Hallo,
Op de PC van mijn vader zit volgens spydocter Trojan.agent.HT Hij kan sinds enkele dagen
niet meer op het internet, en na alles gezocht te hebben hoop ik maar dat dit de dader
is.....
Ik heb een Hijack log gemaakt en zal hem hieronder plakken. Zou iemand zo vriendelijk
willen zijn om mij stap voor stap uit te leggen hoe ik hier vanaf kan komen (heb namelijk
niet al te veel verstand van PC's)..
Alvast bedankt voor de moeite !
Logfile of HijackThis v1.99.0
Scan saved at 18:17:06, on 9-9-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\Rulaunch.exe
C:\Program Files\McAfee\McAfee VirusScan\AlogServ.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
G:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hetnet.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.hetnet.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet
Explorer van Het Net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
proxy.12move.nl:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program
Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [hpsjbmgr] "C:\Program Files\Hewlett-Packard\HP
PrecisionScan\PrecisionScan LTX\hpsjbmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch
USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared
Components\Guardian\CMGrdian.exe" /SU
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop
Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared
Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://fpdownload.macrom...ve/cabs/flash/swflash.cab
O23 - Service: AVSync Manager - Network Associates, Inc. - C:\Program Files\McAfee\McAfee
VirusScan\Avsynmgr.exe
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network
Associates\McShield\Mcshield.exe
O23 - Service: PC Tools Spyware Doctor - Unknown - C:\Program Files\Spyware
Doctor\sdhelp.exe
Op de PC van mijn vader zit volgens spydocter Trojan.agent.HT Hij kan sinds enkele dagen
niet meer op het internet, en na alles gezocht te hebben hoop ik maar dat dit de dader
is.....
Ik heb een Hijack log gemaakt en zal hem hieronder plakken. Zou iemand zo vriendelijk
willen zijn om mij stap voor stap uit te leggen hoe ik hier vanaf kan komen (heb namelijk
niet al te veel verstand van PC's)..
Alvast bedankt voor de moeite !
Logfile of HijackThis v1.99.0
Scan saved at 18:17:06, on 9-9-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\Rulaunch.exe
C:\Program Files\McAfee\McAfee VirusScan\AlogServ.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
G:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hetnet.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.hetnet.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet
Explorer van Het Net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
proxy.12move.nl:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program
Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [hpsjbmgr] "C:\Program Files\Hewlett-Packard\HP
PrecisionScan\PrecisionScan LTX\hpsjbmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch
USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared
Components\Guardian\CMGrdian.exe" /SU
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop
Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared
Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://fpdownload.macrom...ve/cabs/flash/swflash.cab
O23 - Service: AVSync Manager - Network Associates, Inc. - C:\Program Files\McAfee\McAfee
VirusScan\Avsynmgr.exe
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network
Associates\McShield\Mcshield.exe
O23 - Service: PC Tools Spyware Doctor - Unknown - C:\Program Files\Spyware
Doctor\sdhelp.exe