Archief - check up

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
K

Kysr

Legacy Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:05, on 22/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Flos\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina - Leeman Automatisering
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.skynet.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Flos\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253117942201
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 7106 bytes


Dank bij voorbaat.
J

Juisterr

Legacy Member
Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Flos\Application Data\Dropbox\bin\Dropbox.exe

Klik op 'Fix checked' om de items te verwijderen.


Download LopSD naar je Bureaublad
  • Kies Optie N en Enter
  • Klik OK bij het informatie venter
  • Kies Optie 2 (Fix + Hosts), en Enter
  • Aan het eind verschijnt een log ( LopR.txt ) plaats de inhoud ervan in je volgende antwoord
Vista gebruikers:rechtsklik op LopSD en kies voor "Als Administrator uitvoeren”
Note:LopSD wordt door sommige virusscanners als virus gezien,deactiveer daarom je scanner
K

Kysr

Legacy Member
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Flos ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 Antivirus 4.0 4.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:127 Go (Free:10 Go)
D:\ (Local Disk) - NTFS - Total:61 Go (Free:20 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( za 24/04/2010|18:23 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ HERSTEL

-
[ Hosts bestand ] .. Hersteld !

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Beschrijving van mappen in APPLIC~1

[12/04/2010|23:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[18/09/2009|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{55A29068-F2CE-456C-9148-C869879E2357}
[16/09/2009|19:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[31/10/2009|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[20/01/2010|15:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[16/09/2009|19:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[16/09/2009|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[02/11/2009|20:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Chat Republic Games
[17/10/2009|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite
[20/09/2009|18:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Pro
[16/09/2009|19:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET
[06/01/2010|12:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FlashFXP
[11/12/2009|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\id Software
[25/09/2009|18:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[30/09/2009|23:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[14/04/2010|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[14/09/2009|13:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[16/09/2009|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA Corporation
[14/09/2009|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[21/09/2009|09:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[08/03/2010|18:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sun
[23/04/2010|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[31/10/2009|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[17/09/2009|13:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[0|bestand(en)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes
[26|map(pen)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes beschikbaar

[14/09/2009|13:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes
[3|map(pen)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes beschikbaar

[17/09/2009|11:46] C:\DOCUME~1\Flos\APPLIC~1\Adobe
[17/09/2009|14:32] C:\DOCUME~1\Flos\APPLIC~1\Apple Computer
[21/09/2009|19:16] C:\DOCUME~1\Flos\APPLIC~1\Brother
[24/02/2010|11:21] C:\DOCUME~1\Flos\APPLIC~1\Creative
[17/10/2009|16:16] C:\DOCUME~1\Flos\APPLIC~1\DAEMON Tools Lite
[20/09/2009|17:52] C:\DOCUME~1\Flos\APPLIC~1\DAEMON Tools Pro
[16/09/2009|20:14] C:\DOCUME~1\Flos\APPLIC~1\DivX
[24/04/2010|17:52] C:\DOCUME~1\Flos\APPLIC~1\Dropbox
[03/03/2010|14:04] C:\DOCUME~1\Flos\APPLIC~1\dvdcss
[06/03/2010|13:39] C:\DOCUME~1\Flos\APPLIC~1\GameRanger
[19/04/2010|16:53] C:\DOCUME~1\Flos\APPLIC~1\Hamachi
[23/10/2009|18:23] C:\DOCUME~1\Flos\APPLIC~1\ICAClient
[11/12/2009|21:17] C:\DOCUME~1\Flos\APPLIC~1\id Software
[14/09/2009|13:36] C:\DOCUME~1\Flos\APPLIC~1\Identities
[16/09/2009|19:31] C:\DOCUME~1\Flos\APPLIC~1\Macromedia
[16/09/2009|20:14] C:\DOCUME~1\Flos\APPLIC~1\Media Player Classic
[09/02/2010|21:12] C:\DOCUME~1\Flos\APPLIC~1\Microsoft
[23/04/2010|23:56] C:\DOCUME~1\Flos\APPLIC~1\mIRC
[16/09/2009|19:21] C:\DOCUME~1\Flos\APPLIC~1\Mozilla
[16/09/2009|18:26] C:\DOCUME~1\Flos\APPLIC~1\MSN6
[12/04/2010|19:44] C:\DOCUME~1\Flos\APPLIC~1\OpenOffice.org
[08/03/2010|18:17] C:\DOCUME~1\Flos\APPLIC~1\Sun
[18/09/2009|11:23] C:\DOCUME~1\Flos\APPLIC~1\TuneUp Software
[30/09/2009|22:45] C:\DOCUME~1\Flos\APPLIC~1\URSoft
[23/04/2010|18:26] C:\DOCUME~1\Flos\APPLIC~1\uTorrent
[31/10/2009|23:10] C:\DOCUME~1\Flos\APPLIC~1\Ventrilo
[24/04/2010|10:13] C:\DOCUME~1\Flos\APPLIC~1\vlc
[16/09/2009|19:46] C:\DOCUME~1\Flos\APPLIC~1\WinRAR
[22/04/2010|18:51] C:\DOCUME~1\Flos\APPLIC~1\XBMC
[0|bestand(en)] C:\DOCUME~1\Flos\APPLIC~1\bytes
[31|map(pen)] C:\DOCUME~1\Flos\APPLIC~1\bytes beschikbaar

