Mededeling

Collapse
No announcement yet.

log leeuwen

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    log leeuwen

    Logfile of HijackThis v1.98.2
    Scan saved at 17:27:05, on 9-12-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\IP Insight\ARMon32a.exe
    C:\Program Files\NVC\NVC\BIN\Zanda.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRAM FILES\NVC\nvc\BIN\NJEEVES.EXE
    C:\PROGRAM FILES\NVC\nvc\BIN\NVCSCHED.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRAM FILES\NVC\nvc\BIN\ZLH.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRAM FILES\NVC\nvc\BIN\NYMSE.EXE
    C:\Program Files\Nuria\Nuria.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\Wireless\Client Manager\CMags.EXE
    C:\PROGRAM FILES\NVC\nvc\BIN\nvcoas.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\PROGRAM FILES\NVC\nvc\BIN\cclaw.exe
    C:\PROGRAM FILES\NVC\Nvc\Bin\NIU.EXE
    C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Pieter\Mijn documenten\Gedownloade bestanden\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.planet.nl/zoeken
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planet.nl
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.planet.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.planet.nl:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = reg.planet.nl;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Norman ZANDA] C:\PROGRAM FILES\NVC\nvc\BIN\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Personal Firewall] C:\Program Files\Preventon\Personal Firewall\PFWall.exe
    O4 - HKLM\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: officejet 6100.lnk = ?
    O4 - Global Startup: Wireless Client Manager.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.planet.nl
    Labels: Geen
    • Citaat
  • #2
    Scan met HijackThis en vink het volgende item aan:

    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

    Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".


    Verwijder daarna de map C:\Program Files\Common Files\GMT, mocht die er nog zijn.
    • Citaat

    Comment

    • #3
      Wow, lekker snelle reactie. Bedankt
      Hier nieuwe log. Alles ok nu?



      Logfile of HijackThis v1.98.2
      Scan saved at 17:56:13, on 9-12-2004
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\IP Insight\ARMon32a.exe
      C:\Program Files\NVC\NVC\BIN\Zanda.exe
      C:\WINDOWS\System32\svchost.exe
      C:\PROGRAM FILES\NVC\nvc\BIN\NJEEVES.EXE
      C:\PROGRAM FILES\NVC\nvc\BIN\NVCSCHED.EXE
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\PROGRAM FILES\NVC\nvc\BIN\ZLH.EXE
      C:\Program Files\Ahead\InCD\InCD.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\PROGRAM FILES\NVC\nvc\BIN\NYMSE.EXE
      C:\Program Files\Nuria\Nuria.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
      C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
      C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
      C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
      C:\Program Files\Microsoft Office\Office\OSA.EXE
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
      C:\Program Files\Wireless\Client Manager\CMags.EXE
      C:\PROGRAM FILES\NVC\nvc\BIN\nvcoas.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
      C:\PROGRAM FILES\NVC\nvc\BIN\cclaw.exe
      C:\PROGRAM FILES\NVC\Nvc\Bin\NIU.EXE
      C:\Program Files\Preventon\Personal Firewall\PFwall.exe
      C:\DOCUME~1\Pieter\LOCALS~1\Temp\~ef7194.tmp
      C:\Documents and Settings\Pieter\Mijn documenten\Gedownloade bestanden\hijackthis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.planet.nl/zoeken
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planet.nl
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.planet.nl/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.planet.nl:8080
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = reg.planet.nl;<local>
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [Norman ZANDA] C:\PROGRAM FILES\NVC\nvc\BIN\ZLH.EXE /LOAD /SPLASH
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
      O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
      O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Personal Firewall] C:\Program Files\Preventon\Personal Firewall\PFWall.exe
      O4 - HKLM\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
      O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
      O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
      O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
      O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
      O4 - Global Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
      O4 - Global Startup: officejet 6100.lnk = ?
      O4 - Global Startup: Wireless Client Manager.lnk = ?
      O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
      O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=http://www.planet.nl
      • Citaat

      Comment

      • #4
        Ziet er prima uit.

        Je zou eventueel eens kunnen kijken of je het aantal opstartitems wat kunt verminderen. Uitleg daaromtrent vind je hier: http://www.nucia.eu/forum/showthread.php?t=114
        • Citaat

        Comment

        • #5
          [QUOTE=Buffy]Ziet er prima uit.


          dat geeft een goed gevoel
          • Citaat

          Comment

          Vorige template Volgende
          Sorry, you are not authorized to view this page
          Working...
          X