Vraag & Antwoord

Beveiliging & privacy

Mijn eerste log(je)

Anoniem
None
10 antwoorden
 • Hallo Allemaal,

  Ik ben nieuw op dit forum en sta echt versteld van de zeer uitgebreide reacties en verregaande kennis hier..!! Echt ongelooflijk, misschien meer omdat het vorige forum qua beantwoording niet verder ging op mijn vragen dan: 'doe de computer is aan en uit'. Maargoed, mijn vraag:

  Ik heb een log van Hijack this geplakt hieronder en hoop dat ik het goed heb gedaan?? Ik wil graag weten of er vreemde dingen instaan ofzo.. Ben veel aan het ruimen geweest (services stoppen, dingen in taakbeheer uitschakelen ezovoort) maar nu heb ik denk ik ietsje teveel verwijderd…

  Als ik mijn computer afsluit gaat het snel (binnen 20 sec.) vergeleken bij 2 minuten daarvoor!! Maar nu het opstarten. De screensaver komt in beeld en verder….. niks!! Kan wel taakbeheer openen en als ik dan bij bestand uitvoeren blader en iets aanklik komt ineens de taakbalk en mijn bureaubladpics weer langzaam tevoorschijn?? Het lijkt of ik iets mis in het opstarten maar wat???

  Hier mijn logje en ik ben benieuwd…?? alvast dank

  Logfile of HijackThis v1.99.1
  Scan saved at 22:29:18, on 16-8-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16512)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\cisvc.exe
  C:\WINDOWS\system32\HPConfig.exe
  C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
  C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\wbem\wmiapsrv.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
  C:\WINDOWS\system32\carpserv.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Sophos\AutoUpdate\ALMon.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Documents and Settings\Ronald\Mijn documenten\diversen\computer\Hijack this (log maken)\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O1 - Hosts: 192.151.52.242 forums1.itrc.hp.com
  O1 - Hosts: 208.67.212.180 forums.support.roxio.com
  O1 - Hosts: 63.236.55.39 www.roxio.com
  O1 - Hosts: 81.23.243.151 search.live.com
  O1 - Hosts: 207.46.196.83 forums.microsoft.com
  O1 - Hosts: 80.69.95.148 club.cdfreaks.com
  O1 - Hosts: 161.114.23.244 h18000.www1.hp.com
  O1 - Hosts: 192.6.72.190 h20000.www2.hp.com
  O1 - Hosts: 60.248.133.8 www.qsinc.com.tw
  O1 - Hosts: 60.248.133.9 wlsap.qsitw.com
  O1 - Hosts: 64.233.183.99 www.google.nl
  O1 - Hosts: 58.83.12.6 www.recatkio.com
  O1 - Hosts: 66.249.93.147 maps.google.nl
  O1 - Hosts: 81.23.226.70 www.dutchcowboys.nl
  O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
  O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
  O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
  O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
  O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
  O4 - HKLM\..\Run: [CARPService] carpserv.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [TeoSoft.com Online Update] C:\Program Files\TeoSoft.com\update.exe wait4connect
  O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
  O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
  O4 - Global Startup: hp psc 1000 series.lnk = ?
  O4 - Global Startup: hpoddt01.exe.lnk = ?
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
  O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
  O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185909297213
  O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185909285476
  O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
  O23 - Service: HPWirelessMgr - Unknown owner - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe (file missing)
  O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
  O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
  O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
 • Hoi Ronald,

  1. Download HostsXpert 4.0
  [list:d189425b9f]
  1. Unzip het programma naar je Bureaublad of een permanente map op je harde schijf.
  2. Open de map en dubbelklik op [b:d189425b9f]Hoster.exe[/b:d189425b9f]
  3. Klik op "Restore Microsofts Original Hosts File"
  4. Klik op "OK" en sluit het programma.
  [/list:u:d189425b9f]

  2. Download Combofix naar je [b:d189425b9f]bureaublad[/b:d189425b9f]

  Dubbelklik op [u:d189425b9f]combofix.exe[/u:d189425b9f]
  Volg de instructies, aanvaard de disclaimer door y of Y te typen.
  Tijdens het runnen van de fix, [b:d189425b9f]NIET[/b:d189425b9f] in het venster klikken, want dit zal je pc doen vasthangen.

  Wanneer de fix voltooid is en na herstart, zal de log [b:d189425b9f]combofix.txt[/b:d189425b9f] openen. Bewaar dit logje.

  NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

  Plaats in je volgende antwoord het logje van combofix ([i:d189425b9f]combofix.txt[/i:d189425b9f]) tesamen met een vers Hijackthis log.

  Succes!

  Pim
 • Ik heb HostsXpert.exe laten draaien en daarna mijn computer weer opnieuw opgestart en alles was weer zoals het hoorde! Dank pim. Kreeg 1 melding van Hostsexpert: "cannot create file C:\Windows\system32\
  Drivers\ETC\hosts" zal wel niks bijzonders zijn want het doel is bereikt… Mijn taakbalk en pictogrammen zijn gelijk terug na opstart!

  Nadat ik Internet Explorer opende gaf deze aan "Internet Explorer is momenteel niet uw standaard browser". Dat was iets nieuws? Ja op instellen als standaard en nu is ook dat opgelost… Die melding had ik nog nooit eerder gehad in IE (wel in Outlook Express tijden terug).

  Hieronder dan de logjes van Combofix en Hijackthis en ik hoop dat er wat uit te halen is. Heb Teosoft persoonlijk eraf gegooid, was crap (opruimingstool) en verwijderde meer dan noodzakelijk. Zag in het log dat er nog vermeldingen stonden en later ook in mijn software nl.

  Groet Ronald

  COMBOFIX:

  ((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))


  2007-08-17 20:32 51,200 –a—— C:\WINDOWS\nircmd.exe
  2007-08-16 22:52 <DIR> d——– C:\Program Files\ROUTE66
  2007-08-16 22:46 <DIR> dr-h-c— C:\DOCUME~1\Ronald\Onlangs geopend
  2007-08-16 21:05 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\Uniblue
  2007-08-16 20:11 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\Help
  2007-08-16 20:01 <DIR> d—-c— C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
  2007-08-16 20:01 <DIR> d——– C:\Program Files\Security Task Manager
  2007-08-16 19:37 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\wsInspector
  2007-08-16 19:30 <DIR> d——– C:\Program Files\Startup Inspector for Windows
  2007-08-16 17:41 <DIR> d——– C:\WINDOWS\Prefetch
  2007-08-16 11:58 15,872 ——— C:\WINDOWS\system32\SophosBootTasks.exe
  2007-08-16 11:58 <DIR> d—-c— C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sophos
  2007-08-16 11:58 <DIR> d——– C:\Program Files\Sophos
  2007-08-16 11:58 <DIR> d——– C:\Program Files\Common Files\Cisco Systems
  2007-08-16 11:55 80,128 –a—— C:\WINDOWS\system32\drivers\savonaccesscontrol.sys
  2007-08-16 11:55 24,064 –a—— C:\WINDOWS\system32\drivers\savonaccessfilter.sys
  2007-08-16 11:55 <DIR> d—-c— C:\savxpsa
  2007-08-16 08:33 <DIR> d—-c— C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
  2007-08-15 18:48 221,184 –a—— C:\WINDOWS\system32\wmpns.dll
  2007-08-15 18:35 <DIR> d——– C:\Program Files\CCleaner
  2007-08-14 22:33 <DIR> d——– C:\Program Files\Ashampoo
  2007-08-13 21:06 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\IE7Pro
  2007-08-13 21:06 <DIR> d——– C:\Program Files\IE7Pro
  2007-08-13 16:40 <DIR> d——– C:\WINDOWS\pss
  2007-08-13 16:00 4,946 –a—— C:\WINDOWS\system32\drivers\DirectPort.sys
  2007-08-13 14:51 32,768 –a—— C:\WINDOWS\upuninst.exe
  2007-08-13 14:34 <DIR> d——– C:\Program Files\Roxio
  2007-08-11 17:46 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\VersionTracker Pro
  2007-08-10 21:47 1,060,864 –a–c— C:\WINDOWS\system32\MFC71.dll
  2007-08-10 16:31 <DIR> d—-c— C:\DOCUME~1\ALLUSE~1\Sjablonen
  2007-08-10 12:39 737,280 –a—— C:\WINDOWS\iun6002.exe
  2007-08-10 11:12 <DIR> d——– C:\WINDOWS\system32\RegVac
  2007-08-10 00:03 2,621,440 –a—— C:\DOCUME~1\Ronald\ntuser.dat
  2007-08-09 21:57 <DIR> d——– C:\Program Files\RegVac Registry Cleaner
  2007-08-09 14:17 94,285 –a—— C:\WINDOWS\system32\Msvcirtd.dll
  2007-08-09 14:17 6,144 –a—— C:\WINDOWS\system32\W95fiber.dll
  2007-08-09 14:17 5,632 –a—— C:\WINDOWS\system32\Mfcuia32.dll
  2007-08-09 14:17 401,484 –a—— C:\WINDOWS\system32\Msvcrtd.dll
  2007-08-09 14:17 322,832 –a—— C:\WINDOWS\system32\Mfc30.dll
  2007-08-09 14:17 212,480 –a—— C:\WINDOWS\Pcdlib32.dll
  2007-08-09 14:17 210,944 –a—— C:\WINDOWS\system32\Msvcrt10.dll
  2007-08-09 14:17 133,904 –a—— C:\WINDOWS\system32\Mfcans32.dll
  2007-08-09 14:17 133,392 –a—— C:\WINDOWS\system32\Mfco30.dll
  2007-08-09 01:50 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\gtopala
  2007-08-06 23:35 <DIR> d——– C:\temp
  2007-08-06 23:16 <DIR> d——– C:\WINDOWS\Downloaded Installations
  2007-08-06 20:24 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\AdobeUM
  2007-08-06 19:21 20,728 –a—— C:\WINDOWS\hpoins01.dat
  2007-08-06 19:21 16,622 ——— C:\WINDOWS\hpomdl01.dat
  2007-08-06 17:53 <DIR> d—s—- C:\WINDOWS\Tasks
  2007-08-06 17:53 <DIR> d——– C:\WINDOWS\twain_32
  2007-08-06 17:53 <DIR> d——– C:\WINDOWS\system32\wins
  2007-08-06 17:53 <DIR> d——– C:\WINDOWS\system32\URTTemp
  2007-08-06 17:53 <DIR> d——– C:\WINDOWS\system32\ShellExt
  2007-08-06 17:53 <DIR> d——– C:\WINDOWS\system32\ReinstallBackups
  2007-08-06 17:53 <DIR> d——– C:\WINDOWS\system32\ras
  2007-08-06 17:53 <DIR> d——– C:\WINDOWS\system32\PreInstall
  2007-08-06 17:53 <DIR> d——– C:\WINDOWS\system32\NtmsData
  2007-08-06 17:53 <DIR> d——– C:\WINDOWS\system32\MsDtc
  2007-08-06 07:20 <DIR> d——– C:\WINDOWS\Tasks(2)
  2007-08-06 07:17 <DIR> d—s—- C:\WINDOWS\system32\Microsoft(2)
  2007-08-05 23:25 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\Roxio
  2007-08-05 19:04 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\Lavasoft
  2007-08-05 18:58 <DIR> d——– C:\Program Files\Lavasoft
  2007-08-05 13:48 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\System-Xf.{21EC2020-3AEA-1069-A2DD-08002B30309D}
  2007-08-04 15:36 <DIR> d—-c— C:\DOCUME~1\Ronald\Shared
  2007-08-04 15:36 <DIR> d—-c— C:\DOCUME~1\Ronald\Incomplete
  2007-08-04 15:36 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\LimeWire
  2007-08-04 15:31 <DIR> d——– C:\Program Files\LimeWire
  2007-08-01 22:00 <DIR> d——– C:\Program Files\Common Files\Roxio Shared
  2007-08-01 21:44 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\Hewlett-Packard
  2007-08-01 21:42 82,380 –a—— C:\WINDOWS\system32\drivers\AFS2K.SYS
  2007-08-01 21:40 94,208 -ra—— C:\WINDOWS\system32\HPZipt12.dll
  2007-08-01 21:40 65,536 -ra—— C:\WINDOWS\system32\HPZipm12.exe
  2007-08-01 21:40 61,440 -ra—— C:\WINDOWS\system32\HPZinw12.exe
  2007-08-01 21:40 57,344 -ra—— C:\WINDOWS\system32\HPZisn12.dll
  2007-08-01 21:40 50,960 -ra—— C:\WINDOWS\system32\drivers\hpzid412.sys
  2007-08-01 21:40 237,624 -ra—— C:\WINDOWS\system32\HPZidr12.dll
  2007-08-01 21:40 172,032 -ra—— C:\WINDOWS\system32\HPZipr12.dll
  2007-08-01 21:40 16,080 -ra—— C:\WINDOWS\system32\drivers\HPZipr12.sys
  2007-08-01 21:39 31,616 –a—— C:\WINDOWS\system32\drivers\usbccgp.sys
  2007-08-01 21:39 31,616 –a—— C:\WINDOWS\system32\dllcache\usbccgp.sys
  2007-08-01 21:39 25,856 –a—— C:\WINDOWS\system32\drivers\usbprint.sys
  2007-08-01 21:39 25,856 –a—— C:\WINDOWS\system32\dllcache\usbprint.sys
  2007-08-01 21:39 22,384 -ra—— C:\WINDOWS\system32\drivers\HPZius12.sys
  2007-08-01 21:39 15,104 –a—— C:\WINDOWS\system32\drivers\usbscan.sys
  2007-08-01 21:39 15,104 –a—— C:\WINDOWS\system32\dllcache\usbscan.sys
  2007-08-01 21:37 <DIR> d——– C:\Program Files\Common Files\Hewlett-Packard
  2007-08-01 21:28 <DIR> d——– C:\Program Files\Windows Media Connect 2
  2007-08-01 21:25 <DIR> d——– C:\WINDOWS\system32\LogFiles
  2007-08-01 21:25 <DIR> d——– C:\WINDOWS\system32\drivers\UMDF
  2007-08-01 21:04 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\TeoSoft Settings
  2007-08-01 21:03 <DIR> d——– C:\Program Files\TeoSoft.com
  2007-08-01 20:56 221,688 –a–c— C:\DOCUME~1\Ronald\APPLIC~1\up.exe
  2007-08-01 20:56 <DIR> d–h-c— C:\DOCUME~1\Ronald\APPLIC~1\CS
  2007-08-01 20:55 <DIR> d–h-c— C:\DOCUME~1\Ronald\APPLIC~1\CS.{645FF040-5081-101B-9F08-00AA002F954E}
  2007-08-01 20:12 32,592 –a—— C:\WINDOWS\system32\msonpmon.dll
  2007-08-01 20:09 <DIR> d——– C:\Program Files\MSBuild
  2007-08-01 20:09 <DIR> d——– C:\Program Files\Microsoft Works
  2007-08-01 20:06 <DIR> d——– C:\Program Files\Microsoft.NET


  (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

  2007-08-13 14:51 61440 –a—— C:\WINDOWS\system32\cdrtc.dll
  2007-08-13 14:51 45056 –a—— C:\WINDOWS\system32\cdral.dll
  2007-08-06 23:42 2970 –a—— C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin
  2007-08-01 20:55 98 -r-hs—- C:\Program Files\Common Files\desSktop.ini
  2007-07-31 22:28 13626 –a—— C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin
  2007-07-31 21:09 1735 -rahs—- C:\WINDOWS\system32\drivers\HP_Pavilion ze4300 (DG607A)_YN_Pavi_QCN3041_E_4_I0024_SHP_VPQ1A75_BKAM1.42_T030429_WXH1_L413_M703_J40_7AMD_8mobile Athlon XP 2000+_91,66_1104C8026_N100B0020_P12176972_Z10B95457_K_A10B95451_U10B95237_G10024336.MRK
  2007-07-19 08:59 3583488 –a—— C:\WINDOWS\system32\dllcache\mshtml.dll
  2007-07-13 01:32 765952 –a—— C:\WINDOWS\system32\dllcache\vgx.dll
  2007-06-27 16:12 823808 –a—— C:\WINDOWS\system32\dllcache\wininet.dll
  2007-06-27 16:12 671232 –a—— C:\WINDOWS\system32\dllcache\mstime.dll
  2007-06-27 16:12 52224 ——— C:\WINDOWS\system32\dllcache\msfeedsbs.dll
  2007-06-27 16:12 477696 –a—— C:\WINDOWS\system32\dllcache\mshtmled.dll
  2007-06-27 16:12 459264 ——— C:\WINDOWS\system32\dllcache\msfeeds.dll
  2007-06-27 16:12 232960 ——— C:\WINDOWS\system32\dllcache\webcheck.dll
  2007-06-27 16:12 193024 –a—— C:\WINDOWS\system32\dllcache\msrating.dll
  2007-06-27 16:12 1152000 –a—— C:\WINDOWS\system32\dllcache\urlmon.dll
  2007-06-27 16:12 105984 ——— C:\WINDOWS\system32\dllcache\url.dll
  2007-06-27 16:12 102400 ——— C:\WINDOWS\system32\dllcache\occache.dll
  2007-06-27 16:11 6058496 ——— C:\WINDOWS\system32\dllcache\ieframe.dll
  2007-06-27 16:11 44544 ——— C:\WINDOWS\system32\dllcache\iernonce.dll
  2007-06-27 16:11 384512 ——— C:\WINDOWS\system32\dllcache\iedkcs32.dll
  2007-06-27 16:11 383488 ——— C:\WINDOWS\system32\dllcache\ieapfltr.dll
  2007-06-27 16:11 27648 –a—— C:\WINDOWS\system32\dllcache\jsproxy.dll
  2007-06-27 16:11 267776 ——— C:\WINDOWS\system32\dllcache\iertutil.dll
  2007-06-27 16:11 230400 ——— C:\WINDOWS\system32\dllcache\ieaksie.dll
  2007-06-27 16:11 153088 ——— C:\WINDOWS\system32\dllcache\ieakeng.dll
  2007-06-27 16:11 132608 –a—— C:\WINDOWS\system32\dllcache\extmgr.dll
  2007-06-27 16:11 124928 ——— C:\WINDOWS\system32\dllcache\advpack.dll
  2007-06-27 10:29 625152 –a—— C:\WINDOWS\system32\dllcache\iexplore.exe
  2007-06-27 10:27 63488 –a–c— C:\WINDOWS\system32\dllcache\ie4uinit.exe
  2007-06-27 10:27 13824 —–c— C:\WINDOWS\system32\dllcache\ieudinit.exe
  2007-06-27 09:00 161792 –a–c— C:\WINDOWS\system32\dllcache\ieakui.dll
  2007-06-26 08:10 1104896 –a—— C:\WINDOWS\system32\msxml3.dll
  2007-06-26 08:10 1104896 —–c— C:\WINDOWS\system32\dllcache\msxml3.dll
  2007-06-19 15:33 282112 –a—— C:\WINDOWS\system32\gdi32.dll
  2007-06-19 15:33 282112 —–c— C:\WINDOWS\system32\dllcache\gdi32.dll
  2007-06-13 15:24 1036800 –a—— C:\WINDOWS\explorer.exe
  2007-06-13 15:24 1036800 ——— C:\WINDOWS\system32\dllcache\explorer.exe
  2007-05-17 13:30 549376 –a—— C:\WINDOWS\system32\oleaut32.dll
  2007-05-17 13:30 549376 —–c— C:\WINDOWS\system32\dllcache\oleaut32.dll


  ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


  *Note* empty entries & legit default entries are not shown

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "AtiPTA"="atiptaxx.exe" [2002-06-12 01:56 C:\WINDOWS\system32\atiptaxx.exe]
  "srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 23:34]
  "Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 07:26]
  "QT4HPOT"="C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE" [2002-10-14 19:56]
  "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2002-10-23 14:19]
  "CARPService"="carpserv.exe" [2003-05-21 15:35 C:\WINDOWS\system32\carpserv.exe]

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Clean Space 10 trayagent"="C:\Program Files\TeoSoft.com\trayagent.exe" [2007-04-09 11:14]
  "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]
  "TeoSoft.com Online Update"="C:\Program Files\TeoSoft.com\update.exe" [2007-04-09 11:14]

  C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
  AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [2007-06-21 12:18:00]
  hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 21:08:34]
  hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 20:56:10]

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
  @="Service"

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
  @="service"

  R0 caboagp;ATI Cabo AGP Filter;C:\WINDOWS\system32\DRIVERS\atisgkaf.sys
  R1 SAVOnAccess Control;SAVOnAccess Control;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
  R1 SAVOnAccess Filter;SAVOnAccess Filter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
  R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys
  R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\system32\drivers\caliaud.sys
  R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys
  R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.SYS
  R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS
  R3 HSFHWALI;HSFHWALI;C:\WINDOWS\system32\DRIVERS\HSFHWALI.sys
  S3 allegro;ESS Allegro-audiostuurprogramma (WDM);C:\WINDOWS\system32\drivers\es198x.sys
  S3 CE3;Xircom Ethernet-adapter 10/100-service;C:\WINDOWS\system32\DRIVERS\ce3n5.sys
  S3 DirectPort;DirectPort;\??\C:\WINDOWS\system32\Drivers\DirectPort.sys
  S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;C:\WINDOWS\system32\DRIVERS\Express.sys
  S3 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter.sys
  S3 WinPhlash;WinPhlash;\??\c:\SWSetup\sp30514\PHLASHNT.SYS


  Contents of the 'Scheduled Tasks' folder
  2007-08-06 17:29:35 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1186421312.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe

  **************************************************************************

  catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-08-17 20:35:48
  Windows 5.1.2600 Service Pack 2 NTFS

  scanning hidden processes …

  scanning hidden autostart entries …

  HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe???????????????|?????? ?X#B?????????????l|B? ??????

  scanning hidden files …

  scan completed successfully
  hidden files: 0

  hijackthis:

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\HPConfig.exe
  C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
  C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\wbem\wmiapsrv.exe
  C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
  C:\WINDOWS\system32\carpserv.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Sophos\AutoUpdate\ALMon.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
  C:\Documents and Settings\Ronald\Mijn documenten\diversen\computer\Hijack this (log maken)\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O1 - Hosts: 192.151.52.242 forums1.itrc.hp.com
  O1 - Hosts: 208.67.212.180 forums.support.roxio.com
  O1 - Hosts: 63.236.55.39 www.roxio.com
  O1 - Hosts: 81.23.243.151 search.live.com
  O1 - Hosts: 207.46.196.83 forums.microsoft.com
  O1 - Hosts: 80.69.95.148 club.cdfreaks.com
  O1 - Hosts: 161.114.23.244 h18000.www1.hp.com
  O1 - Hosts: 192.6.72.190 h20000.www2.hp.com
  O1 - Hosts: 60.248.133.8 www.qsinc.com.tw
  O1 - Hosts: 60.248.133.9 wlsap.qsitw.com
  O1 - Hosts: 64.233.183.99 www.google.nl
  O1 - Hosts: 58.83.12.6 www.recatkio.com
  O1 - Hosts: 66.249.93.147 maps.google.nl
  O1 - Hosts: 81.23.226.70 www.dutchcowboys.nl
  O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
  O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
  O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
  O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
  O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
  O4 - HKLM\..\Run: [CARPService] carpserv.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
  O4 - Global Startup: hp psc 1000 series.lnk = ?
  O4 - Global Startup: hpoddt01.exe.lnk = ?
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
  O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
  O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185909297213
  O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185909285476
  O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
  O23 - Service: HPWirelessMgr - Unknown owner - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe (file missing)
  O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
  O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
  O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
 • Hoi ronald,

  Het kan kloppen dat je dat even opnieuw moet instellen.

  Start Hijackthis, kies voor [i:d2c8fee27e]'Do a system scan only'[/i:d2c8fee27e] en vink onderstaande regels aan:
  [b:d2c8fee27e]
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  O1 - Hosts: 192.151.52.242 forums1.itrc.hp.com
  O1 - Hosts: 208.67.212.180 forums.support.roxio.com
  O1 - Hosts: 63.236.55.39 www.roxio.com
  O1 - Hosts: 81.23.243.151 search.live.com
  O1 - Hosts: 207.46.196.83 forums.microsoft.com
  O1 - Hosts: 80.69.95.148 club.cdfreaks.com
  O1 - Hosts: 161.114.23.244 h18000.www1.hp.com
  O1 - Hosts: 192.6.72.190 h20000.www2.hp.com
  O1 - Hosts: 60.248.133.8 www.qsinc.com.tw
  O1 - Hosts: 60.248.133.9 wlsap.qsitw.com
  O1 - Hosts: 64.233.183.99 www.google.nl
  O1 - Hosts: 58.83.12.6 www.recatkio.com
  O1 - Hosts: 66.249.93.147 maps.google.nl
  O1 - Hosts: 81.23.226.70 www.dutchcowboys.nl
  [/b:d2c8fee27e]

  Sluit nu [u:d2c8fee27e]alle[/u:d2c8fee27e] openstaande vensters, behalve Hijackthis en klik op [b:d2c8fee27e]Fix Checked[/b:d2c8fee27e].

  Problemen over?

  Pim
 • Ja ik heb nu een schoon logje zo te zien!! Hartelijk dank daarvoor!! Denk dat ik er wel uitben wat dit onderwerp betreft. Denk dat er in mijn meegestuurde mooie logje weinig raars meer staat nu!!

  Ik ga op voor de volgende vraag over het RAM geheugen!! Nog even aanmaken alleen… eerst maar effe slapen (verslavend die computer zeg!!!)

  Nogmaals geweldig bedankt! Heb weer wat bijgeleerd.


  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
  C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\carpserv.exe
  C:\Program Files\Sophos\AutoUpdate\ALMon.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Documents and Settings\Ronald\Mijn documenten\diversen\computer\Hijack this (log maken)\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O4 - HKLM\..\Run: [CARPService] carpserv.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
  O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
  O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185909297213
  O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185909285476
  O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
  O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
  O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

  [b:c801d95b6b]Nu ik het nog even doorlas vroeg ik me als ALLERLAATSTE VRAAG nog af of je die messenger er ook uit kan gooien op dezelfde manier?? Draai al op minimaal aantal services en aangezien ik zo aan het opruimen ben kan die wat mij betreft ook wel uit mijn logje… OF doe ik dan iets heel doms??[/b:c801d95b6b] :roll:
 • Heb je het nou over MSN Messenger of Windows Messenger. Windows Messenger komt standaard mee met een verse installatie van XP en is lastig te verwijderen.

  MSN Messenger kan je verwijderen via configuratiescherm –> software.

  Windows Messenger kan je als volgt uitschakelen:

  Klik met je rechtermuisknop op deze computer, kies voor Beheren. Ga naar Services en Toepassingen en klik op Services. Zoek hier in de lijst naar Messenger. Zet het opstarttype op uitgeschakeld en de status van de services op gestopt.
 • Excuus voor de niet echt duidelijke omschrijving!
  Doelde op deze 2 regels uit het logje van mijn vorige post:

  [quote:b10f81f234]O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe[/quote:b10f81f234]

  Ik had zelf Messenger Windows en Msn al [i:b10f81f234]voor mijn gevoel [/i:b10f81f234]grondig verwijderd maar ik zag nog deze 2 verwijzingen in mijn logje staan.

  vandaar dus:
  Kan ik deze 2 hierboven aangegeven regels ook verwijderen of doe ik dan iets heel doms??
 • Hijackthis is bedoelt om alleen spyware te verwijderen. Deze regels zijn volkomen legiem en het is niet aan te raden om deze te verwijderen. Ze zorgen ook niet voor vertraging voor je PC o.i.d.
 • Dank je wel Pim! Ik zit er niet aan!!!

  Wat mij betreft kan deze topic dicht hoor ! Heb genoeg hulp op dit vlak gehad…

  [b:d9dca455df]Hartelijk dank daarvoor allemaal, KLASSE [/b:d9dca455df]:D :D :D :D
 • Graag gedaan Ronald :)

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.