[14/09/2009|13:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[31/10/2009|23:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\TuneUp Software
[0|bestand(en)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes
[4|map(pen)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes beschikbaar

[14/09/2009|13:32] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes
[3|map(pen)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes beschikbaar

--------------------\\ Geplande Taken gelocaliseerd in C:\WINDOWS\Tasks

[24/04/2010 18:04][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1454471165-725345543-1003UA.job
[23/04/2010 22:04][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1454471165-725345543-1003Core.job
[24/04/2010 17:53][--a------] C:\WINDOWS\tasks\Automatic troubleshooting.job
[12/04/2010 22:12][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[24/04/2010 17:52][--ah-----] C:\WINDOWS\tasks\SA.DAT
[07/09/2001 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Beschrijving van mappen in C:\Program Files

[16/09/2009|19:59] C:\Program Files\Adobe
[21/02/2010|16:15] C:\Program Files\Age Of Empires 2 & The Conquerors Expansion - Full Game
[16/09/2009|19:54] C:\Program Files\Apple Software Update
[15/09/2009|16:04] C:\Program Files\AvRack
[22/04/2010|21:40] C:\Program Files\BestGameEver
[12/04/2010|23:05] C:\Program Files\Bonjour
[17/09/2009|14:23] C:\Program Files\Brother
[17/09/2009|14:23] C:\Program Files\Brownie
[23/04/2010|00:27] C:\Program Files\CCleaner
[23/10/2009|18:17] C:\Program Files\Citrix
[22/04/2010|21:39] C:\Program Files\Common Files
[22/04/2010|18:53] C:\Program Files\Creative
[20/09/2009|15:55] C:\Program Files\Creative Installation Information
[17/10/2009|16:15] C:\Program Files\DAEMON Tools Lite
[17/09/2009|10:11] C:\Program Files\DAMN NFO Viewer
[15/09/2009|15:23] C:\Program Files\DIFX
[16/09/2009|20:04] C:\Program Files\DivX
[29/01/2010|12:37] C:\Program Files\Enemy Territory
[17/09/2009|14:52] C:\Program Files\ESET
[06/01/2010|12:32] C:\Program Files\FlashFXP
[16/09/2009|19:55] C:\Program Files\Haali
[20/02/2010|15:08] C:\Program Files\Hamachi
[21/09/2009|19:04] C:\Program Files\InstallShield Installation Information
[31/03/2010|15:54] C:\Program Files\Internet Explorer
[12/04/2010|23:11] C:\Program Files\iPod
[12/04/2010|23:12] C:\Program Files\iTunes
[08/04/2010|15:16] C:\Program Files\Java
[16/09/2009|19:08] C:\Program Files\K-Lite Codec Pack
[25/09/2009|18:28] C:\Program Files\Logitech
[17/09/2009|13:18] C:\Program Files\Messenger
[16/09/2009|19:09] C:\Program Files\Microsoft
[14/09/2009|13:32] C:\Program Files\microsoft frontpage
[17/09/2009|10:15] C:\Program Files\Microsoft Office
[21/01/2010|13:44] C:\Program Files\Microsoft Silverlight
[17/09/2009|10:15] C:\Program Files\Microsoft Visual Studio
[20/09/2009|17:01] C:\Program Files\Microsoft Works
[23/04/2010|22:15] C:\Program Files\mIRC
[11/03/2010|18:05] C:\Program Files\Movie Maker
[23/04/2010|17:32] C:\Program Files\Mozilla Firefox
[17/09/2009|10:15] C:\Program Files\MSBuild
[14/09/2009|13:29] C:\Program Files\MSN Gaming Zone
[16/09/2009|19:11] C:\Program Files\NetMeeting
[16/09/2009|18:45] C:\Program Files\NVIDIA Corporation
[14/09/2009|13:31] C:\Program Files\Online Services
[18/11/2009|21:06] C:\Program Files\OpenAL
[12/04/2010|19:39] C:\Program Files\OpenOffice
[12/04/2010|19:40] C:\Program Files\OpenOffice.org 3
[17/09/2009|13:06] C:\Program Files\Outlook Express
[12/04/2010|23:08] C:\Program Files\QuickTime
[15/09/2009|16:04] C:\Program Files\Realtek AC97
[22/04/2010|21:40] C:\Program Files\RedLynx
[22/04/2010|21:39] C:\Program Files\Stardock
[29/10/2009|20:50] C:\Program Files\Trend Micro
[31/10/2009|23:04] C:\Program Files\TuneUp Utilities 2010
[23/12/2009|20:53] C:\Program Files\uTorrent
[17/09/2009|12:46] C:\Program Files\Ventrilo
[24/10/2009|17:59] C:\Program Files\VeryPDF PDF2Word v3.0
[14/09/2009|19:10] C:\Program Files\VideoLAN
[16/09/2009|19:45] C:\Program Files\virusscanners
[16/09/2009|19:09] C:\Program Files\Windows Live
[16/09/2009|19:09] C:\Program Files\Windows Live SkyDrive
[20/09/2009|17:55] C:\Program Files\Windows Media Player
[16/09/2009|19:11] C:\Program Files\Windows NT
[22/04/2010|21:17] C:\Program Files\WindowsUpdate
[16/09/2009|19:46] C:\Program Files\WinRAR
[10/02/2010|23:06] C:\Program Files\XBMC
[14/09/2009|13:32] C:\Program Files\xerox
[30/09/2009|22:49] C:\Program Files\Your Uninstaller 2008
[0|bestand(en)] C:\Program Files\bytes
[70|map(pen)] C:\Program Files\bytes beschikbaar

--------------------\\ Beschrijving van mappen in C:\Program Files\Common Files

[20/01/2010|15:18] C:\Program Files\Common Files\Adobe
[12/04/2010|23:11] C:\Program Files\Common Files\Apple
[22/04/2010|21:39] C:\Program Files\Common Files\Creative
[17/09/2009|10:15] C:\Program Files\Common Files\DESIGNER
[17/09/2009|14:22] C:\Program Files\Common Files\InstallShield
[08/03/2010|18:18] C:\Program Files\Common Files\Java
[25/09/2009|18:28] C:\Program Files\Common Files\Logishrd
[29/01/2010|14:53] C:\Program Files\Common Files\Logitech
[20/09/2009|17:02] C:\Program Files\Common Files\Microsoft Shared
[14/09/2009|13:30] C:\Program Files\Common Files\MSSoap
[14/09/2009|15:16] C:\Program Files\Common Files\ODBC
[14/09/2009|13:30] C:\Program Files\Common Files\Services
[14/09/2009|15:16] C:\Program Files\Common Files\SpeechEngines
[20/09/2009|16:59] C:\Program Files\Common Files\System
[16/09/2009|19:06] C:\Program Files\Common Files\Windows Live
[17/09/2009|12:46] C:\Program Files\Common Files\Wise Installation Wizard
[0|bestand(en)] C:\Program Files\Common Files\bytes
[18|map(pen)] C:\Program Files\Common Files\bytes beschikbaar

--------------------\\ Process

( 47 Processes )

... OK !

--------------------\\ Zoeken met S_Lop

Geen Lop mappen gevonden !

--------------------\\ Zoeken naar Lop Bestanden - Mappen

Geen Lop mappen gevonden !

--------------------\\ Zoeken doorheen het Register

..... OK !

--------------------\\ Nazicht van het Hosts bestand

Hosts bestand IN ORDE


--------------------\\ Zoeken naar verborgen bestanden met Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-04-24 18:25:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Zoeken naar andere infecties

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Flos\Application Data\uTorrent\FlashFXP.v3.7.7.build.1313.BETA.Incl.Keygen.and.Patch-Lz0.torrent
C:\DOCUME~1\Flos\Application Data\uTorrent\mIRC.v6.34.Incl.KeyGen.and.Server.Patch-F4CG.torrent
C:\DOCUME~1\Flos\Application Data\uTorrent\Your.Uninstaller!.2008.v6.1.1231.READNFO_KEYGEN-FFF.torrent
C:\DOCUME~1\Flos\Mijn documenten\Mijn muziek\muziek\Eminem Feat Dr. Dre & 50 Cent\Unknown Album\Crack a bottle.mp3
C:\DOCUME~1\Flos\Mijn documenten\Mijn muziek\muziek\Frank Zappa\Cruising With Ruben & The Jets\13 Stuff Up The Cracks.mp3
C:\DOCUME~1\Flos\Mijn documenten\Mijn muziek\muziek\The Rolling Stones\Collection 1971-1989\68 Cracking Up.mp3


[F:36][D:4]-> C:\DOCUME~1\Flos\LOCALS~1\Temp
[F:15][D:0]-> C:\DOCUME~1\Flos\Cookies
[F:99][D:5]-> C:\DOCUME~1\Flos\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - za 24/04/2010|18:26 - Option : [2]

--------------------\\ Scan voltooid om 18:26:55


Dat fixen in Hijack wat gaat dat doen, want ik wil wel degelijk dat dropbox verschijnt bij startup.

Dank bij voorbaat
J

Juisterr

Legacy Member
Nieuw HJT logje ter controle en vertel gelijk even hoe het nu gaat.
K

Kysr

Legacy Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:34, on 24/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Flos\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Flos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Flos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Flos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Flos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Flos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Flos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Flos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Flos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Documents and Settings\Flos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina - Leeman Automatisering
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.skynet.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Flos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Flos\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253117942201
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 7957 bytes


PC draait deftig, geen last atm. Dat fixen in Hijack wat gaat dat doen, want ik wil wel degelijk dat dropbox verschijnt bij startup. (daarom heb ik het nog niet aangepast)
J

Juisterr

Legacy Member
Je gebruikt dat ? :eek:
Laat maar staan dan.

Hoe staat het met de problemen?
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan