Beste computerdeskundigen,
Graag een check-up van mijn logje. Ik heb ondanks dat ik de boel goed in de gaten denk te houden, toch weer last van iets vreemds. Mijn cursor zoeft van de ene kant naar de andere, zonder dat ik de muis uberhaupt aanraak.
Ik heb avira antivirus, doe om de dag een malware scan met mbam en test ook op conficker. Dus waar dit vandaan komt, is mij een raadsel.
[hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:08, on 29-7-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\lexbces.exe
c:\windows\system32\spoolsv.exe
c:\windows\system32\lexpps.exe
c:\windows\explorer.exe
c:\program files\cyberlink\powerdvd\pdvdserv.exe
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
c:\program files\bonjour\mdnsresponder.exe
c:\program files\itunes\ituneshelper.exe
c:\program files\cepstral\bin\cepstrallicsrv.exe
c:\program files\lexmark 1200 series\lxczbmgr.exe
c:\program files\lexmark 1200 series\lxczbmon.exe
c:\program files\java\jre6\bin\jusched.exe
c:\program files\java\jre6\bin\jqs.exe
c:\windows\rthdcpl.exe
c:\program files\common files\real\update_ob\realsched.exe
c:\program files\cyberlink\shared files\richvideo.exe
c:\windows\system32\svchost.exe
c:\program files\windows live\messenger\msnmsgr.exe
c:\program files\ipod\bin\ipodservice.exe
c:\program files\windows live\messenger\msnmsgr.exe
c:\program files\windows live\contacts\wlcomm.exe
c:\windows\system32\wuauclt.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\avira\antivir desktop\avguard.exe
c:\program files\avira\antivir desktop\sched.exe
c:\program files\avira\antivir desktop\avgnt.exe
c:\program files\windows media player\wmplayer.exe
c:\windows\system32\ctfmon.exe
c:\program files\trend micro\hijackthis\hijackthis.exe
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.startpagina.nl/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = *.local
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
o1 - hosts: ::1 localhost
o2 - bho: adobe pdf reader help bij koppelingen - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
o2 - bho: click-to-call bho - {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o4 - hklm\..\run: [remotecontrol] c:\program files\cyberlink\powerdvd\pdvdserv.exe
o4 - hklm\..\run: [languageshortcut] c:\program files\cyberlink\powerdvd\language\language.exe
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files\adobe\reader 8.0\reader\reader_sl.exe
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [ituneshelper] c:\program files\itunes\ituneshelper.exe
o4 - hklm\..\run: [lexmark 1200 series] c:\program files\lexmark 1200 series\lxczbmgr.exe
o4 - hklm\..\run: [ctfmon.exe] ctfmon.exe
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\java\jre6\bin\jusched.exe
o4 - hklm\..\run: [unlockerassistant] c:\program files\unlocker\unlockerassistant.exe
o4 - hklm\..\run: [rthdcpl] rthdcpl.exe
o4 - hklm\..\run: [alcmtr] alcmtr.exe
o4 - hklm\..\run: [tkbellexe] c:\program files\common files\real\update_ob\realsched.exe -osboot
o4 - hklm\..\run: [avgnt] c:\program files\avira\antivir desktop\avgnt.exe /min
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'lokale service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'netwerkservice')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o8 - extra context menu item: e&xporteren naar microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o16 - dpf: {20a60f0d-9afa-4515-a0fd-83bd84642501} (checkers class) - [noparse]http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[/noparse]
o16 - dpf: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (msn photo upload tool) - [noparse]http://gfx2.hotmail.com/mail/w3/pr01/resources/msnpupld.cab[/noparse]
o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash object) - [noparse]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/noparse]
o16 - dpf: {deb21ad3-fda4-42f6-b57d-ee696a675ee8} (ip-uploader control) - [noparse]http://asp.photoprintit.de/microsite/8/defaults/activex/imageuploader3.cab[/noparse]
o16 - dpf: {e862c832-3a5f-4ceb-bfaa-167b22010a71} (infosfinder2.infosfinder) - [noparse]http://support.packardbell.com/files/activex/infosfinder2.cab[/noparse]
o16 - dpf: {fd0b6769-6490-4a91-aa0a-b5ae0dc75ac9} (performance viewer activex control) - [noparse]https://secure.logmein.com/activex/ractrl.cab[/noparse]
o20 - appinit_dlls: c:\progra~1\google\google~2\goec62~1.dll
o23 - service: avira antivir scheduler (antivirschedulerservice) - avira gmbh - c:\program files\avira\antivir desktop\sched.exe
o23 - service: avira antivir guard (antivirservice) - avira gmbh - c:\program files\avira\antivir desktop\avguard.exe
o23 - service: mobiel apple apparaat (apple mobile device) - apple inc. - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
o23 - service: ati hotkey poller - ati technologies inc. - c:\windows\system32\ati2evxx.exe
o23 - service: bonjour-service (bonjour service) - apple inc. - c:\program files\bonjour\mdnsresponder.exe
o23 - service: cepstral license server - cepstral, llc - c:\program files\cepstral\bin\cepstrallicsrv.exe
o23 - service: installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
o23 - service: ipod-service (ipod service) - apple inc. - c:\program files\ipod\bin\ipodservice.exe
o23 - service: java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\jqs.exe
o23 - service: lexbce server (lexbces) - lexmark international, inc. - c:\windows\system32\lexbces.exe
o23 - service: cyberlink richvideo service(crvs) (richvideo) - unknown owner - c:\program files\cyberlink\shared files\richvideo.exe
--
end of file - 6986 bytes
[/hjt]
Graag een check-up van mijn logje. Ik heb ondanks dat ik de boel goed in de gaten denk te houden, toch weer last van iets vreemds. Mijn cursor zoeft van de ene kant naar de andere, zonder dat ik de muis uberhaupt aanraak.
Ik heb avira antivirus, doe om de dag een malware scan met mbam en test ook op conficker. Dus waar dit vandaan komt, is mij een raadsel.
[hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:08, on 29-7-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\lexbces.exe
c:\windows\system32\spoolsv.exe
c:\windows\system32\lexpps.exe
c:\windows\explorer.exe
c:\program files\cyberlink\powerdvd\pdvdserv.exe
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
c:\program files\bonjour\mdnsresponder.exe
c:\program files\itunes\ituneshelper.exe
c:\program files\cepstral\bin\cepstrallicsrv.exe
c:\program files\lexmark 1200 series\lxczbmgr.exe
c:\program files\lexmark 1200 series\lxczbmon.exe
c:\program files\java\jre6\bin\jusched.exe
c:\program files\java\jre6\bin\jqs.exe
c:\windows\rthdcpl.exe
c:\program files\common files\real\update_ob\realsched.exe
c:\program files\cyberlink\shared files\richvideo.exe
c:\windows\system32\svchost.exe
c:\program files\windows live\messenger\msnmsgr.exe
c:\program files\ipod\bin\ipodservice.exe
c:\program files\windows live\messenger\msnmsgr.exe
c:\program files\windows live\contacts\wlcomm.exe
c:\windows\system32\wuauclt.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\avira\antivir desktop\avguard.exe
c:\program files\avira\antivir desktop\sched.exe
c:\program files\avira\antivir desktop\avgnt.exe
c:\program files\windows media player\wmplayer.exe
c:\windows\system32\ctfmon.exe
c:\program files\trend micro\hijackthis\hijackthis.exe
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.startpagina.nl/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = *.local
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
o1 - hosts: ::1 localhost
o2 - bho: adobe pdf reader help bij koppelingen - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
o2 - bho: click-to-call bho - {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o4 - hklm\..\run: [remotecontrol] c:\program files\cyberlink\powerdvd\pdvdserv.exe
o4 - hklm\..\run: [languageshortcut] c:\program files\cyberlink\powerdvd\language\language.exe
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files\adobe\reader 8.0\reader\reader_sl.exe
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [ituneshelper] c:\program files\itunes\ituneshelper.exe
o4 - hklm\..\run: [lexmark 1200 series] c:\program files\lexmark 1200 series\lxczbmgr.exe
o4 - hklm\..\run: [ctfmon.exe] ctfmon.exe
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\java\jre6\bin\jusched.exe
o4 - hklm\..\run: [unlockerassistant] c:\program files\unlocker\unlockerassistant.exe
o4 - hklm\..\run: [rthdcpl] rthdcpl.exe
o4 - hklm\..\run: [alcmtr] alcmtr.exe
o4 - hklm\..\run: [tkbellexe] c:\program files\common files\real\update_ob\realsched.exe -osboot
o4 - hklm\..\run: [avgnt] c:\program files\avira\antivir desktop\avgnt.exe /min
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'lokale service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'netwerkservice')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o8 - extra context menu item: e&xporteren naar microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o16 - dpf: {20a60f0d-9afa-4515-a0fd-83bd84642501} (checkers class) - [noparse]http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[/noparse]
o16 - dpf: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (msn photo upload tool) - [noparse]http://gfx2.hotmail.com/mail/w3/pr01/resources/msnpupld.cab[/noparse]
o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash object) - [noparse]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/noparse]
o16 - dpf: {deb21ad3-fda4-42f6-b57d-ee696a675ee8} (ip-uploader control) - [noparse]http://asp.photoprintit.de/microsite/8/defaults/activex/imageuploader3.cab[/noparse]
o16 - dpf: {e862c832-3a5f-4ceb-bfaa-167b22010a71} (infosfinder2.infosfinder) - [noparse]http://support.packardbell.com/files/activex/infosfinder2.cab[/noparse]
o16 - dpf: {fd0b6769-6490-4a91-aa0a-b5ae0dc75ac9} (performance viewer activex control) - [noparse]https://secure.logmein.com/activex/ractrl.cab[/noparse]
o20 - appinit_dlls: c:\progra~1\google\google~2\goec62~1.dll
o23 - service: avira antivir scheduler (antivirschedulerservice) - avira gmbh - c:\program files\avira\antivir desktop\sched.exe
o23 - service: avira antivir guard (antivirservice) - avira gmbh - c:\program files\avira\antivir desktop\avguard.exe
o23 - service: mobiel apple apparaat (apple mobile device) - apple inc. - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
o23 - service: ati hotkey poller - ati technologies inc. - c:\windows\system32\ati2evxx.exe
o23 - service: bonjour-service (bonjour service) - apple inc. - c:\program files\bonjour\mdnsresponder.exe
o23 - service: cepstral license server - cepstral, llc - c:\program files\cepstral\bin\cepstrallicsrv.exe
o23 - service: installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
o23 - service: ipod-service (ipod service) - apple inc. - c:\program files\ipod\bin\ipodservice.exe
o23 - service: java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\jqs.exe
o23 - service: lexbce server (lexbces) - lexmark international, inc. - c:\windows\system32\lexbces.exe
o23 - service: cyberlink richvideo service(crvs) (richvideo) - unknown owner - c:\program files\cyberlink\shared files\richvideo.exe
--
end of file - 6986 bytes
[/hjt]