Archief - Hijack this Log (zoveelste ;) )

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

DevilDown

Legacy Member
Hey,

Kan hier iemand m'n logje eens checken. Ik merk de laatste tijd heel wat meer popups, vertragingen, automatisch afsluiten van de browser etc.

Thx!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:30:13, on 10/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Gertjan\Application Data\Save\Save.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=2067
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Wenskaarten] E:\setup.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Save] C:\Documents and Settings\Gertjan\Application Data\Save\Save.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TSGNetLoader.lnk = C:\Program Files\NetLoader\NetLoader\TSGNetLoader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Add URL Link to Netloader - file://C:\Program Files\NetLoader\NetLoader\linker.htm
O8 - Extra context menu item: Add All URL Links to &Netloader - file://C:\Program Files\NetLoader\NetLoader\linkerall.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159300544180
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8702 bytes

Juisterr

Legacy Member
Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [Save] C:\Documents and Settings\Gertjan\Application Data\Save\Save.exe

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.

LopSD (by eric 71)
De-activeer bij dit tooltje je antispyware en virusscanner
Download LopSD naar je Bureaublad
  • Kies Optie N en Enter
  • Klik OK bij het informatie venter
  • Kies Optie 2 en Enter
  • Aan het eind verschijnt een log ( LopR.txt ) plaats de inhoud ervan in je volgende antwoord
Vista gebruikers:rechtsklik op LopSD en kies voor "Als Administrator uitvoeren"
En een log van Hijack This

DevilDown

Legacy Member
Hey, thx alvast, hier lopSD log en Hijack this log:


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) Processor )
BIOS : Version 1.00
USER : Gertjan ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:76 Go (Free:21 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:38 Go (Free:27 Go)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( vr 12/06/2009|13:40 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ HERSTEL

Verwijderd ! - C:\DOCUME~1\Gertjan\LOCALS~1\Temp\nspE.tmp
Verwijderd ! - C:\DOCUME~1\Gertjan\Cookies\gertjan@advertising[2].txt
Verwijderd ! - C:\DOCUME~1\Gertjan\Cookies\gertjan@ero-advertising[1].txt
Verwijderd ! - C:\DOCUME~1\Gertjan\Cookies\gertjan@pacificpoker[1].txt
Verwijderd ! - C:\DOCUME~1\Gertjan\Cookies\[email protected][1].txt
Verwijderd ! - C:\DOCUME~1\Gertjan\Cookies\gertjan@partypoker[1].txt
Verwijderd ! - C:\DOCUME~1\Gertjan\Cookies\gertjan@888[1].txt
Verwijderd ! - C:\DOCUME~1\Gertjan\Cookies\gertjan@888[2].txt
-
[ Hosts bestand ] .. Hersteld !

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Beschrijving van mappen in APPLIC~1

[11/11/2008|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[24/09/2007|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[18/11/2006|22:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ashampoo
[09/04/2009|19:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[13/04/2009|09:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonIJ
[13/04/2009|09:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonIJEPPEX
[09/04/2009|19:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonIJMyPrinter
[10/05/2009|14:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonIJPLM
[13/04/2009|09:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonIJScan
[09/04/2009|19:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonIJSolutionMenu
[25/03/2007|16:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[29/09/2007|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GRETECH
[23/02/2008|20:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[15/04/2007|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[26/08/2008|16:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[26/08/2008|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[11/04/2009|20:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[17/04/2009|21:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[25/05/2008|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbNetworks
[20/05/2008|21:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winamp Toolbar
[26/09/2006|21:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[24/08/2008|17:57] C:\DOCUME~1\Chief\APPLIC~1\Adobe
[26/01/2007|20:25] C:\DOCUME~1\Chief\APPLIC~1\AdobeUM
[21/04/2008|21:03] C:\DOCUME~1\Chief\APPLIC~1\Apple Computer
[03/11/2006|21:28] C:\DOCUME~1\Chief\APPLIC~1\BitTorrent
[13/04/2009|09:43] C:\DOCUME~1\Chief\APPLIC~1\Canon
[24/06/2007|17:56] C:\DOCUME~1\Chief\APPLIC~1\CD-LabelPrint
[18/02/2008|23:32] C:\DOCUME~1\Chief\APPLIC~1\DAEMON Tools
[10/05/2009|17:01] C:\DOCUME~1\Chief\APPLIC~1\GARMIN
[25/11/2007|22:14] C:\DOCUME~1\Chief\APPLIC~1\Google
[26/09/2006|13:52] C:\DOCUME~1\Chief\APPLIC~1\Identities
[15/04/2007|18:58] C:\DOCUME~1\Chief\APPLIC~1\Leadertech
[26/08/2008|19:28] C:\DOCUME~1\Chief\APPLIC~1\Logitech
[26/09/2006|22:55] C:\DOCUME~1\Chief\APPLIC~1\Macromedia
[13/04/2009|10:36] C:\DOCUME~1\Chief\APPLIC~1\Microsoft
[01/10/2006|16:01] C:\DOCUME~1\Chief\APPLIC~1\Mozilla
[26/09/2006|22:42] C:\DOCUME~1\Chief\APPLIC~1\Netscape
[05/03/2008|22:57] C:\DOCUME~1\Chief\APPLIC~1\Real
[15/04/2007|19:00] C:\DOCUME~1\Chief\APPLIC~1\Sonic
[29/10/2006|12:36] C:\DOCUME~1\Chief\APPLIC~1\Sun
[13/09/2007|14:36] C:\DOCUME~1\Chief\APPLIC~1\Syntrillium
[26/09/2006|22:25] C:\DOCUME~1\Chief\APPLIC~1\Talkback
[26/09/2006|23:12] C:\DOCUME~1\Chief\APPLIC~1\Thunderbird
[20/11/2006|23:19] C:\DOCUME~1\Chief\APPLIC~1\vlc

[26/09/2006|13:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[06/06/2008|23:12] C:\DOCUME~1\Gertjan\APPLIC~1\AccurateRip
[21/08/2008|22:13] C:\DOCUME~1\Gertjan\APPLIC~1\Adobe
[08/10/2006|15:24] C:\DOCUME~1\Gertjan\APPLIC~1\AdobeUM
[18/11/2006|22:36] C:\DOCUME~1\Gertjan\APPLIC~1\Ashampoo
[15/02/2008|19:39] C:\DOCUME~1\Gertjan\APPLIC~1\Azureus
[06/06/2009|14:03] C:\DOCUME~1\Gertjan\APPLIC~1\BitTorrent
[03/06/2009|14:25] C:\DOCUME~1\Gertjan\APPLIC~1\BSplayer
[03/06/2009|14:23] C:\DOCUME~1\Gertjan\APPLIC~1\BSplayer Pro
[16/02/2008|21:43] C:\DOCUME~1\Gertjan\APPLIC~1\DAEMON Tools
[16/02/2008|21:34] C:\DOCUME~1\Gertjan\APPLIC~1\Google
[29/09/2007|19:01] C:\DOCUME~1\Gertjan\APPLIC~1\GRETECH
[11/09/2008|19:28] C:\DOCUME~1\Gertjan\APPLIC~1\Help
[29/09/2006|15:49] C:\DOCUME~1\Gertjan\APPLIC~1\Identities
[26/08/2008|16:50] C:\DOCUME~1\Gertjan\APPLIC~1\InstallShield
[26/08/2008|16:53] C:\DOCUME~1\Gertjan\APPLIC~1\Logitech
[29/09/2006|16:06] C:\DOCUME~1\Gertjan\APPLIC~1\Macromedia
[14/03/2009|13:31] C:\DOCUME~1\Gertjan\APPLIC~1\Microsoft
[02/09/2008|22:04] C:\DOCUME~1\Gertjan\APPLIC~1\Mozilla
[12/10/2007|19:54] C:\DOCUME~1\Gertjan\APPLIC~1\Real
[12/06/2009|13:00] C:\DOCUME~1\Gertjan\APPLIC~1\Save
[01/05/2007|16:56] C:\DOCUME~1\Gertjan\APPLIC~1\Sonic
[31/10/2006|22:31] C:\DOCUME~1\Gertjan\APPLIC~1\Sun
[04/03/2007|13:12] C:\DOCUME~1\Gertjan\APPLIC~1\Syntrillium
[03/09/2008|15:28] C:\DOCUME~1\Gertjan\APPLIC~1\SystemRequirementsLab
[29/09/2006|16:05] C:\DOCUME~1\Gertjan\APPLIC~1\Talkback
[29/09/2006|19:51] C:\DOCUME~1\Gertjan\APPLIC~1\Thunderbird
[17/11/2006|20:08] C:\DOCUME~1\Gertjan\APPLIC~1\vlc

[01/11/2008|20:35] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[22/04/2009|23:08] C:\DOCUME~1\Mama\APPLIC~1\Identities
[22/04/2009|23:08] C:\DOCUME~1\Mama\APPLIC~1\Logitech
[22/04/2009|23:08] C:\DOCUME~1\Mama\APPLIC~1\Microsoft
[17/05/2009|23:41] C:\DOCUME~1\Mama\APPLIC~1\Mozilla

[26/09/2006|13:21] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Geplande Taken gelocaliseerd in C:\WINDOWS\Tasks

[12/06/2009 12:54][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Beschrijving van mappen in C:\Program Files

[08/10/2006|21:18] C:\Program Files\ACAD2000
[01/09/2008|16:15] C:\Program Files\Activision
[11/11/2008|16:15] C:\Program Files\Adobe
[24/01/2008|22:12] C:\Program Files\ahead
[18/11/2006|22:35] C:\Program Files\Ashampoo
[12/10/2006|21:21] C:\Program Files\Audacity
[24/11/2006|23:03] C:\Program Files\Azureus
[29/03/2009|17:08] C:\Program Files\Belgium Identity Card
[01/09/2008|13:28] C:\Program Files\BitTorrent
[07/08/2008|16:17] C:\Program Files\Black Isle
[07/01/2007|19:19] C:\Program Files\CAAD-4.1
[09/04/2009|19:30] C:\Program Files\Canon
[09/04/2009|19:17] C:\Program Files\CanonBJ
[04/03/2007|13:55] C:\Program Files\CDBurnerXP Pro 3
[11/04/2009|20:29] C:\Program Files\Common Files
[26/09/2006|13:16] C:\Program Files\ComPlus Applications
[15/11/2008|14:34] C:\Program Files\coolpro2
[17/02/2008|13:03] C:\Program Files\DAEMON Tools Lite
[10/05/2009|16:47] C:\Program Files\DIFX
[24/01/2008|23:18] C:\Program Files\EASY COMPUTING
[06/06/2008|22:54] C:\Program Files\Free MP3 Converter
[10/12/2006|17:10] C:\Program Files\FreeRIP2
[10/05/2009|16:47] C:\Program Files\Garmin
[10/05/2009|17:01] C:\Program Files\Garmin GPS Plugin
[25/11/2007|22:13] C:\Program Files\Google
[29/09/2007|19:01] C:\Program Files\GRETECH
[11/12/2006|23:07] C:\Program Files\Grisoft
[12/06/2009|13:39] C:\Program Files\HijackThis
[06/06/2008|23:11] C:\Program Files\Illustrate
[26/08/2008|16:51] C:\Program Files\InstallShield Installation Information
[12/06/2009|13:00] C:\Program Files\Internet Explorer
[03/04/2009|21:45] C:\Program Files\Java
[02/11/2008|20:59] C:\Program Files\LimeWire
[09/09/2007|19:52] C:\Program Files\Linearteam
[26/08/2008|16:50] C:\Program Files\Logitech
[09/09/2008|11:10] C:\Program Files\Messenger
[26/09/2006|23:35] C:\Program Files\Microsoft ActiveSync
[26/09/2006|13:21] C:\Program Files\microsoft frontpage
[25/11/2007|22:08] C:\Program Files\Microsoft Office
[26/09/2006|23:35] C:\Program Files\Microsoft.NET
[08/09/2008|17:39] C:\Program Files\Movie Maker
[12/06/2009|13:00] C:\Program Files\Mozilla Firefox
[02/06/2009|12:50] C:\Program Files\Mozilla Thunderbird
[25/11/2007|22:08] C:\Program Files\MSECache
[08/08/2008|22:23] C:\Program Files\MSN
[26/09/2006|13:16] C:\Program Files\MSN Gaming Zone
[09/09/2008|11:15] C:\Program Files\MSN Messenger
[07/06/2009|13:36] C:\Program Files\NetLoader
[08/09/2008|17:36] C:\Program Files\NetMeeting
[01/10/2006|16:00] C:\Program Files\Netscape
[26/09/2006|13:19] C:\Program Files\Online Services
[08/09/2008|17:36] C:\Program Files\Outlook Express
[24/09/2007|22:20] C:\Program Files\QuickTime
[19/01/2007|14:39] C:\Program Files\Real
[15/04/2007|18:54] C:\Program Files\Roxio
[27/03/2009|20:19] C:\Program Files\Save
[02/11/2006|22:51] C:\Program Files\Soulseek
[17/09/2007|20:02] C:\Program Files\Stardraw.com Ltd
[15/07/2008|20:51] C:\Program Files\Sun
[17/12/2006|00:41] C:\Program Files\Swift Software Group
[03/09/2008|15:28] C:\Program Files\SystemRequirementsLab
[24/11/2006|22:57] C:\Program Files\Turbo Torrent
[26/09/2006|13:52] C:\Program Files\Uninstall Information
[12/06/2009|13:14] C:\Program Files\Universal Document Converter
[14/04/2009|18:14] C:\Program Files\UrbanTerror
[17/11/2006|19:53] C:\Program Files\VideoLAN
[03/06/2009|14:23] C:\Program Files\Webteh
[27/03/2009|22:07] C:\Program Files\Winamp
[25/05/2008|15:30] C:\Program Files\Winamp Remote
[18/01/2009|16:56] C:\Program Files\Winamp Toolbar
[01/11/2008|20:06] C:\Program Files\Windows Media Connect 2
[01/11/2008|20:06] C:\Program Files\Windows Media Player
[08/09/2008|17:36] C:\Program Files\Windows NT
[26/09/2006|13:19] C:\Program Files\WindowsUpdate
[01/10/2006|13:32] C:\Program Files\WinRAR
[26/09/2006|13:21] C:\Program Files\xerox
[03/11/2006|21:05] C:\Program Files\Zone Labs

--------------------\\ Beschrijving van mappen in C:\Program Files\Common Files

[11/11/2008|16:15] C:\Program Files\Common Files\Adobe
[08/10/2006|21:10] C:\Program Files\Common Files\Autodesk Shared
[16/02/2009|19:22] C:\Program Files\Common Files\Canon
[26/09/2006|23:35] C:\Program Files\Common Files\DESIGNER
[16/02/2009|22:54] C:\Program Files\Common Files\InstallShield
[12/10/2006|21:32] C:\Program Files\Common Files\Java
[26/08/2008|16:51] C:\Program Files\Common Files\Logishrd
[26/09/2006|21:39] C:\Program Files\Common Files\Logitech
[26/08/2008|16:52] C:\Program Files\Common Files\Microsoft Shared
[01/10/2006|16:01] C:\Program Files\Common Files\mozilla.org
[26/09/2006|13:18] C:\Program Files\Common Files\MSSoap
[01/12/2006|19:31] C:\Program Files\Common Files\NSIS
[26/09/2006|14:13] C:\Program Files\Common Files\ODBC
[23/03/2008|16:34] C:\Program Files\Common Files\Real
[26/09/2006|22:42] C:\Program Files\Common Files\Scanner
[26/09/2006|13:18] C:\Program Files\Common Files\Services
[15/04/2007|18:54] C:\Program Files\Common Files\Sonic Shared
[26/09/2006|14:13] C:\Program Files\Common Files\SpeechEngines
[30/09/2007|16:21] C:\Program Files\Common Files\Stardraw
[08/08/2008|22:04] C:\Program Files\Common Files\SupportSoft
[15/04/2007|18:54] C:\Program Files\Common Files\SureThing Shared
[08/09/2008|17:36] C:\Program Files\Common Files\System
[11/04/2009|20:29] C:\Program Files\Common Files\Windows Live
[23/03/2008|16:34] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 46 Processes )

... OK !

--------------------\\ Zoeken met S_Lop

Geen Lop mappen gevonden !

--------------------\\ Zoeken naar Lop Bestanden - Mappen

Geen Lop mappen gevonden !

--------------------\\ Zoeken doorheen het Register

..... OK !

--------------------\\ Nazicht van het Hosts bestand

Hosts bestand IN ORDE


--------------------\\ Zoeken naar verborgen bestanden met Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-12 13:44:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 5

--------------------\\ Zoeken naar andere infecties

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Gertjan\Desktop\Limewire\Lunaman - Nutcracka.mp3
C:\DOCUME~1\Gertjan\Desktop\Muziek allerlei\Blogmuziek\Mapje Branden Cocteau\Lunaman - Nutcracka.mp3
C:\DOCUME~1\Gertjan\Desktop\Muziek allerlei\Muziek\Dj D - Skull Crack.mp3
C:\DOCUME~1\Gertjan\Desktop\Muziek allerlei\Muziek\Neophyte - Braincracking.mp3
C:\DOCUME~1\Gertjan\Desktop\Muziek allerlei\Muziek\Masters Of Hardcore - Chapter XV\Cd 1\07 Dj D - Skullcrack.mp3
C:\DOCUME~1\Gertjan\Desktop\New torrents to download\Mass.Effect.ViTALiTY.Crack.only.rar.4228813.TPB.torrent


[F:3851][D:128]-> C:\DOCUME~1\Gertjan\LOCALS~1\Temp
[F:539][D:0]-> C:\DOCUME~1\Gertjan\Cookies
[F:4894][D:5]-> C:\DOCUME~1\Gertjan\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - vr 12/06/2009|13:46 - Option : [2]

--------------------\\ Scan voltooid om 13:46:59

hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:38:54, on 12/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=2067
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Wenskaarten] E:\setup.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TSGNetLoader.lnk = C:\Program Files\NetLoader\NetLoader\TSGNetLoader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Add URL Link to Netloader - file://C:\Program Files\NetLoader\NetLoader\linker.htm
O8 - Extra context menu item: Add All URL Links to &Netloader - file://C:\Program Files\NetLoader\NetLoader\linkerall.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159300544180
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8410 bytes
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan