Vraag & Antwoord

Beveiliging & privacy

HijackThis log

Anoniem
None
4 antwoorden
 • Hallo,

  Hieronder een logje van HijackThis. Kan iemand mij vertellen of er iets verdachts aanwezig is op de computer?

  Willem

  ———————–
  Log
  ———————–

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 19:13:10, on 10-6-2009
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Eset\nod32kui.exe
  C:\PROGRA~1\HDTUNE~1\HDTune.exe
  C:\WINDOWS\system32\hkcmd.exe
  C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
  C:\Program Files\KPN\bin\sprtcmd.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Eset\nod32krn.exe
  C:\WINDOWS\system32\HPZipm12.exe
  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  C:\Program Files\KPN\bin\sprtsvc.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Java\jre6\bin\jqs.exe
  C:\Program Files\Eset\nod32.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Documents and Settings\Administrator.ROELOFS\Bureaublad\HiJackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toggle.com/index.php?rvs=hompag
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
  O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
  O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
  O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
  O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
  O4 - HKLM\..\Run: [HD Tune] C:\PROGRA~1\HDTUNE~1\HDTune.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
  O4 - HKLM\..\Run: [KPN] "C:\Program Files\KPN\bin\sprtcmd.exe" /P KPN
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
  O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
  O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
  O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?286a0286ff284cfbb22b5b3e4463acda
  O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?286a0286ff284cfbb22b5b3e4463acda
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
  O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O14 - IERESET.INF: START_PAGE_URL=http://www.toggle.com/index.php?rvs=hompag
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
  O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe


  End of file - 6628 bytes
 • Start hijackthis en kies voor 'do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:

  [b:d441b29a33]O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
  O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
  O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll [/b:d441b29a33]

  Sluit alle vensters behalve Hijackthis
  Klik op 'Fix checked' om de items te verwijderen.


  Download GV Killer.exe.
  Zet het in een eigen map bijvoorbeeld in de map C:\Program Files\GV Killer en maak vervolgens een snelkoppeling van C:\Program Files\GV Killer\GV Killer.exe naar je bureaublad.
  Start GV Killer en gebruik Kopiëren en Plakken om de namen van onderstaande bestanden en mappen in het bestand C:\Program Files\GV Killer\input.txt te zetten.

  [b:d441b29a33]C:\WINDOWS\system32\shdocvw.dll [/b:d441b29a33]

  Sluit het bestand C:\Program Files\GV Killer\input.txt en druk op de toets Start Killing om het programma te starten.
  Plaats de inhoud van het bestand C:\GV Killer.txt in je volgende bericht.  Download [b:d441b29a33] en sla het op je bureaublad op.
  Dubbelklik op [b:d441b29a33]mbam-setup.exe[/b:d441b29a33] om het programma te installeren.

  Zorg dat er na de installatie een vinkje is geplaatst bij:[list:d441b29a33]
  [*:d441b29a33]Update MalwareBytes' Anti-Malware
  [*:d441b29a33]Start MalwareBytes' Anti-Malware
  [/list:u:d441b29a33]Klik daarna op "[b:d441b29a33]Voltooien[/b:d441b29a33]".
  Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:d441b29a33]
  [*:d441b29a33]Zodra het programma gestart is, ga dan naar het tabblad "[b:d441b29a33]Instellingen[/b:d441b29a33]".
  [*:d441b29a33]Vink hier aan: "[b:d441b29a33]Sluit Internet Explorer tijdens verwijdering van malware[/b:d441b29a33]".
  [*:d441b29a33]Ga daarna naar het tabblad "[b:d441b29a33]Scanner[/b:d441b29a33]", kies hier voor "[b:d441b29a33]Snelle Scan[/b:d441b29a33]".
  [*:d441b29a33]Druk vervolgens op "[b:d441b29a33]Scannen[/b:d441b29a33]" om de scan te starten.
  [*:d441b29a33]Het scannen kan een tijdje duren, dus wees geduldig.

  [*:d441b29a33]Wanneer de scan voltooid is, klik op [b:d441b29a33]OK[/b:d441b29a33], daarna "[b:d441b29a33]Bekijk Resultaten[/b:d441b29a33]" om de resultaten te zien.
  [*:d441b29a33]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:d441b29a33]Verwijder geselecteerde[/b:d441b29a33]".
  [*:d441b29a33]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  [/list:u:d441b29a33]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:d441b29a33]Logs[/b:d441b29a33]" tab te klikken in het programma.

  Plaats dit logje samen met een nieuw logje van HijackThis
 • ———————–
  Mbam-log
  ———————–

  Malwarebytes' Anti-Malware 1.37
  Database versie: 2271
  Windows 5.1.2600 Service Pack 3

  13-6-2009 20:14:02
  mbam-log-2009-06-13 (20-14-02).txt

  Scan type: Snelle Scan
  Objecten gescand: 104502
  Verstreken tijd: 5 minute(s), 5 second(s)

  Geheugenprocessen geïnfecteerd: 0
  Geheugenmodulen geïnfecteerd: 0
  Registersleutels geïnfecteerd: 25
  Registerwaarden geïnfecteerd: 2
  Registerdata bestanden geïnfecteerd: 0
  Mappen geïnfecteerd: 15
  Bestanden geïnfecteerd: 16

  Geheugenprocessen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Geheugenmodulen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registersleutels geïnfecteerd:
  HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

  Registerwaarden geïnfecteerd:
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

  Registerdata bestanden geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Mappen geïnfecteerd:
  c:\documents and settings\Administrator.ROELOFS\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  c:\program files\shoppingreport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  c:\program files\shoppingreport\Bin\2.0.26 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  c:\program files\shoppingreport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  c:\documents and settings\Administrator\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
  c:\documents and settings\administrator\application data\registrysmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
  c:\documents and settings\Administrator\Application Data\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
  c:\documents and settings\administrator\application data\errorkiller\Log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
  c:\documents and settings\administrator\application data\errorkiller\Registry Backups (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

  Bestanden geïnfecteerd:
  c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  c:\documents and settings\administrator.roelofs\application data\shoppingreport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  c:\program files\shoppingreport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.
  c:\documents and settings\administrator\application data\registrysmart\Log\2007 Aug 03 - 12_01_56 AM_859.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
  c:\documents and settings\administrator\application data\registrysmart\Log\2007 Aug 03 - 12_01_58 AM_140.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
  c:\documents and settings\administrator\application data\errorkiller\Errors.stg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
  c:\documents and settings\administrator\application data\errorkiller\Results.stg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
  c:\documents and settings\administrator\application data\errorkiller\Log\2007 Aug 02 - 11_52_56 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
  c:\documents and settings\administrator\application data\errorkiller\Log\2007 Aug 02 - 11_52_57 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
  c:\documents and settings\administrator\application data\errorkiller\registry backups\2007-08-02_23-54-58.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
  c:\documents and settings\administrator\application data\errorkiller\registry backups\2007-08-02_23-57-11.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

  ———————–
  GV-killer
  ———————–

  Logfile gv_killer_01.txt v7.0.9 - Copyright © GV_Soft Guido Vaesen
  Rapport datum: 13-6-2009 20:00:01 log van Administrator , Beheerder van deze computer
  Platform: Windows XP Prof SP3 NLD Normale modus

  BEGIN Geplande taken—————————————————————–
  C:\WINDOWS\tasks\Controleren op updates voor Windows Live Toolbar.job
  C:\WINDOWS\tasks\Easy Onderhoud.job
  EINDE Geplande taken—————————————————————–


  Lijst Notify keys——————————————————————–
  HKLM\software\microsoft\windows nt\currentversion\winlogon\notify
  dimsntfy %SystemRoot%\System32\dimsntfy.dll
  igfxcui igfxsrvc.dll
  WgaLogon WgaLogon.dll
  Settings
  Einde Notify keys——————————————————————–

  Verklaring Errorcodes—————————————————————-
  code 00 : Bestand is verwijderd.
  code 53 : Bestand of map werd niet gevonden op uw PC.
  code 70 : Bestand was in gebruik.
  code 75 : Services zijn nog geladen of bestand in gebruik.
  code M0 : Map is verwijderd.
  code ML : Map is volledig leeg gemaakt.
  code MN : Map werd niet gevonden op uw PC, is niet leeg gemaakt.
  code MV : Map werd niet gevonden op uw PC, is niet verwijderd.
  code K0 : Register key is verwijderd.
  Einde Errorcodes——————————————————————–

  BEGIN Inhoud van Input.txt———————————————————–
  C:\WINDOWS\system32\shdocvw.dll
  EINDE Inhoud van Input.txt———————————————————–

  0 C:\WINDOWS\system32\shdocvw.dll
  EINDE Inhoud van Input.txt———————————————————–


  ;0176396-OEM-0011903-00101=S048J10Y55044700

  ;EINDE GV_Killer ———————————————————————  ———————–
  HijackThis
  ———————–

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 20:19:43, on 13-6-2009
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\PROGRA~1\HDTUNE~1\HDTune.exe
  C:\WINDOWS\system32\hkcmd.exe
  C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
  C:\Program Files\KPN\bin\sprtcmd.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Java\jre6\bin\jqs.exe
  C:\Program Files\Eset\nod32krn.exe
  C:\WINDOWS\system32\HPZipm12.exe
  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  C:\Program Files\KPN\bin\sprtsvc.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Documents and Settings\Administrator.ROELOFS\Menu Start\Programma's\HiJackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toggle.com/index.php?rvs=hompag
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
  O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
  O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
  O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
  O4 - HKLM\..\Run: [HD Tune] C:\PROGRA~1\HDTUNE~1\HDTune.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
  O4 - HKLM\..\Run: [KPN] "C:\Program Files\KPN\bin\sprtcmd.exe" /P KPN
  O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
  O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
  O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
  O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?286a0286ff284cfbb22b5b3e4463acda
  O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?286a0286ff284cfbb22b5b3e4463acda
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O14 - IERESET.INF: START_PAGE_URL=http://www.toggle.com/index.php?rvs=hompag
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
  O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe


  End of file - 6172 bytes
 • Is LimeWire toolbar vrijwillig geïnstalleerd?

  Download [b:994d15ef45] naar je Bureaublad en gebruik het volgens deze handleiding.
  [i:994d15ef45]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.