Anoniem2 Geplaatst: 7 december 2009 Delen Geplaatst: 7 december 2009 Ik zit nog al wat in de problemen en geef hierbij even mijn file weer,\r\ngraag even bekijken en dan ben ik u zeer welkom.\r\nLogfile of Trend Micro HijackThis v2.0.2\r\nScan saved at 17:57:48, on 6-12-2009\r\nPlatform: Windows XP SP3 (WinNT 5.01.2600)\r\nMSIE: Internet Explorer v8.00 (8.00.6001.18702)\r\nBoot mode: Normal\r\n\r\nRunning processes:\r\nC:\\WINDOWS\\System32\\smss.exe\r\nC:\\WINDOWS\\SYSTEM32\\winlogon.exe\r\nC:\\WINDOWS\\system32\\services.exe\r\nC:\\WINDOWS\\system32\\lsass.exe\r\nC:\\WINDOWS\\system32\\svchost.exe\r\nC:\\WINDOWS\\System32\\svchost.exe\r\nC:\\WINDOWS\\system32\\spoolsv.exe\r\nC:\\WINDOWS\\Explorer.EXE\r\nC:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe\r\nC:\\Program Files\\Symantec\\LiveUpdate\\ALUSchedulerSvc.exe\r\nC:\\Program Files\\Bonjour\\mDNSResponder.exe\r\nC:\\Program Files\\Java\\jre6\\bin\\jqs.exe\r\nC:\\WINDOWS\\System32\\svchost.exe\r\nC:\\WINDOWS\\System32\\TUProgSt.exe\r\nC:\\Program Files\\Mozilla Firefox\\firefox.exe\r\nC:\\Program Files\\Twin Folders\\tfengine.exe\r\nC:\\Program Files\\Mozilla Firefox\\firefox.exe\r\nC:\\WINDOWS\\System32\\igfxtray.exe\r\nC:\\WINDOWS\\System32\\hkcmd.exe\r\nC:\\WINDOWS\\SOUNDMAN.EXE\r\nC:\\WINDOWS\\AGRSMMSG.exe\r\nC:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\r\nC:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\r\nC:\\Program Files\\Launch Manager\\QtZgAcer.EXE\r\nC:\\Program Files\\Acer\\Notebook Manager\\almxptray.exe\r\nC:\\WINDOWS\\system32\\rundll32.exe\r\nC:\\Program Files\\iTunes\\iTunesHelper.exe\r\nC:\\WINDOWS\\System32\\svchost.exe\r\nC:\\Program Files\\Adobe\\Acrobat 9.0\\Acrobat\\Acrotray.exe\r\nC:\\Program Files\\Java\\jre6\\bin\\jusched.exe\r\nC:\\Program Files\\Mozilla Firefox\\firefox.exe\r\nC:\\WINDOWS\\system32\\ctfmon.exe\r\nC:\\Program Files\\Mozilla Firefox\\firefox.exe\r\nC:\\Documents and Settings\\Robert\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe\r\nC:\\Program Files\\Mozilla Firefox\\firefox.exe\r\nC:\\Program Files\\Mozilla Firefox\\firefox.exe\r\nC:\\Program Files\\OpenOffice.org 3\\program\\soffice.exe\r\nC:\\Program Files\\OpenOffice.org 3\\program\\soffice.bin\r\nC:\\Program Files\\iPod\\bin\\iPodService.exe\r\nC:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe\r\n\r\nR0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = [url]http://nl.msn.com/[/url]\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]\r\nR0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]\r\nR1 - HKCU\\Software\\Microsoft\\Internet Connection Wizard,ShellNext = [url]http://global.acer.com/[/url]\r\nR0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Koppelingen\r\nO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll\r\nO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dll\r\nO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.1.1309.3572\\swg.dll\r\nO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll\r\nO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll\r\nO2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dll\r\nO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dll\r\nO3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)\r\nO4 - HKLM\\..\\Run: [LaunchApp] Alaunch\r\nO4 - HKLM\\..\\Run: [IgfxTray] C:\\WINDOWS\\System32\\igfxtray.exe\r\nO4 - HKLM\\..\\Run: [HotKeysCmds] C:\\WINDOWS\\System32\\hkcmd.exe\r\nO4 - HKLM\\..\\Run: [SoundMan] SOUNDMAN.EXE\r\nO4 - HKLM\\..\\Run: [AGRSMMSG] AGRSMMSG.exe\r\nO4 - HKLM\\..\\Run: [SynTPLpr] C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\r\nO4 - HKLM\\..\\Run: [SynTPEnh] C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\r\nO4 - HKLM\\..\\Run: [LManager] C:\\Program Files\\Launch Manager\\QtZgAcer.EXE\r\nO4 - HKLM\\..\\Run: [AcerNotebookManager] C:\\Program Files\\Acer\\Notebook Manager\\almxptray.exe\r\nO4 - HKLM\\..\\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent\r\nO4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime\r\nO4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files\\iTunes\\iTunesHelper.exe\"\r\nO4 - HKLM\\..\\Run: [Adobe Acrobat Speed Launcher] \"C:\\Program Files\\Adobe\\Acrobat 9.0\\Acrobat\\Acrobat_sl.exe\"\r\nO4 - HKLM\\..\\Run: [Acrobat Assistant 8.0] \"C:\\Program Files\\Adobe\\Acrobat 9.0\\Acrobat\\Acrotray.exe\"\r\nO4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\"\r\nO4 - HKLM\\..\\Run: [Service Pack 7] C:\\Documents and Settings\\Robert\\Application Data\\Service Pack 7.exe\r\nO4 - HKLM\\..\\Run: [Windows Update] C:\\Documents and Settings\\Robert\\Application Data\\Microsoft.exe\r\nO4 - HKLM\\..\\Run: [Adobe ARM] \"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"\r\nO4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe\r\nO4 - HKCU\\..\\Run: [Google Update] \"C:\\Documents and Settings\\Robert\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe\" /c\r\nO4 - HKCU\\..\\Run: [Service Pack 7] C:\\Documents and Settings\\Robert\\Application Data\\Service Pack 7.exe\r\nO4 - HKCU\\..\\Run: [Windows Update] C:\\Documents and Settings\\Robert\\Application Data\\Microsoft.exe\r\nO4 - HKLM\\..\\Policies\\Explorer\\Run: [Sidebar] C:\\DOCUME~1\\Robert\\LOCALS~1\\Temp\\sidebar.exe\r\nO4 - HKUS\\S-1-5-19\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\System32\\CTFMON.EXE (User \'Lokale service\')\r\nO4 - HKUS\\S-1-5-20\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\System32\\CTFMON.EXE (User \'Netwerkservice\')\r\nO4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\System32\\CTFMON.EXE (User \'SYSTEM\')\r\nO4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\System32\\CTFMON.EXE (User \'Default user\')\r\nO4 - Startup: OpenOffice.org 3.1 .lnk = C:\\Program Files\\OpenOffice.org 3\\program\\quickstart.exe Quote Link naar reactie
0 Anoniem2 Geplaatst: 7 december 2009 Auteur Delen Geplaatst: 7 december 2009 Deel 2\nO8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dll/AcroIECapture.html\nO8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dll/AcroIECaptureSelLinks.html\nO8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dll/AcroIEAppendSelLinks.html\nO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office12\\EXCEL.EXE/3000\nO8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office12\\EXCEL.EXE/3000\nO8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\AcroIEFavClient.dll/AcroIEAppendSelLinks.html\nO8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\AcroIEFavClient.dll/AcroIECapture.html\nO8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\AcroIEFavClient.dll/AcroIEAppend.html\nO8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\AcroIEFavClient.dll/AcroIEAppend.html\nO8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dll/AcroIEAppend.html\nO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\Office12\\REFIEBAR.DLL\nO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe\nO9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe\nO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe\nO9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe\nO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?LinkID=39204[/url]\nO16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///D:/components/hidinputmonitorx.ocx\nO16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///D:/components/A9.ocx\nO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131896531982[/url]\nO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132867273305[/url]\nO16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///D:/components/wmvhdrating.ocx\nO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]\nO20 - AppInit_DLLs: acaptuser32.dll\nO23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe\nO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\\Program Files\\Symantec\\LiveUpdate\\ALUSchedulerSvc.exe\nO23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe\nO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe\nO23 - Service: Google Update Service (gupdate1c985f28240b5d0) (gupdate1c985f28240b5d0) - Google Inc. - C:\\Program Files\\Google\\Update\\GoogleUpdate.exe\nO23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe\nO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\1150\\Intel 32\\IDriverT.exe\nO23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe\nO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe\nO23 - Service: LiveUpdate - Symantec Corporation - C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE\nO23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\\WINDOWS\\System32\\TuneUpDefragService.exe\nO23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\\WINDOWS\\System32\\TUProgSt.exe\nO23 - Service: Twin Folders Background Sync Service (TwinFoldersService) - Dmitry G. Kozhinov software - C:\\Program Files\\Twin Folders\\tfengine.exe\n\n--\nEnd of file - 11137 bytes Quote Link naar reactie
0 Anoniem2 Geplaatst: 8 december 2009 Auteur Delen Geplaatst: 8 december 2009 Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator\" of \"Uitvoeren als administrator\". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:\r\n\r\n[B]O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)\r\nO4 - HKLM\\..\\Run: [Service Pack 7] C:\\Documents and Settings\\Robert\\Application Data\\Service Pack 7.exe\r\nO4 - HKLM\\..\\Run: [Windows Update] C:\\Documents and Settings\\Robert\\Application Data\\Microsoft.exe\r\nO4 - HKCU\\..\\Run: [Service Pack 7] C:\\Documents and Settings\\Robert\\Application Data\\Service Pack 7.exe\r\nO4 - HKCU\\..\\Run: [Windows Update] C:\\Documents and Settings\\Robert\\Application Data\\Microsoft.exe\r\nO16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///D:/components/hidinputmonitorx.ocx\r\nO16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///D:/components/A9.ocx[/B]\r\n\r\nKlik op \'Fix checked\' om de items te verwijderen.\r\n\r\nDownload [b][url=http://www.besttechie.net/tools/mbam-setup.exe]MBAM (Malwarebytes\' Anti-Malware).[/url][/b]\r\n\r\nDubbelklik op mbam-setup.exe om het programma te installeren.\r\n\r\nZorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes\' Anti-Malware en Start Malwarebytes\' Anti-Malware, Klik daarna op \"Voltooien\".\r\nIndien een update gevonden werd, zal die gedownload en geïnstalleerd worden.\r\nWanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : \"Snelle Scan\", daarna klik op Scan.\r\nHet scannen kan een tijdje duren, dus wees geduldig.\r\nWanneer de scan voltooid is, klik op OK, daarna \"Bekijk Resultaten\" om de resultaten te zien.\r\nZorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.\r\nNa het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder). \r\n\r\nIndien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.\r\nMBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.\r\n\r\nHet log wordt automatisch bewaard door MBAM en kan je terugvinden door op de \"Logs\" tab te klikken in het programma.\r\n\r\nIndien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.\r\n\r\nPlak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log. Quote Link naar reactie
0 Anoniem2 Geplaatst: 8 december 2009 Auteur Delen Geplaatst: 8 december 2009 Nadat er verwijderd is\nMalwarebytes\' Anti-Malware 1.42\nDatabase versie: 3289\nWindows 5.1.2600 Service Pack 3\nInternet Explorer 8.0.6001.18702\n\n7-12-2009 16:43:19\nmbam-log-2009-12-07 (16-43-19).txt\n\nScan type: Snelle Scan\nObjecten gescand: 117562\nVerstreken tijd: 8 minute(s), 49 second(s)\n\nGeheugenprocessen geïnfecteerd: 0\nGeheugenmodulen geïnfecteerd: 0\nRegistersleutels geïnfecteerd: 2\nRegisterwaarden geïnfecteerd: 0\nRegisterdata bestanden geïnfecteerd: 1\nMappen geïnfecteerd: 0\nBestanden geïnfecteerd: 2\n\nGeheugenprocessen geïnfecteerd:\n(Geen kwaadaardige items gevonden)\n\nGeheugenmodulen geïnfecteerd:\n(Geen kwaadaardige items gevonden)\n\nRegistersleutels geïnfecteerd:\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{070s0137-2q6e-841w-6xb6-diit4e0wp114} (Generic.Bot.H) -> Quarantined and deleted successfully.\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{30onl52m-e5i7-g1w3-8jmw-18k450t11015} (Generic.Bot.H) -> Quarantined and deleted successfully.\n\nRegisterwaarden geïnfecteerd:\n(Geen kwaadaardige items gevonden)\n\nRegisterdata bestanden geïnfecteerd:\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.\n\nMappen geïnfecteerd:\n(Geen kwaadaardige items gevonden)\n\nBestanden geïnfecteerd:\nC:\\Documents and Settings\\Robert\\Application Data\\Service Pack 7.exe (Generic.Bot.H) -> Quarantined and deleted successfully.\nC:\\Documents and Settings\\Robert\\Application Data\\Microsoft.exe (Generic.Bot.H) -> Quarantined and deleted successfully. Quote Link naar reactie
0 Anoniem2 Geplaatst: 8 december 2009 Auteur Delen Geplaatst: 8 december 2009 DEEL1A\nLogfile of Trend Micro HijackThis v2.0.2\nScan saved at 16:56:17, on 7-12-2009\nPlatform: Windows XP SP3 (WinNT 5.01.2600)\nMSIE: Internet Explorer v8.00 (8.00.6001.18702)\nBoot mode: Normal\n\nRunning processes:\nC:\\WINDOWS\\System32\\smss.exe\nC:\\WINDOWS\\SYSTEM32\\winlogon.exe\nC:\\WINDOWS\\system32\\services.exe\nC:\\WINDOWS\\system32\\lsass.exe\nC:\\WINDOWS\\system32\\svchost.exe\nC:\\WINDOWS\\System32\\svchost.exe\nC:\\WINDOWS\\system32\\spoolsv.exe\nC:\\WINDOWS\\system32\\acs.exe\nC:\\WINDOWS\\Explorer.EXE\nC:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe\nC:\\Program Files\\Symantec\\LiveUpdate\\ALUSchedulerSvc.exe\nC:\\Program Files\\Bonjour\\mDNSResponder.exe\nC:\\Program Files\\Java\\jre6\\bin\\jqs.exe\nC:\\WINDOWS\\System32\\svchost.exe\nC:\\WINDOWS\\System32\\TUProgSt.exe\nC:\\Program Files\\Twin Folders\\tfengine.exe\nC:\\WINDOWS\\System32\\igfxtray.exe\nC:\\WINDOWS\\System32\\hkcmd.exe\nC:\\WINDOWS\\SOUNDMAN.EXE\nC:\\WINDOWS\\AGRSMMSG.exe\nC:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\nC:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\nC:\\Program Files\\Launch Manager\\QtZgAcer.EXE\nC:\\Program Files\\Acer\\Notebook Manager\\almxptray.exe\nC:\\WINDOWS\\system32\\rundll32.exe\nC:\\Program Files\\iTunes\\iTunesHelper.exe\nC:\\Program Files\\Adobe\\Acrobat 9.0\\Acrobat\\Acrobat_sl.exe\nC:\\Program Files\\Adobe\\Acrobat 9.0\\Acrobat\\Acrotray.exe\nC:\\Program Files\\Java\\jre6\\bin\\jusched.exe\nC:\\WINDOWS\\system32\\ctfmon.exe\nC:\\Documents and Settings\\Robert\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe\nC:\\Program Files\\NETGEAR\\WN111v2\\WN111V2.exe\nC:\\Program Files\\OpenOffice.org 3\\program\\soffice.exe\nC:\\Program Files\\OpenOffice.org 3\\program\\soffice.bin\nC:\\WINDOWS\\system32\\wuauclt.exe\nC:\\Program Files\\iPod\\bin\\iPodService.exe\nC:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe\n\nR0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = [url]http://nl.msn.com/[/url]\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]\nR0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]\nR1 - HKCU\\Software\\Microsoft\\Internet Connection Wizard,ShellNext = [url]http://global.acer.com/[/url]\nR0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Koppelingen\nO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll\nO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dll\nO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.1.1309.3572\\swg.dll\nO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll\nO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll\nO2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dll\nO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dll\nO4 - HKLM\\..\\Run: [LaunchApp] Alaunch\nO4 - HKLM\\..\\Run: [IgfxTray] C:\\WINDOWS\\System32\\igfxtray.exe\nO4 - HKLM\\..\\Run: [HotKeysCmds] C:\\WINDOWS\\System32\\hkcmd.exe\nO4 - HKLM\\..\\Run: [SoundMan] SOUNDMAN.EXE\nO4 - HKLM\\..\\Run: [AGRSMMSG] AGRSMMSG.exe\nO4 - HKLM\\..\\Run: [SynTPLpr] C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\nO4 - HKLM\\..\\Run: [SynTPEnh] C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\nO4 - HKLM\\..\\Run: [LManager] C:\\Program Files\\Launch Manager\\QtZgAcer.EXE\nO4 - HKLM\\..\\Run: [AcerNotebookManager] C:\\Program Files\\Acer\\Notebook Manager\\almxptray.exe\nO4 - HKLM\\..\\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent\nO4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime\nO4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files\\iTunes\\iTunesHelper.exe\"\nO4 - HKLM\\..\\Run: [Adobe Acrobat Speed Launcher] \"C:\\Program Files\\Adobe\\Acrobat 9.0\\Acrobat\\Acrobat_sl.exe\"\nO4 - HKLM\\..\\Run: [Acrobat Assistant 8.0] \"C:\\Program Files\\Adobe\\Acrobat 9.0\\Acrobat\\Acrotray.exe\"\nO4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\"\nO4 - HKLM\\..\\Run: [Adobe ARM] \"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"\nO4 - HKLM\\..\\Run: [jswtrayutil] \"C:\\Program Files\\NETGEAR\\WN111v2\\jswtrayutil.exe\"\nO4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe\nO4 - HKCU\\..\\Run: [Google Update] \"C:\\Documents and Settings\\Robert\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe\" /c\nO4 - HKLM\\..\\Policies\\Explorer\\Run: [Sidebar] C:\\DOCUME~1\\Robert\\LOCALS~1\\Temp\\sidebar.exe\nO4 - HKUS\\S-1-5-19\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\System32\\CTFMON.EXE (User \'Lokale service\')\nO4 - HKUS\\S-1-5-20\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\System32\\CTFMON.EXE (User \'Netwerkservice\')\nO4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\System32\\CTFMON.EXE (User \'SYSTEM\')\nO4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\System32\\CTFMON.EXE (User \'Default user\')\nO4 - Startup: OpenOffice.org 3.1 .lnk = C:\\Program Files\\OpenOffice.org 3\\program\\quickstart.exe\nO4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\\Program Files\\NETGEAR\\WN111v2\\WN111V2.exe Quote Link naar reactie
0 Anoniem2 Geplaatst: 8 december 2009 Auteur Delen Geplaatst: 8 december 2009 DEEL1B\nO8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dll/AcroIECapture.html\nO8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dll/AcroIECaptureSelLinks.html\nO8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dll/AcroIEAppendSelLinks.html\nO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office12\\EXCEL.EXE/3000\nO8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office12\\EXCEL.EXE/3000\nO8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\AcroIEFavClient.dll/AcroIEAppendSelLinks.html\nO8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\AcroIEFavClient.dll/AcroIECapture.html\nO8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\AcroIEFavClient.dll/AcroIEAppend.html\nO8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\AcroIEFavClient.dll/AcroIEAppend.html\nO8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dll/AcroIEAppend.html\nO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\Office12\\REFIEBAR.DLL\nO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe\nO9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe\nO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe\nO9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe\nO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?LinkID=39204[/url]\nO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131896531982[/url]\nO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132867273305[/url]\nO16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///D:/components/wmvhdrating.ocx\nO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]\nO20 - AppInit_DLLs: acaptuser32.dll\nO23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\\WINDOWS\\system32\\acs.exe\nO23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe\nO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\\Program Files\\Symantec\\LiveUpdate\\ALUSchedulerSvc.exe\nO23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe\nO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe\nO23 - Service: Google Update Service (gupdate1c985f28240b5d0) (gupdate1c985f28240b5d0) - Google Inc. - C:\\Program Files\\Google\\Update\\GoogleUpdate.exe\nO23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe\nO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\1150\\Intel 32\\IDriverT.exe\nO23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe\nO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe\nO23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\\Program Files\\NETGEAR\\WN111v2\\jswpsapi.exe\nO23 - Service: LiveUpdate - Symantec Corporation - C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE\nO23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\\WINDOWS\\System32\\TuneUpDefragService.exe\nO23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\\WINDOWS\\System32\\TUProgSt.exe\nO23 - Service: Twin Folders Background Sync Service (TwinFoldersService) - Dmitry G. Kozhinov software - C:\\Program Files\\Twin Folders\\tfengine.exe\n\n--\nEnd of file - 10703 bytes Quote Link naar reactie
0 Anoniem2 Geplaatst: 12 december 2009 Auteur Delen Geplaatst: 12 december 2009 Dit logje ziet er goed uit.\r\n\r\nAl heb ik toch wat bedenkingen bij een item dat me niet helemaal bekend is : C:\\Program Files\\Twin Folders\\tfengine.exe\r\n\r\nWil je dit bestand eens opladen bij [b][url=http://virusscan.jotti.org/]Jotti[/url][/b] en het resultaat ervan hier posten.\r\n\r\nZijn er verder nog problemen met deze PC ? Quote Link naar reactie
0 Anoniem2 Geplaatst: 12 december 2009 Auteur Delen Geplaatst: 12 december 2009 Geen problemen verder met deze laptop\nresultaat Jotti is:\n[ClamAV] 2009-12-12 PUA.Packed.ASPack212\n\ndenk niet dat dit iets is.\ngr FARAPOM Quote Link naar reactie
0 Anoniem2 Geplaatst: 12 december 2009 Auteur Delen Geplaatst: 12 december 2009 Is wel één scanner die een kik geeft, maar dat is inderdaad onvoldoende om problematisch te zijn :) Quote Link naar reactie
Vraag
Anoniem2
Link naar reactie
8 antwoorden op deze vraag
Aanbevolen berichten
Om een reactie te plaatsen, moet je eerst inloggen