Vraag & Antwoord

Beveiliging & privacy

Mijn eerste log(je)

Anoniem
None
10 antwoorden
  • Hallo Allemaal,

    Ik ben nieuw op dit forum en sta echt versteld van de zeer uitgebreide reacties en verregaande kennis hier..!! Echt ongelooflijk, misschien meer omdat het vorige forum qua beantwoording niet verder ging op mijn vragen dan: 'doe de computer is aan en uit'. Maargoed, mijn vraag:

    Ik heb een log van Hijack this geplakt hieronder en hoop dat ik het goed heb gedaan?? Ik wil graag weten of er vreemde dingen instaan ofzo.. Ben veel aan het ruimen geweest (services stoppen, dingen in taakbeheer uitschakelen ezovoort) maar nu heb ik denk ik ietsje teveel verwijderd…

    Als ik mijn computer afsluit gaat het snel (binnen 20 sec.) vergeleken bij 2 minuten daarvoor!! Maar nu het opstarten. De screensaver komt in beeld en verder….. niks!! Kan wel taakbeheer openen en als ik dan bij bestand uitvoeren blader en iets aanklik komt ineens de taakbalk en mijn bureaubladpics weer langzaam tevoorschijn?? Het lijkt of ik iets mis in het opstarten maar wat???

    Hier mijn logje en ik ben benieuwd…?? alvast dank

    Logfile of HijackThis v1.99.1
    Scan saved at 22:29:18, on 16-8-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
    C:\WINDOWS\system32\carpserv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Ronald\Mijn documenten\diversen\computer\Hijack this (log maken)\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 192.151.52.242 forums1.itrc.hp.com
    O1 - Hosts: 208.67.212.180 forums.support.roxio.com
    O1 - Hosts: 63.236.55.39 www.roxio.com
    O1 - Hosts: 81.23.243.151 search.live.com
    O1 - Hosts: 207.46.196.83 forums.microsoft.com
    O1 - Hosts: 80.69.95.148 club.cdfreaks.com
    O1 - Hosts: 161.114.23.244 h18000.www1.hp.com
    O1 - Hosts: 192.6.72.190 h20000.www2.hp.com
    O1 - Hosts: 60.248.133.8 www.qsinc.com.tw
    O1 - Hosts: 60.248.133.9 wlsap.qsitw.com
    O1 - Hosts: 64.233.183.99 www.google.nl
    O1 - Hosts: 58.83.12.6 www.recatkio.com
    O1 - Hosts: 66.249.93.147 maps.google.nl
    O1 - Hosts: 81.23.226.70 www.dutchcowboys.nl
    O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TeoSoft.com Online Update] C:\Program Files\TeoSoft.com\update.exe wait4connect
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185909297213
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185909285476
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Unknown owner - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe (file missing)
    O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
  • Hoi Ronald,

    1. Download HostsXpert 4.0
    [list:d189425b9f]
    1. Unzip het programma naar je Bureaublad of een permanente map op je harde schijf.
    2. Open de map en dubbelklik op [b:d189425b9f]Hoster.exe[/b:d189425b9f]
    3. Klik op "Restore Microsofts Original Hosts File"
    4. Klik op "OK" en sluit het programma.
    [/list:u:d189425b9f]

    2. Download Combofix naar je [b:d189425b9f]bureaublad[/b:d189425b9f]

    Dubbelklik op [u:d189425b9f]combofix.exe[/u:d189425b9f]
    Volg de instructies, aanvaard de disclaimer door y of Y te typen.
    Tijdens het runnen van de fix, [b:d189425b9f]NIET[/b:d189425b9f] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:d189425b9f]combofix.txt[/b:d189425b9f] openen. Bewaar dit logje.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Plaats in je volgende antwoord het logje van combofix ([i:d189425b9f]combofix.txt[/i:d189425b9f]) tesamen met een vers Hijackthis log.

    Succes!

    Pim
  • Ik heb HostsXpert.exe laten draaien en daarna mijn computer weer opnieuw opgestart en alles was weer zoals het hoorde! Dank pim. Kreeg 1 melding van Hostsexpert: "cannot create file C:\Windows\system32\
    Drivers\ETC\hosts" zal wel niks bijzonders zijn want het doel is bereikt… Mijn taakbalk en pictogrammen zijn gelijk terug na opstart!

    Nadat ik Internet Explorer opende gaf deze aan "Internet Explorer is momenteel niet uw standaard browser". Dat was iets nieuws? Ja op instellen als standaard en nu is ook dat opgelost… Die melding had ik nog nooit eerder gehad in IE (wel in Outlook Express tijden terug).

    Hieronder dan de logjes van Combofix en Hijackthis en ik hoop dat er wat uit te halen is. Heb Teosoft persoonlijk eraf gegooid, was crap (opruimingstool) en verwijderde meer dan noodzakelijk. Zag in het log dat er nog vermeldingen stonden en later ook in mijn software nl.

    Groet Ronald

    COMBOFIX:

    ((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))


    2007-08-17 20:32 51,200 –a—— C:\WINDOWS\nircmd.exe
    2007-08-16 22:52 <DIR> d——– C:\Program Files\ROUTE66
    2007-08-16 22:46 <DIR> dr-h-c— C:\DOCUME~1\Ronald\Onlangs geopend
    2007-08-16 21:05 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\Uniblue
    2007-08-16 20:11 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\Help
    2007-08-16 20:01 <DIR> d—-c— C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
    2007-08-16 20:01 <DIR> d——– C:\Program Files\Security Task Manager
    2007-08-16 19:37 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\wsInspector
    2007-08-16 19:30 <DIR> d——– C:\Program Files\Startup Inspector for Windows
    2007-08-16 17:41 <DIR> d——– C:\WINDOWS\Prefetch
    2007-08-16 11:58 15,872 ——— C:\WINDOWS\system32\SophosBootTasks.exe
    2007-08-16 11:58 <DIR> d—-c— C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sophos
    2007-08-16 11:58 <DIR> d——– C:\Program Files\Sophos
    2007-08-16 11:58 <DIR> d——– C:\Program Files\Common Files\Cisco Systems
    2007-08-16 11:55 80,128 –a—— C:\WINDOWS\system32\drivers\savonaccesscontrol.sys
    2007-08-16 11:55 24,064 –a—— C:\WINDOWS\system32\drivers\savonaccessfilter.sys
    2007-08-16 11:55 <DIR> d—-c— C:\savxpsa
    2007-08-16 08:33 <DIR> d—-c— C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-08-15 18:48 221,184 –a—— C:\WINDOWS\system32\wmpns.dll
    2007-08-15 18:35 <DIR> d——– C:\Program Files\CCleaner
    2007-08-14 22:33 <DIR> d——– C:\Program Files\Ashampoo
    2007-08-13 21:06 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\IE7Pro
    2007-08-13 21:06 <DIR> d——– C:\Program Files\IE7Pro
    2007-08-13 16:40 <DIR> d——– C:\WINDOWS\pss
    2007-08-13 16:00 4,946 –a—— C:\WINDOWS\system32\drivers\DirectPort.sys
    2007-08-13 14:51 32,768 –a—— C:\WINDOWS\upuninst.exe
    2007-08-13 14:34 <DIR> d——– C:\Program Files\Roxio
    2007-08-11 17:46 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\VersionTracker Pro
    2007-08-10 21:47 1,060,864 –a–c— C:\WINDOWS\system32\MFC71.dll
    2007-08-10 16:31 <DIR> d—-c— C:\DOCUME~1\ALLUSE~1\Sjablonen
    2007-08-10 12:39 737,280 –a—— C:\WINDOWS\iun6002.exe
    2007-08-10 11:12 <DIR> d——– C:\WINDOWS\system32\RegVac
    2007-08-10 00:03 2,621,440 –a—— C:\DOCUME~1\Ronald\ntuser.dat
    2007-08-09 21:57 <DIR> d——– C:\Program Files\RegVac Registry Cleaner
    2007-08-09 14:17 94,285 –a—— C:\WINDOWS\system32\Msvcirtd.dll
    2007-08-09 14:17 6,144 –a—— C:\WINDOWS\system32\W95fiber.dll
    2007-08-09 14:17 5,632 –a—— C:\WINDOWS\system32\Mfcuia32.dll
    2007-08-09 14:17 401,484 –a—— C:\WINDOWS\system32\Msvcrtd.dll
    2007-08-09 14:17 322,832 –a—— C:\WINDOWS\system32\Mfc30.dll
    2007-08-09 14:17 212,480 –a—— C:\WINDOWS\Pcdlib32.dll
    2007-08-09 14:17 210,944 –a—— C:\WINDOWS\system32\Msvcrt10.dll
    2007-08-09 14:17 133,904 –a—— C:\WINDOWS\system32\Mfcans32.dll
    2007-08-09 14:17 133,392 –a—— C:\WINDOWS\system32\Mfco30.dll
    2007-08-09 01:50 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\gtopala
    2007-08-06 23:35 <DIR> d——– C:\temp
    2007-08-06 23:16 <DIR> d——– C:\WINDOWS\Downloaded Installations
    2007-08-06 20:24 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\AdobeUM
    2007-08-06 19:21 20,728 –a—— C:\WINDOWS\hpoins01.dat
    2007-08-06 19:21 16,622 ——— C:\WINDOWS\hpomdl01.dat
    2007-08-06 17:53 <DIR> d—s—- C:\WINDOWS\Tasks
    2007-08-06 17:53 <DIR> d——– C:\WINDOWS\twain_32
    2007-08-06 17:53 <DIR> d——– C:\WINDOWS\system32\wins
    2007-08-06 17:53 <DIR> d——– C:\WINDOWS\system32\URTTemp
    2007-08-06 17:53 <DIR> d——– C:\WINDOWS\system32\ShellExt
    2007-08-06 17:53 <DIR> d——– C:\WINDOWS\system32\ReinstallBackups
    2007-08-06 17:53 <DIR> d——– C:\WINDOWS\system32\ras
    2007-08-06 17:53 <DIR> d——– C:\WINDOWS\system32\PreInstall
    2007-08-06 17:53 <DIR> d——– C:\WINDOWS\system32\NtmsData
    2007-08-06 17:53 <DIR> d——– C:\WINDOWS\system32\MsDtc
    2007-08-06 07:20 <DIR> d——– C:\WINDOWS\Tasks(2)
    2007-08-06 07:17 <DIR> d—s—- C:\WINDOWS\system32\Microsoft(2)
    2007-08-05 23:25 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\Roxio
    2007-08-05 19:04 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\Lavasoft
    2007-08-05 18:58 <DIR> d——– C:\Program Files\Lavasoft
    2007-08-05 13:48 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\System-Xf.{21EC2020-3AEA-1069-A2DD-08002B30309D}
    2007-08-04 15:36 <DIR> d—-c— C:\DOCUME~1\Ronald\Shared
    2007-08-04 15:36 <DIR> d—-c— C:\DOCUME~1\Ronald\Incomplete
    2007-08-04 15:36 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\LimeWire
    2007-08-04 15:31 <DIR> d——– C:\Program Files\LimeWire
    2007-08-01 22:00 <DIR> d——– C:\Program Files\Common Files\Roxio Shared
    2007-08-01 21:44 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\Hewlett-Packard
    2007-08-01 21:42 82,380 –a—— C:\WINDOWS\system32\drivers\AFS2K.SYS
    2007-08-01 21:40 94,208 -ra—— C:\WINDOWS\system32\HPZipt12.dll
    2007-08-01 21:40 65,536 -ra—— C:\WINDOWS\system32\HPZipm12.exe
    2007-08-01 21:40 61,440 -ra—— C:\WINDOWS\system32\HPZinw12.exe
    2007-08-01 21:40 57,344 -ra—— C:\WINDOWS\system32\HPZisn12.dll
    2007-08-01 21:40 50,960 -ra—— C:\WINDOWS\system32\drivers\hpzid412.sys
    2007-08-01 21:40 237,624 -ra—— C:\WINDOWS\system32\HPZidr12.dll
    2007-08-01 21:40 172,032 -ra—— C:\WINDOWS\system32\HPZipr12.dll
    2007-08-01 21:40 16,080 -ra—— C:\WINDOWS\system32\drivers\HPZipr12.sys
    2007-08-01 21:39 31,616 –a—— C:\WINDOWS\system32\drivers\usbccgp.sys
    2007-08-01 21:39 31,616 –a—— C:\WINDOWS\system32\dllcache\usbccgp.sys
    2007-08-01 21:39 25,856 –a—— C:\WINDOWS\system32\drivers\usbprint.sys
    2007-08-01 21:39 25,856 –a—— C:\WINDOWS\system32\dllcache\usbprint.sys
    2007-08-01 21:39 22,384 -ra—— C:\WINDOWS\system32\drivers\HPZius12.sys
    2007-08-01 21:39 15,104 –a—— C:\WINDOWS\system32\drivers\usbscan.sys
    2007-08-01 21:39 15,104 –a—— C:\WINDOWS\system32\dllcache\usbscan.sys
    2007-08-01 21:37 <DIR> d——– C:\Program Files\Common Files\Hewlett-Packard
    2007-08-01 21:28 <DIR> d——– C:\Program Files\Windows Media Connect 2
    2007-08-01 21:25 <DIR> d——– C:\WINDOWS\system32\LogFiles
    2007-08-01 21:25 <DIR> d——– C:\WINDOWS\system32\drivers\UMDF
    2007-08-01 21:04 <DIR> d—-c— C:\DOCUME~1\Ronald\APPLIC~1\TeoSoft Settings
    2007-08-01 21:03 <DIR> d——– C:\Program Files\TeoSoft.com
    2007-08-01 20:56 221,688 –a–c— C:\DOCUME~1\Ronald\APPLIC~1\up.exe
    2007-08-01 20:56 <DIR> d–h-c— C:\DOCUME~1\Ronald\APPLIC~1\CS
    2007-08-01 20:55 <DIR> d–h-c— C:\DOCUME~1\Ronald\APPLIC~1\CS.{645FF040-5081-101B-9F08-00AA002F954E}
    2007-08-01 20:12 32,592 –a—— C:\WINDOWS\system32\msonpmon.dll
    2007-08-01 20:09 <DIR> d——– C:\Program Files\MSBuild
    2007-08-01 20:09 <DIR> d——– C:\Program Files\Microsoft Works
    2007-08-01 20:06 <DIR> d——– C:\Program Files\Microsoft.NET


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-13 14:51 61440 –a—— C:\WINDOWS\system32\cdrtc.dll
    2007-08-13 14:51 45056 –a—— C:\WINDOWS\system32\cdral.dll
    2007-08-06 23:42 2970 –a—— C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin
    2007-08-01 20:55 98 -r-hs—- C:\Program Files\Common Files\desSktop.ini
    2007-07-31 22:28 13626 –a—— C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin
    2007-07-31 21:09 1735 -rahs—- C:\WINDOWS\system32\drivers\HP_Pavilion ze4300 (DG607A)_YN_Pavi_QCN3041_E_4_I0024_SHP_VPQ1A75_BKAM1.42_T030429_WXH1_L413_M703_J40_7AMD_8mobile Athlon XP 2000+_91,66_1104C8026_N100B0020_P12176972_Z10B95457_K_A10B95451_U10B95237_G10024336.MRK
    2007-07-19 08:59 3583488 –a—— C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-07-13 01:32 765952 –a—— C:\WINDOWS\system32\dllcache\vgx.dll
    2007-06-27 16:12 823808 –a—— C:\WINDOWS\system32\dllcache\wininet.dll
    2007-06-27 16:12 671232 –a—— C:\WINDOWS\system32\dllcache\mstime.dll
    2007-06-27 16:12 52224 ——— C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-06-27 16:12 477696 –a—— C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-06-27 16:12 459264 ——— C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-06-27 16:12 232960 ——— C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-06-27 16:12 193024 –a—— C:\WINDOWS\system32\dllcache\msrating.dll
    2007-06-27 16:12 1152000 –a—— C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-06-27 16:12 105984 ——— C:\WINDOWS\system32\dllcache\url.dll
    2007-06-27 16:12 102400 ——— C:\WINDOWS\system32\dllcache\occache.dll
    2007-06-27 16:11 6058496 ——— C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-06-27 16:11 44544 ——— C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-06-27 16:11 384512 ——— C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-06-27 16:11 383488 ——— C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-06-27 16:11 27648 –a—— C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-06-27 16:11 267776 ——— C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-06-27 16:11 230400 ——— C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-06-27 16:11 153088 ——— C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-06-27 16:11 132608 –a—— C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-06-27 16:11 124928 ——— C:\WINDOWS\system32\dllcache\advpack.dll
    2007-06-27 10:29 625152 –a—— C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-06-27 10:27 63488 –a–c— C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-06-27 10:27 13824 —–c— C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-06-27 09:00 161792 –a–c— C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-06-26 08:10 1104896 –a—— C:\WINDOWS\system32\msxml3.dll
    2007-06-26 08:10 1104896 —–c— C:\WINDOWS\system32\dllcache\msxml3.dll
    2007-06-19 15:33 282112 –a—— C:\WINDOWS\system32\gdi32.dll
    2007-06-19 15:33 282112 —–c— C:\WINDOWS\system32\dllcache\gdi32.dll
    2007-06-13 15:24 1036800 –a—— C:\WINDOWS\explorer.exe
    2007-06-13 15:24 1036800 ——— C:\WINDOWS\system32\dllcache\explorer.exe
    2007-05-17 13:30 549376 –a—— C:\WINDOWS\system32\oleaut32.dll
    2007-05-17 13:30 549376 —–c— C:\WINDOWS\system32\dllcache\oleaut32.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AtiPTA"="atiptaxx.exe" [2002-06-12 01:56 C:\WINDOWS\system32\atiptaxx.exe]
    "srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 23:34]
    "Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 07:26]
    "QT4HPOT"="C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE" [2002-10-14 19:56]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2002-10-23 14:19]
    "CARPService"="carpserv.exe" [2003-05-21 15:35 C:\WINDOWS\system32\carpserv.exe]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Clean Space 10 trayagent"="C:\Program Files\TeoSoft.com\trayagent.exe" [2007-04-09 11:14]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]
    "TeoSoft.com Online Update"="C:\Program Files\TeoSoft.com\update.exe" [2007-04-09 11:14]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [2007-06-21 12:18:00]
    hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 21:08:34]
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 20:56:10]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
    @="service"

    R0 caboagp;ATI Cabo AGP Filter;C:\WINDOWS\system32\DRIVERS\atisgkaf.sys
    R1 SAVOnAccess Control;SAVOnAccess Control;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
    R1 SAVOnAccess Filter;SAVOnAccess Filter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
    R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys
    R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\system32\drivers\caliaud.sys
    R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys
    R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.SYS
    R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS
    R3 HSFHWALI;HSFHWALI;C:\WINDOWS\system32\DRIVERS\HSFHWALI.sys
    S3 allegro;ESS Allegro-audiostuurprogramma (WDM);C:\WINDOWS\system32\drivers\es198x.sys
    S3 CE3;Xircom Ethernet-adapter 10/100-service;C:\WINDOWS\system32\DRIVERS\ce3n5.sys
    S3 DirectPort;DirectPort;\??\C:\WINDOWS\system32\Drivers\DirectPort.sys
    S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;C:\WINDOWS\system32\DRIVERS\Express.sys
    S3 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    S3 WinPhlash;WinPhlash;\??\c:\SWSetup\sp30514\PHLASHNT.SYS


    Contents of the 'Scheduled Tasks' folder
    2007-08-06 17:29:35 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1186421312.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-17 20:35:48
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe???????????????|?????? ?X#B?????????????l|B? ??????

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    hijackthis:

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
    C:\WINDOWS\system32\carpserv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Documents and Settings\Ronald\Mijn documenten\diversen\computer\Hijack this (log maken)\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 192.151.52.242 forums1.itrc.hp.com
    O1 - Hosts: 208.67.212.180 forums.support.roxio.com
    O1 - Hosts: 63.236.55.39 www.roxio.com
    O1 - Hosts: 81.23.243.151 search.live.com
    O1 - Hosts: 207.46.196.83 forums.microsoft.com
    O1 - Hosts: 80.69.95.148 club.cdfreaks.com
    O1 - Hosts: 161.114.23.244 h18000.www1.hp.com
    O1 - Hosts: 192.6.72.190 h20000.www2.hp.com
    O1 - Hosts: 60.248.133.8 www.qsinc.com.tw
    O1 - Hosts: 60.248.133.9 wlsap.qsitw.com
    O1 - Hosts: 64.233.183.99 www.google.nl
    O1 - Hosts: 58.83.12.6 www.recatkio.com
    O1 - Hosts: 66.249.93.147 maps.google.nl
    O1 - Hosts: 81.23.226.70 www.dutchcowboys.nl
    O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185909297213
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185909285476
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Unknown owner - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe (file missing)
    O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
  • Hoi ronald,

    Het kan kloppen dat je dat even opnieuw moet instellen.

    Start Hijackthis, kies voor [i:d2c8fee27e]'Do a system scan only'[/i:d2c8fee27e] en vink onderstaande regels aan:
    [b:d2c8fee27e]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O1 - Hosts: 192.151.52.242 forums1.itrc.hp.com
    O1 - Hosts: 208.67.212.180 forums.support.roxio.com
    O1 - Hosts: 63.236.55.39 www.roxio.com
    O1 - Hosts: 81.23.243.151 search.live.com
    O1 - Hosts: 207.46.196.83 forums.microsoft.com
    O1 - Hosts: 80.69.95.148 club.cdfreaks.com
    O1 - Hosts: 161.114.23.244 h18000.www1.hp.com
    O1 - Hosts: 192.6.72.190 h20000.www2.hp.com
    O1 - Hosts: 60.248.133.8 www.qsinc.com.tw
    O1 - Hosts: 60.248.133.9 wlsap.qsitw.com
    O1 - Hosts: 64.233.183.99 www.google.nl
    O1 - Hosts: 58.83.12.6 www.recatkio.com
    O1 - Hosts: 66.249.93.147 maps.google.nl
    O1 - Hosts: 81.23.226.70 www.dutchcowboys.nl
    [/b:d2c8fee27e]

    Sluit nu [u:d2c8fee27e]alle[/u:d2c8fee27e] openstaande vensters, behalve Hijackthis en klik op [b:d2c8fee27e]Fix Checked[/b:d2c8fee27e].

    Problemen over?

    Pim
  • Ja ik heb nu een schoon logje zo te zien!! Hartelijk dank daarvoor!! Denk dat ik er wel uitben wat dit onderwerp betreft. Denk dat er in mijn meegestuurde mooie logje weinig raars meer staat nu!!

    Ik ga op voor de volgende vraag over het RAM geheugen!! Nog even aanmaken alleen… eerst maar effe slapen (verslavend die computer zeg!!!)

    Nogmaals geweldig bedankt! Heb weer wat bijgeleerd.


    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Ronald\Mijn documenten\diversen\computer\Hijack this (log maken)\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185909297213
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185909285476
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

    [b:c801d95b6b]Nu ik het nog even doorlas vroeg ik me als ALLERLAATSTE VRAAG nog af of je die messenger er ook uit kan gooien op dezelfde manier?? Draai al op minimaal aantal services en aangezien ik zo aan het opruimen ben kan die wat mij betreft ook wel uit mijn logje… OF doe ik dan iets heel doms??[/b:c801d95b6b] :roll:
  • Heb je het nou over MSN Messenger of Windows Messenger. Windows Messenger komt standaard mee met een verse installatie van XP en is lastig te verwijderen.

    MSN Messenger kan je verwijderen via configuratiescherm –> software.

    Windows Messenger kan je als volgt uitschakelen:

    Klik met je rechtermuisknop op deze computer, kies voor Beheren. Ga naar Services en Toepassingen en klik op Services. Zoek hier in de lijst naar Messenger. Zet het opstarttype op uitgeschakeld en de status van de services op gestopt.
  • Excuus voor de niet echt duidelijke omschrijving!
    Doelde op deze 2 regels uit het logje van mijn vorige post:

    [quote:b10f81f234]O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe[/quote:b10f81f234]

    Ik had zelf Messenger Windows en Msn al [i:b10f81f234]voor mijn gevoel [/i:b10f81f234]grondig verwijderd maar ik zag nog deze 2 verwijzingen in mijn logje staan.

    vandaar dus:
    Kan ik deze 2 hierboven aangegeven regels ook verwijderen of doe ik dan iets heel doms??
  • Hijackthis is bedoelt om alleen spyware te verwijderen. Deze regels zijn volkomen legiem en het is niet aan te raden om deze te verwijderen. Ze zorgen ook niet voor vertraging voor je PC o.i.d.
  • Dank je wel Pim! Ik zit er niet aan!!!

    Wat mij betreft kan deze topic dicht hoor ! Heb genoeg hulp op dit vlak gehad…

    [b:d9dca455df]Hartelijk dank daarvoor allemaal, KLASSE [/b:d9dca455df]:D :D :D :D
  • Graag gedaan Ronald :)

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.