings\marjan\Local Settings\Temporary Internet Files\Content.IE5\W9I7CXI7\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = file://C:\APPS\IE\offline\nl.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
O2 - BHO: (no name) - {C02E7579-8CC1-8EE0-242E-2096328FAA04} - C:\DOCUME~1\marjan\APPLIC~1\OWNSEA~1\Mp3up.exe
O2 - BHO: C:\WINDOWS\lbbho.dll - {E04BB608-C72C-4324-9D61-8C854049E71B} - C:\WINDOWS\lbbho.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Setup Test Debug Grid] C:\Documents and Settings\All Users\Application Data\Atomdrawsetuptest\AxisSkip.exe
O4 - HKLM\..\Run: [5bQfFF] C:\WINDOWS\snfqlj.exe
O4 - HKLM\..\Run: [Archive] C:\Program Files\Archive\archive.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4415/mcfscan.cab
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Virtual CD v4 Security service (SDK - Version) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

Kijk dus naar deze. aangezien de 1e van een paar uur terug is.
 
opgelost

Nou het probleem is eindelijk opgelost!!! mochten jullie nog iets zien wat anders moet, dan hoor ik het wel.
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan