antivirus.startpagina.nl

voor fazantje

  • Anonymous avatar

    Mmetje

    Hallo huib,

    Hier gevraagde Hijack

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)

    Scan saved at 9:30:28, on 7-12-2010

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\ehome\ehtray.exe

    C:\WINDOWS\RTHDCPL.EXE

    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

    C:\Program Files\Google\Gmail Notifier\gnotify.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\AutoSizer\AutoSizer.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe

    C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe

    C:\WINDOWS\arservice.exe

    C:\WINDOWS\eHome\ehRecvr.exe

    C:\WINDOWS\eHome\ehSched.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\eHome\ehmsas.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\SearchIndexer.exe

    C:\HP\KBD\KBD.EXE

    C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

    c:\windows\system\hpsysdrv.exe

    C:\WINDOWS\system32\dllhost.exe

    C:\Program Files\Outlook Express\msimn.exe

    C:\Program Files\Hide My IP\HideMyIP.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Mozilla Firefox\plugin-container.exe

    C:\Program Files\PhotoRazor\photorazor.exe

    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

    C:\WINDOWS\system32\SearchProtocolHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=PAVILION&pf=desktop

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ziggo.nl/#producten/%3Fns_campaign=t4u&ns_mchannel=ppc&ns_source=google&ns_linkname=sea&ns_fee=0

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

    O4 - HKLM\..\Run: C:\WINDOWS\ehome\ehtray.exe

    O4 - HKLM\..\Run: rundll32.exe ftutil2.dll,SetWriteCacheMode

    O4 - HKLM\..\Run: RTHDCPL.EXE

    O4 - HKLM\..\Run: ARPWRMSG.EXE

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: nwiz.exe /installquiet /keeploaded /nodetect

    O4 - HKLM\..\Run: C:\WINDOWS\SMINST\RECGUARD.EXE

    O4 - HKLM\..\Run: “C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe” /run

    O4 - HKLM\..\Run: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

    O4 - HKLM\..\Run: C:\Program Files\Google\Gmail Notifier\gnotify.exe

    O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”

    O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: “C:\Program Files\AutoSizer\AutoSizer.exe”

    O4 - HKCU\..\Run: C:\Program Files\Desktop Calendar\Desktop Calendar.exe

    O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Lokale service’)

    O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Netwerkservice’)

    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User ‘Default user’)

    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User ‘Default user’)

    O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE

    O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe

    O4 - Global Startup: Samsung Auto Backup Guage.lnk = ?

    O4 - Global Startup: Samsung Auto Backup Real-Time Daemon.lnk = ?

    O4 - Global Startup: Samsung Auto Backup Scheduler.lnk = ?

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

    O9 - Extra ‘Tools’ menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    End of file - 9696 bytes

  • Anonymous avatar

    fazantje

    Hoi Mmetje,

    Jammer dat je al handmatig bestandjes hebt verwijderd, anders had ik hier die toolbar kunnen verwijderen.

    Logje ziet er goed uit, dus toch nog maar weer terug naar het hardware prikbord en zien of ze daar meer weten over die meldingen.

    Ik zal dit bericht daar even plaatsen;)

    Groetjes Huib;)

  • Anonymous avatar

    Piet

    Logfile of Trend Micro HijackThis v2.0.3 (BETA) >>>>>

  • Anonymous avatar

    fazantje

    Weet het, maar niet van toepassing voor Mmetje;)

    Groetjes Huib;)