Vraag & Antwoord

Beveiliging & privacy

Hijack log, Kan hier even naar gekeken worden.

Anoniem
juisterr
8 antwoorden
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:16:52, on 26-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    G:\WINDOWS\System32\smss.exe
    G:\WINDOWS\system32\winlogon.exe
    G:\WINDOWS\system32\services.exe
    G:\WINDOWS\system32\lsass.exe
    G:\WINDOWS\system32\Ati2evxx.exe
    G:\WINDOWS\system32\svchost.exe
    G:\WINDOWS\System32\svchost.exe
    G:\WINDOWS\system32\Ati2evxx.exe
    G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    G:\Program Files\Alwil Software\Avast4\ashServ.exe
    G:\WINDOWS\Explorer.EXE
    G:\WINDOWS\system32\spoolsv.exe
    G:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    G:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    G:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    G:\WINDOWS\CTHELPER.EXE
    G:\WINDOWS\system32\CTXFIHLP.EXE
    G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    G:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    G:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    G:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    G:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    G:\Program Files\SPAMfighter\SFAgent.exe
    G:\Program Files\iTunes\iTunesHelper.exe
    G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    G:\WINDOWS\System32\Rundll32.exe
    G:\WINDOWS\system32\ctfmon.exe
    G:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    G:\Program Files\Messenger\MSMSGS.EXE
    G:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    G:\Program Files\Internet Explorer\iexplore.exe
    G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    G:\FRAPS\FRAPS.EXE
    G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    G:\WINDOWS\System32\CTsvcCDA.EXE
    G:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    G:\WINDOWS\system32\PnkBstrA.exe
    G:\Program Files\Logitech\SetPoint\SetPoint.exe
    G:\WINDOWS\system32\PnkBstrB.exe
    G:\Program Files\SPAMfighter\sfus.exe
    G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    G:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    G:\WINDOWS\System32\svchost.exe
    G:\Program Files\Common Files\Teleca Shared\Generic.exe
    G:\Program Files\iPod\bin\iPodService.exe
    G:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    G:\WINDOWS\system32\wuauclt.exe
    G:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
    G:\Program Files\Mozilla Firefox\firefox.exe
    G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - G:\Program Files\LimewirePlus\tbLim1.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - G:\Program Files\LimewirePlus\tbLim1.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {6156A32A-C512-4e23-AA9A-2315F4265681} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: adzgalore - {994B5FB4-0103-44A6-B6B3-C73572B362BC} - G:\WINDOWS\system32\nsz30.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: cpmsky browser optimizer - {bc0947d8-56db-daba-c600-5ed1af9595c5} - G:\WINDOWS\system32\{f738a0af-3e02-26aa-e78e-a972a7641b95}.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar3.dll
    O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - G:\Program Files\LimewirePlus\tbLim1.dll
    O4 - HKLM\..\Run: [CTDVDDET] "G:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [RCSystem] "G:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [AudioDrvEmulator] "G:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "G:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [VolPanel] "G:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "G:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SPAMfighter Agent] "G:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [PostSetupCheck] G:\WINDOWS\System32\Rundll32.exe "G:\WINDOWS\system32\cpmsky.dll" DllStart
    O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [Creative Detector] "G:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [StartCCC] G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [Fraps] G:\FRAPS\FRAPS.EXE
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [KCeasy] G:\Program Files\KCeasy\KCeasy.exe /hide
    O4 - HKCU\..\Run: [poll manager] G:\DOCUME~1\RALPHM~1\APPLIC~1\SAVEBL~1\01 CREATIVE.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = G:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = G:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PnkBstrA - Unknown owner - G:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - G:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - G:\Program Files\SPAMfighter\sfus.exe


    End of file - 10297 bytes


    Heeft last van malware,
  • Goede middag,


    Schakel [b:f3f1a1add9]Spybot's TeaTimer[/b:f3f1a1add9] even uit, omdat deze de fix in de weg kan zitten:
    - Start Spybot
    - Ga naar Mode > selecteer Advanced Mode
    - Ga naar Tools en klik op het Resident-icoon in de lijst
    - Haal het vinkje weg bij Resident [b:f3f1a1add9]TeaTimer[/b:f3f1a1add9] en klik OK
    - Herstart de computer

    Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
    Dubbelklik op [b:f3f1a1add9]ResetTeaTimer.bat[/b:f3f1a1add9] om alle entries in [b:f3f1a1add9] TeaTimer[/b:f3f1a1add9] te verwijderen.
    [i:f3f1a1add9]Als de computer schoon is, kun je [b:f3f1a1add9]TeaTimer[/b:f3f1a1add9] weer aan zetten [/i:f3f1a1add9]



    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:f3f1a1add9]
    O2 - BHO: (no name) - {6156A32A-C512-4e23-AA9A-2315F4265681} - (no file)
    O2 - BHO: adzgalore - {994B5FB4-0103-44A6-B6B3-C73572B362BC} - G:\WINDOWS\system32\nsz30.dll
    O2 - BHO: cpmsky browser optimizer - {bc0947d8-56db-daba-c600-5ed1af9595c5} - G:\WINDOWS\system32\{f738a0af-3e02-26aa-e78e-a972a7641b95}.dll
    O4 - HKLM\..\Run: [PostSetupCheck] G:\WINDOWS\System32\Rundll32.exe "G:\WINDOWS\system32\cpmsky.dll" DllStart
    O4 - HKCU\..\Run: [poll manager] G:\DOCUME~1\RALPHM~1\APPLIC~1\SAVEBL~1\01 CREATIVE.exe
    [/b:f3f1a1add9]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.



    Open de verkenner ("Deze Computer";) en kies [b:f3f1a1add9]Extra[/b:f3f1a1add9] -> [b:f3f1a1add9]Mapopties…[/b:f3f1a1add9]
    Controleer onder [b:f3f1a1add9]Weergave[/b:f3f1a1add9] de volgende instellingen:

    Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
    Uitzetten: Extensies voor bekende bestandstypen verbergen

    Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
    Selecteer: Verborgen bestanden en mappen weergeven

    Druk daarna op [b:f3f1a1add9]Toepassen[/b:f3f1a1add9] gevolgd door [b:f3f1a1add9]Ok[/b:f3f1a1add9].

    Verwijder de volgende directories:
    G:\Documents and Settings\RALPHM~1\Application Data\[b:f3f1a1add9]SAVEBL~1[/b:f3f1a1add9]\

    Download [b:f3f1a1add9].
    [list:f3f1a1add9][*:f3f1a1add9]Scroll omlaag naar : "[i:f3f1a1add9]Java Runtime Environment (JRE) 6 Update 6[/i:f3f1a1add9]".
    [*:f3f1a1add9]Klik op de "[b:f3f1a1add9]Download[/b:f3f1a1add9]" knop aan de rechterkant.
    [*:f3f1a1add9]Vink aan: "[b:f3f1a1add9]Accept License Agreement[/b:f3f1a1add9]", en klik op [b:f3f1a1add9]Continue[/b:f3f1a1add9].
    [*:f3f1a1add9]De pagina zal herladen.
    [*:f3f1a1add9]Klik op de [b:f3f1a1add9]Windows Offline Installation, Multi-language[/b:f3f1a1add9] link ONDER [b:f3f1a1add9]Windows Platform - Java SE Runtime Environment 6 Update 6[/b:f3f1a1add9] en bewaar het op je Bureaublad.
    [*:f3f1a1add9]Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    [*:f3f1a1add9]Ga dan naar [b:f3f1a1add9]Start[/b:f3f1a1add9] > [b:f3f1a1add9]Configuratiescherm[/b:f3f1a1add9] > [b:f3f1a1add9]Software[/b:f3f1a1add9] en verwijder alle oudere versies van Java uit de Softwarelijst. (met Java Runtime Environment (JRE of J2SE) in de naam.
    [*:f3f1a1add9]Herhaal dit tot alle oudere versies verdwenen zijn.
    [*:f3f1a1add9]Na het verwijderen van alle oudere versies, [b:f3f1a1add9]herstart[/b:f3f1a1add9] je pc.
    [*:f3f1a1add9]Dubbelklik vervolgens op [b:f3f1a1add9]jre-6u6-windows-i586-p.exe[/b:f3f1a1add9] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:f3f1a1add9]



    Download dit bestand:
    [b:f3f1a1add9]Deljob.exe[/b:f3f1a1add9]()

    Plaats het op je bureaublad.

    Dubbelklik [b:f3f1a1add9]Deljob.exe[/b:f3f1a1add9].
    Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad.
    Post de inhoud van [b:f3f1a1add9]logit.txt[/b:f3f1a1add9] in je volgende bericht.
  • Hoe verwijder ik deze:

    Verwijder de volgende directories:
    G:\Documents and Settings\RALPHM~1\Application Data\SAVEBL~1\


    Kan naar G en Documents and Settings gaan maar dan kom ik bij mijn eigen map.


    Ralph Marijnissen en die is niet te verwijderen+ neem aan dat dat niet moet.
  • Het is de bedoeling dat je alleen het dikgedrukte deel verwijderd .

    G:\Documents and Settings\RALPHM~1\Application Data\[b:ac84877cf7]SAVEBL~1\ [/b:ac84877cf7]

    ~ dit tekenje wil zeggen dat jij op jouw pc de hele naam ziet staan.

    Run anders als het niet lukken wil alleen de deljob aub.
  • Als ik: Application Data
    Heb geopend dan staat er geen map die lijkt op:



    SAVEBL~1\

    ?
  • ——————————————————–
    No LOP job-files found
    ——————————————————–
    Files in Windows Tasks folder

    AppleSoftwareUpdate.job
    ——————————————————–
    Export App Data folders
    ——————————————————–
    De volumenaam van station G is 320gb MASTER
    Het volumenummer is 20BD-D026

    Map van G:\Documents and Settings\ralph marijnissen\Application Data

    26-04-2008 00:22 <DIR> .
    26-04-2008 00:22 <DIR> ..
    20-03-2007 17:43 <DIR> Adobe
    20-03-2007 17:41 <DIR> AdobeAUM
    01-07-2007 22:56 <DIR> AdobeUM
    14-09-2007 22:38 <DIR> Ahead
    29-01-2007 23:27 <DIR> APPLEC~1 Apple Computer
    04-05-2007 22:46 <DIR> ATI
    10-03-2007 01:34 <DIR> COMMAN~1 Command & Conquer 3 Tiberium Wars Demo
    08-12-2007 23:57 <DIR> Comodo
    24-02-2007 18:15 <DIR> Creative
    27-02-2007 23:28 <DIR> DEEPBU~1 DeepBurner
    08-11-2007 19:31 <DIR> GEARBO~1 Gearbox Software
    04-02-2007 04:00 <DIR> Google
    13-01-2007 13:58 <DIR> IDENTI~1 Identities
    22-05-2007 16:46 <DIR> INSTAL~1 InstallShield
    29-03-2008 23:48 <DIR> KAZAAL~1 Kazaa Lite
    11-03-2007 18:00 <DIR> Lavasoft
    14-09-2007 20:50 <DIR> LEADER~1 Leadertech
    25-04-2008 23:25 <DIR> LIMEWI~1 LimeWirePlus
    08-11-2007 19:24 <DIR> Logitech
    13-01-2007 14:08 <DIR> MACROM~1 Macromedia
    01-02-2008 22:12 <DIR> MICROS~1 Microsoft
    13-01-2007 14:22 <DIR> Mozilla
    24-04-2007 11:16 <DIR> SECOND~1 SecondLife
    22-05-2007 17:16 <DIR> SecuROM
    29-01-2007 23:24 <DIR> SONYER~1 Sony Ericsson
    01-07-2007 20:22 <DIR> SPAMFI~1 SPAMfighter
    07-02-2007 12:33 <DIR> Sun
    19-09-2007 11:37 <DIR> SYSTEM~1 SystemRequirementsLab
    29-01-2007 23:25 <DIR> Teleca
    0 bestand(en) 0 bytes
    31 map(pen) 115.697.639.424 bytes beschikbaar
    De volumenaam van station G is 320gb MASTER
    Het volumenummer is 20BD-D026

    Map van G:\Documents and Settings\All Users\Application Data

    25-04-2008 23:28 <DIR> .
    25-04-2008 23:28 <DIR> ..
    17-09-2007 11:13 <DIR> Adobe
    28-08-2007 18:18 <DIR> Apple
    28-08-2007 18:20 <DIR> APPLEC~1 Apple Computer
    08-12-2007 23:57 <DIR> Comodo
    13-01-2007 14:45 <DIR> Creative
    01-07-2007 22:55 <DIR> DVDSHR~1 DVD Shrink
    18-01-2007 10:58 <DIR> Google
    17-12-2007 13:48 <DIR> HEMAAL~1 Hema Album Software Advanced
    24-04-2008 23:26 <DIR> Kazaa
    08-11-2007 19:22 <DIR> LogiShrd
    08-11-2007 19:22 <DIR> Logitech
    02-10-2007 14:38 <DIR> MICROS~1 Microsoft
    18-11-2007 13:26 <DIR> NexonUS
    14-01-2007 03:41 <DIR> NVIDIA
    26-04-2008 00:21 <DIR> PEAKOO~1 Peak ooze date army
    24-04-2008 23:01 <DIR> REFLEX
    29-01-2007 23:23 <DIR> SONYER~1 Sony Ericsson
    24-03-2008 00:28 <DIR> SPYBOT~1 Spybot - Search & Destroy
    29-01-2007 23:23 <DIR> Teleca
    27-04-2008 22:52 <DIR> TEMP
    13-01-2007 16:04 <DIR> WINDOW~1 Windows Genuine Advantage
    0 bestand(en) 0 bytes
    23 map(pen) 115.697.639.424 bytes beschikbaar
    ——————————————————–
    All User Accounts
    ——————————————————–
    All Users
    ralph marijnissen
    ——————————————————–










    Ook nog een nieuwe:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:59:45, on 27-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    G:\WINDOWS\System32\smss.exe
    G:\WINDOWS\system32\winlogon.exe
    G:\WINDOWS\system32\services.exe
    G:\WINDOWS\system32\lsass.exe
    G:\WINDOWS\system32\Ati2evxx.exe
    G:\WINDOWS\system32\svchost.exe
    G:\WINDOWS\System32\svchost.exe
    G:\WINDOWS\system32\Ati2evxx.exe
    G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    G:\Program Files\Alwil Software\Avast4\ashServ.exe
    G:\WINDOWS\Explorer.EXE
    G:\WINDOWS\system32\spoolsv.exe
    G:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    G:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    G:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    G:\WINDOWS\CTHELPER.EXE
    G:\WINDOWS\system32\CTXFIHLP.EXE
    G:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    G:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    G:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    G:\Program Files\SPAMfighter\SFAgent.exe
    G:\Program Files\iTunes\iTunesHelper.exe
    G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    G:\WINDOWS\system32\ctfmon.exe
    G:\Program Files\Messenger\MSMSGS.EXE
    G:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    G:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    G:\WINDOWS\System32\CTsvcCDA.EXE
    G:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    G:\FRAPS\FRAPS.EXE
    G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    G:\WINDOWS\system32\PnkBstrA.exe
    G:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    G:\WINDOWS\system32\PnkBstrB.exe
    G:\Program Files\Logitech\SetPoint\SetPoint.exe
    G:\Program Files\SPAMfighter\sfus.exe
    G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    G:\WINDOWS\System32\msiexec.exe
    G:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    G:\WINDOWS\System32\svchost.exe
    G:\Program Files\iPod\bin\iPodService.exe
    G:\Program Files\Common Files\Teleca Shared\Generic.exe
    G:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    G:\WINDOWS\system32\wuauclt.exe
    G:\Program Files\Mozilla Firefox\firefox.exe
    G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - G:\Program Files\LimewirePlus\tbLim1.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - G:\Program Files\LimewirePlus\tbLim1.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar3.dll
    O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - G:\Program Files\LimewirePlus\tbLim1.dll
    O4 - HKLM\..\Run: [CTDVDDET] "G:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [RCSystem] "G:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [AudioDrvEmulator] "G:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "G:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [VolPanel] "G:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "G:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SPAMfighter Agent] "G:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [Creative Detector] "G:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [StartCCC] G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [Fraps] G:\FRAPS\FRAPS.EXE
    O4 - HKCU\..\Run: [KCeasy] G:\Program Files\KCeasy\KCeasy.exe /hide
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = G:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = G:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - G:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PnkBstrA - Unknown owner - G:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - G:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - G:\Program Files\SPAMfighter\sfus.exe


    End of file - 9467 bytes







    Maar SAVEBL~1\ kan ik niet vinden in: Application Data

    In mijn map?
  • Staat ook niet meer in je logje dus weg, hoe staat het met je problemen nu >?
  • Hartstikke bedankt.

    Nergens last meer van.

    Alleen dat hij steeds trager opstart etc.
    Maar komt door dat deze xp er al lang opstaat en de 320Gb schijf aardig volloopt.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.