Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

HijackThis log

None
4 antwoorden
  • Hallo,

    Hieronder een logje van HijackThis. Kan iemand mij vertellen of er iets verdachts aanwezig is op de computer?

    Willem

    ———————–
    Log
    ———————–

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:13:10, on 10-6-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Eset
    od32kui.exe
    C:\PROGRA~1\HDTUNE~1\HDTune.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\KPN\bin\sprtcmd.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\KPN\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Eset
    od32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Administrator.ROELOFS\Bureaublad\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toggle.com/index.php?rvs=hompag
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
    O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [HD Tune] C:\PROGRA~1\HDTUNE~1\HDTune.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [KPN] "C:\Program Files\KPN\bin\sprtcmd.exe" /P KPN
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components
    l-nl\msntabres.dll.mui/229?286a0286ff284cfbb22b5b3e4463acda
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components
    l-nl\msntabres.dll.mui/230?286a0286ff284cfbb22b5b3e4463acda
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.toggle.com/index.php?rvs=hompag
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2
    esources/MSNPUpld.cab
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe


    End of file - 6628 bytes







  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:d441b29a33]O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll [/b:d441b29a33]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Download GV Killer.exe.
    Zet het in een eigen map bijvoorbeeld in de map C:\Program Files\GV Killer en maak vervolgens een snelkoppeling van C:\Program Files\GV Killer\GV Killer.exe naar je bureaublad.
    Start GV Killer en gebruik Kopiëren en Plakken om de namen van onderstaande bestanden en mappen in het bestand C:\Program Files\GV Killer\input.txt te zetten.

    [b:d441b29a33]C:\WINDOWS\system32\shdocvw.dll [/b:d441b29a33]

    Sluit het bestand C:\Program Files\GV Killer\input.txt en druk op de toets Start Killing om het programma te starten.
    Plaats de inhoud van het bestand C:\GV Killer.txt in je volgende bericht.



    Download [b:d441b29a33] en sla het op je bureaublad op.
    Dubbelklik op [b:d441b29a33]mbam-setup.exe[/b:d441b29a33] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:d441b29a33]
    [*:d441b29a33]Update MalwareBytes' Anti-Malware
    [*:d441b29a33]Start MalwareBytes' Anti-Malware
    [/list:u:d441b29a33]Klik daarna op "[b:d441b29a33]Voltooien[/b:d441b29a33]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:d441b29a33]
    [*:d441b29a33]Zodra het programma gestart is, ga dan naar het tabblad "[b:d441b29a33]Instellingen[/b:d441b29a33]".
    [*:d441b29a33]Vink hier aan: "[b:d441b29a33]Sluit Internet Explorer tijdens verwijdering van malware[/b:d441b29a33]".
    [*:d441b29a33]Ga daarna naar het tabblad "[b:d441b29a33]Scanner[/b:d441b29a33]", kies hier voor "[b:d441b29a33]Snelle Scan[/b:d441b29a33]".
    [*:d441b29a33]Druk vervolgens op "[b:d441b29a33]Scannen[/b:d441b29a33]" om de scan te starten.
    [*:d441b29a33]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:d441b29a33]Wanneer de scan voltooid is, klik op [b:d441b29a33]OK[/b:d441b29a33], daarna "[b:d441b29a33]Bekijk Resultaten[/b:d441b29a33]" om de resultaten te zien.
    [*:d441b29a33]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:d441b29a33]Verwijder geselecteerde[/b:d441b29a33]".
    [*:d441b29a33]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:d441b29a33]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:d441b29a33]Logs[/b:d441b29a33]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis
  • ———————–
    Mbam-log
    ———————–

    Malwarebytes' Anti-Malware 1.37
    Database versie: 2271
    Windows 5.1.2600 Service Pack 3

    13-6-2009 20:14:02
    mbam-log-2009-06-13 (20-14-02).txt

    Scan type: Snelle Scan
    Objecten gescand: 104502
    Verstreken tijd: 5 minute(s), 5 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 25
    Registerwaarden geïnfecteerd: 2
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 15
    Bestanden geïnfecteerd: 16

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    c:\documents and settings\Administrator.ROELOFS\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    c:\program files\shoppingreport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    c:\program files\shoppingreport\Bin\2.0.26 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    c:\program files\shoppingreport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    c:\documents and settings\Administrator\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\application data\registrysmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    c:\documents and settings\Administrator\Application Data\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\application data\errorkiller\Log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\application data\errorkiller\Registry Backups (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:
    c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    c:\program files\shoppingreport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\application data\registrysmart\Log\2007 Aug 03 - 12_01_56 AM_859.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\application data\registrysmart\Log\2007 Aug 03 - 12_01_58 AM_140.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\application data\errorkiller\Errors.stg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\application data\errorkiller\Results.stg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\application data\errorkiller\Log\2007 Aug 02 - 11_52_56 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\application data\errorkiller\Log\2007 Aug 02 - 11_52_57 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\application data\errorkiller\registry backups\2007-08-02_23-54-58.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\application data\errorkiller\registry backups\2007-08-02_23-57-11.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

    ———————–
    GV-killer
    ———————–

    Logfile gv_killer_01.txt v7.0.9 - Copyright © GV_Soft Guido Vaesen
    Rapport datum: 13-6-2009 20:00:01 log van Administrator , Beheerder van deze computer
    Platform: Windows XP Prof SP3 NLD Normale modus

    BEGIN Geplande taken—————————————————————–
    C:\WINDOWS\tasks\Controleren op updates voor Windows Live Toolbar.job
    C:\WINDOWS\tasks\Easy Onderhoud.job
    EINDE Geplande taken—————————————————————–


    Lijst Notify keys——————————————————————–
    HKLM\software\microsoft\windows nt\currentversion\winlogon
    otify
    dimsntfy %SystemRoot%\System32\dimsntfy.dll
    igfxcui igfxsrvc.dll
    WgaLogon WgaLogon.dll
    Settings
    Einde Notify keys——————————————————————–

    Verklaring Errorcodes—————————————————————-
    code 00 : Bestand is verwijderd.
    code 53 : Bestand of map werd niet gevonden op uw PC.
    code 70 : Bestand was in gebruik.
    code 75 : Services zijn nog geladen of bestand in gebruik.
    code M0 : Map is verwijderd.
    code ML : Map is volledig leeg gemaakt.
    code MN : Map werd niet gevonden op uw PC, is niet leeg gemaakt.
    code MV : Map werd niet gevonden op uw PC, is niet verwijderd.
    code K0 : Register key is verwijderd.
    Einde Errorcodes——————————————————————–

    BEGIN Inhoud van Input.txt———————————————————–
    C:\WINDOWS\system32\shdocvw.dll
    EINDE Inhoud van Input.txt———————————————————–

    0 C:\WINDOWS\system32\shdocvw.dll
    EINDE Inhoud van Input.txt———————————————————–


    ;0176396-OEM-0011903-00101=S048J10Y55044700

    ;EINDE GV_Killer ———————————————————————



    ———————–
    HijackThis
    ———————–

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:19:43, on 13-6-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\HDTUNE~1\HDTune.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\KPN\bin\sprtcmd.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\KPN\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Administrator.ROELOFS\Menu Start\Programma's\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toggle.com/index.php?rvs=hompag
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [HD Tune] C:\PROGRA~1\HDTUNE~1\HDTune.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [KPN] "C:\Program Files\KPN\bin\sprtcmd.exe" /P KPN
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components
    l-nl\msntabres.dll.mui/229?286a0286ff284cfbb22b5b3e4463acda
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components
    l-nl\msntabres.dll.mui/230?286a0286ff284cfbb22b5b3e4463acda
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.toggle.com/index.php?rvs=hompag
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2
    esources/MSNPUpld.cab
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe


    End of file - 6172 bytes






  • Is LimeWire toolbar vrijwillig geïnstalleerd?

    Download [b:994d15ef45] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:994d15ef45]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.