Archief - HIJACK THIS Log

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
S

SchrimpDevil

Legacy Member
Hallo
Kan iemand deze log nakijken?
Mijn pc loopt na een tijdje altijd vast en heb al gecheckt op spyware.

Logfile of HijackThis v1.99.0
Scan saved at 15:42:59, on 29/01/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\USB ADSL\CnxDslTb.exe
C:\Program Files\Serv-U\ServUTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Serv-U\ServUDaemon.exe
C:\Program Files\3D\3D.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Christophe De Smet\Mijn documenten\New Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\USB ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [DU Meter] X:\FTP Tools\DU Meter\DUMeter.exe
O4 - HKLM\..\RunServices: [MSPluginSrvc] p3.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Program Files\Serv-U\ServUTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104937268125
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2DA68AA-48CE-466E-BFC4-A14210814173}: NameServer = 62.58.94.130 62.58.62.132
O23 - Service: 3D · Dynamic DNS Client & Dial Up Network Dialer - EUROCOMP - C:\Program Files\3D\3D.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Serv-U FTP Server - Unknown - C:\Program Files\Serv-U\ServUDaemon.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


alvast bedankt
mvg
S

SchrimpDevil

Legacy Member
O4 - HKLM\..\RunServices: [MSPluginSrvc] p3.exe

Deze heb ik al verwijderd maar komt steeds terug. Iemand een idee hoe dit eraf te krijgen.

Mijn pc loopt gewoon vast nadat ik een tijdje verbonden met internet.
S

Skeddie

Legacy Member
O4 - HKLM\..\RunServices: [MSPluginSrvc] p3.exe
is het enige dat niet koosjer is.
Doe een scan in Safe Mode met de gekende programma's.

Draai je een FTP-server op je PC?
Anders mogen de entries van ServU ook weg, lijken me dan zelfs verdacht.
E

Exit

Legacy Member
start de pc op in veilige mode, scan met hijackthis en fix dan!

serv-u is een prog, kan geen kwaad, ie zal da zelf installed hebben, is geen verdacht prog!
d

dilirius

Legacy Member
kan iemand de mijne ook ffe checke pls

thx

Logfile of HijackThis v1.99.0
Scan saved at 18:52:09, on 29/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerVCRII\Agent.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wisptis.exe
C:\Program Files\DMW Client 3\dmwclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Progs\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1043
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Mass Downloader\MDHELPER.DLL
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Agent] "C:\Program Files\CyberLink\PowerVCRII\Agent.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download &All using Mass Downloader - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Download using &Mass Downloader - C:\Program Files\Mass Downloader\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104849742625
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
W

WolCoM

Legacy Member
En mijne ook, nu dagge toch bezig zijt :) Ty

Logfile of HijackThis v1.99.0
Scan saved at 19:05:56, on 29/01/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\msupd5.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\system32\config\winlogon.exe
C:\WINDOWS\mmups.exe
C:\WINDOWS\System32\htdpkhsz.exe
C:\WINDOWS\System32\sfxxunhy.exe
C:\Program Files\Bluetooth Software\BTTray.exe
C:\PROGRA~1\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\config\msmsgs.exe
C:\Documents and Settings\Dennis\My Documents\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 209.151.89.50 signin.ebay.com
O1 - Hosts: 209.151.89.50 signin.ebay.co.uk
O1 - Hosts: 209.151.89.50 signin.ebay.fr
O1 - Hosts: 209.151.89.50 signin.ebay.de
O1 - Hosts: 209.151.89.50 signin.ebay.be
O1 - Hosts: 209.151.89.50 signin.ebay.it
O1 - Hosts: 209.151.89.50 signin.ebay.ca
O1 - Hosts: 209.151.89.50 signin.ebay.nl
O1 - Hosts: 209.151.89.50 signin.ebay.com.cn
O1 - Hosts: 217.160.243.63 meine.deutsche-bank.de
O2 - BHO: (no name) - {590986E5-0B25-10F6-1426-D181960498D2} - C:\WINDOWS\System32\jjzlhiyg.dll
O2 - BHO: (no name) - {C297287A-2217-E017-5F1A-63A9028FA1FF} - C:\WINDOWS\System32\qgfjwjil.dll
O2 - BHO: (no name) - {FA924D66-8935-92B1-691F-4D605ED1C6EE} - C:\WINDOWS\System32\fovshfnx.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Service Control Process] C:\WINDOWS\system32\config\winlogon.exe
O4 - HKLM\..\Run: [Services Process] C:\WINDOWS\system32\config\smss.exe
O4 - HKLM\..\Run: [mediamotor.exe] C:\WINDOWS\mmups.exe
O4 - HKLM\..\Run: [htdpkhsz] C:\WINDOWS\System32\htdpkhsz.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\system32\config\msmsgs.exe
O4 - HKLM\..\Run: [sfxxunhy] C:\WINDOWS\System32\sfxxunhy.exe
O4 - HKLM\..\Run: [0CIUqKQ] C:\WINDOWS\rytbaojl.exe
O4 - HKLM\..\Run: [0+¿ÔÇè]Iú" ‹üžigÅYƒC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\rytbaojl.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {970BF476-3CF2-4572-9EF9-4479E1591DB8} (VacPro.belgio_ver3) - http://advnt01.com/dialer/belgio_ver3.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECB8E724-2A91-4B63-9123-432848C85B31}: NameServer = 195.238.2.21 195.238.2.22
O23 - Service: Bluetooth Service - Unknown - C:\Program Files\Bluetooth Software\bin\btwdins.exe
O23 - Service: Miscrosoft Updates Service 5 - Unknown - C:\WINDOWS\System32\msupd5.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Standard 2004.SP2b\RpcDataSrv.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
E

Exit

Legacy Member
NIE ALLEMAAL te gelijk :rofl: :crazy:
@ wolcom ... waar is de andere helft van de log???

@ Delirius
ares prog gekent?

O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
log is clean
S

Skeddie

Legacy Member
@exit: als Schrimpdevil zegt dattem problemen heeft met zijn inetconnectie, wil ik toch ook checken of ie sommige programmas zelf geinstalleerd heeft. Kan evengoed zijn dat 'iemand anders' een FTP-server van zijn pc maakt.

@WolCom: rofl @ 209.151.89.50
Scant eerst es op virussen zouk zeggen...
Mag/moet weg:
C:\WINDOWS\System32\msupd5.exe
C:\WINDOWS\system32\config\winlogon.exe
C:\WINDOWS\mmups.exe
C:\WINDOWS\System32\htdpkhsz.exe
C:\WINDOWS\System32\sfxxunhy.exe
C:\WINDOWS\system32\config\msmsgs.exe
R3 - Default URLSearchHook is missing
O1 - Hosts: 209.151.89.50 signin.ebay.com
O1 - Hosts: 209.151.89.50 signin.ebay.co.uk
O1 - Hosts: 209.151.89.50 signin.ebay.fr
O1 - Hosts: 209.151.89.50 signin.ebay.de
O1 - Hosts: 209.151.89.50 signin.ebay.be
O1 - Hosts: 209.151.89.50 signin.ebay.it
O1 - Hosts: 209.151.89.50 signin.ebay.ca
O1 - Hosts: 209.151.89.50 signin.ebay.nl
O1 - Hosts: 209.151.89.50 signin.ebay.com.cn
O1 - Hosts: 217.160.243.63 meine.deutsche-bank.de
O2 - BHO: (no name) - {590986E5-0B25-10F6-1426-D181960498D2} - C:\WINDOWS\System32\jjzlhiyg.dll
O2 - BHO: (no name) - {C297287A-2217-E017-5F1A-63A9028FA1FF} - C:\WINDOWS\System32\qgfjwjil.dll
O2 - BHO: (no name) - {FA924D66-8935-92B1-691F-4D605ED1C6EE} - C:\WINDOWS\System32\fovshfnx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup <-- niet als je je graka hebt overgeclockt of andere refreshrates of dergelijke
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Service Control Process] C:\WINDOWS\system32\config\winlogon.exe
O4 - HKLM\..\Run: [Services Process] C:\WINDOWS\system32\config\smss.exe
O4 - HKLM\..\Run: [mediamotor.exe] C:\WINDOWS\mmups.exe
O4 - HKLM\..\Run: [htdpkhsz] C:\WINDOWS\System32\htdpkhsz.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\system32\config\msmsgs.exe
O4 - HKLM\..\Run: [sfxxunhy] C:\WINDOWS\System32\sfxxunhy.exe
O4 - HKLM\..\Run: [0CIUqKQ] C:\WINDOWS\rytbaojl.exe
O4 - HKLM\..\Run: [0+¿ÔÇè]Iú" ‹üžigÅYƒC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\rytbaojl.exe
O4 - Global Startup: BTTray.lnk = ?
O23 - Service: Miscrosoft Updates Service 5 - Unknown - C:\WINDOWS\System32\msupd5.exe
S

SchrimpDevil

Legacy Member
Nope, servu heb ik zelf installed. Es proberen fixen in safe mode.

Thanx for the tip.
W

WolCoM

Legacy Member
Skeddie zei:
@WolCom: rofl @ 209.151.89.50
Scant eerst es op virussen zouk zeggen...
Mag/moet weg: ...
Klik om te vergroten...

Ty :) 'k dacht dat het leven van een pc zonder virusscanner ook ging, niet dus. ;P *installeert vlug virusscanner opnieuw*
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan