twinkats1960
Gevestigd lid
- Lid geworden
- 1 apr 2007
- Berichten
- 205
- Waarderingsscore
- 0
[hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:21:50, on 26/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
c:\windows\system32\dwm.exe
c:\windows\explorer.exe
c:\windows\system32\taskeng.exe
c:\program files\windows defender\msascui.exe
c:\program files\alwil software\avast4\ashdisp.exe
c:\windows\system32\spool\drivers\w32x86\hpztsb03.exe
c:\windows\ehome\ehtray.exe
c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\mobsync.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\macromed\flash\flashutil10d.exe
c:\windows\system32\searchfilterhost.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\trend micro\hijackthis\hijackthis.exe
r1 - hkcu\software\microsoft\internet explorer\main,search bar = preserve
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.google.be/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hkcu\software\microsoft\internet explorer\main,local page =
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
o1 - hosts: ::1 localhost
o2 - bho: adobe pdf reader link helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
o2 - bho: p2p energy toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbp2p_.dll
o2 - bho: realplayer download and record plugin for internet explorer - {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
o2 - bho: spybot-s&d ie protection - {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\sdhelper.dll
o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
o2 - bho: search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
o2 - bho: windows live aanmelden - help - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar_32.dll
o2 - bho: google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
o2 - bho: google dictionary compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_b7c5ac242193bb3e.dll
o2 - bho: urlhelper class - {cfc4f59b-a2da-4e12-b337-52a4f871e10c} - c:\program files\shareaza applications\shareaza\shareazaiehelper.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: windows live toolbar helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
o3 - toolbar: p2p energy toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbp2p_.dll
o3 - toolbar: shareaza mediabar - {196c3a46-4758-433d-a600-802c804af39c} - c:\program files\shareaza applications\shareaza mediabar\shareazamediabar.dll
o3 - toolbar: &windows live toolbar - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
o3 - toolbar: google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll
o4 - hklm\..\run: [windows defender] %programfiles%\windows defender\msascui.exe -hide
o4 - hklm\..\run: [avast!] c:\progra~1\alwils~1\avast4\ashdisp.exe
o4 - hklm\..\run: [hpdj taskbar utility] c:\windows\system32\spool\drivers\w32x86\hpztsb03.exe
o4 - hklm\..\run: [nvsvc] rundll32.exe c:\windows\system32\nvsvc.dll,nvsvcstart
o4 - hklm\..\run: [nvcpldaemon] rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
o4 - hkcu\..\run: [ehtray.exe] c:\windows\ehome\ehtray.exe
o4 - hkcu\..\run: [google update] c:\users\francis\appdata\local\google\update\googleupdate.exe /c
o4 - hkcu\..\run: [swg] c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
o4 - hkcu\..\run: [wmpnscfg] c:\program files\windows media player\wmpnscfg.exe
o4 - hkcu\..\run: [losalamos] rundll32.exe c:\windows\system32\sshnas.dll,addatomaw
o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /detectmem (user 'local service')
o4 - hkus\s-1-5-19\..\run: [windowswelcomecenter] rundll32.exe oobefldr.dll,showwelcomecenter (user 'local service')
o4 - hkus\s-1-5-20\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /detectmem (user 'network service')
o4 - hkus\s-1-5-18\..\run: [cbssreg] c:\windows\temp\nond.tmp\svchost.exe (user 'systeem')
o4 - hkus\.default\..\run: [cbssreg] c:\windows\temp\nond.tmp\svchost.exe (user 'default user')
o9 - extra button: (no name) - {2d663d1a-8670-49d9-a1a5-4c56b4e14e84} - (no file)
o9 - extra button: add to videoget - {88cfa58b-a63f-4a94-9c54-0c7a58e3333e} - c:\progra~1\nuclea~1\videoget\plugins\videog~1.dll
o9 - extra 'tools' menuitem: add to &videoget - {88cfa58b-a63f-4a94-9c54-0c7a58e3333e} - c:\progra~1\nuclea~1\videoget\plugins\videog~1.dll
o9 - extra button: onderzoek - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office11\refiebar.dll
o9 - extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - c:\program files\spybot - search & destroy\sdhelper.dll
o9 - extra 'tools' menuitem: spybot - search && destroy configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - c:\program files\spybot - search & destroy\sdhelper.dll
o13 - gopher prefix:
o15 - trusted zone: [noparse]http://man.entriq.net[/noparse]
o15 - trusted zone: [noparse]http://messagent.telenet.be[/noparse]
o15 - trusted zone: [noparse]http://pctv.telenet.be[/noparse]
o15 - trusted zone: [noparse]http://www.telenet.be[/noparse]
o16 - dpf: {6f15128c-e66a-490c-b848-5000b5abeeac} (hp download manager) - [noparse]https://h20436.www2.hp.com/ediags/dex/secure/hpdexaxo.cab[/noparse]
o16 - dpf: {8100d56a-5661-482c-bee8-afece305d968} (facebook photo uploader 5 control) - [noparse]http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/facebookphotouploader55.cab[/noparse]
o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash object) - [noparse]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/noparse]
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - [noparse]http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab[/noparse]
o20 - winlogon notify: !saswinlogon - c:\program files\superantispyware\saswinlo.dll
o23 - service: avast! iavs4 control service (aswupdsv) - alwil software - c:\program files\alwil software\avast4\aswupdsv.exe
o23 - service: avast! antivirus - alwil software - c:\program files\alwil software\avast4\ashserv.exe
o23 - service: avast! mail scanner - alwil software - c:\program files\alwil software\avast4\ashmaisv.exe
o23 - service: avast! web scanner - alwil software - c:\program files\alwil software\avast4\ashwebsv.exe
o23 - service: google software updater (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: nero backitup scheduler 3 - nero ag - c:\program files\nero\nero8\nero backitup\nbservice.exe
o23 - service: nmindexingservice - nero ag - c:\program files\common files\nero\lib\nmindexingservice.exe
o23 - service: nmsaccessu - unknown owner - c:\program files\cdburnerxp\nmsaccessu.exe
--
end of file - 8209 bytes
[/hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:21:50, on 26/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
c:\windows\system32\dwm.exe
c:\windows\explorer.exe
c:\windows\system32\taskeng.exe
c:\program files\windows defender\msascui.exe
c:\program files\alwil software\avast4\ashdisp.exe
c:\windows\system32\spool\drivers\w32x86\hpztsb03.exe
c:\windows\ehome\ehtray.exe
c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\mobsync.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\macromed\flash\flashutil10d.exe
c:\windows\system32\searchfilterhost.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\trend micro\hijackthis\hijackthis.exe
r1 - hkcu\software\microsoft\internet explorer\main,search bar = preserve
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.google.be/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hkcu\software\microsoft\internet explorer\main,local page =
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
o1 - hosts: ::1 localhost
o2 - bho: adobe pdf reader link helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
o2 - bho: p2p energy toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbp2p_.dll
o2 - bho: realplayer download and record plugin for internet explorer - {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
o2 - bho: spybot-s&d ie protection - {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\sdhelper.dll
o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
o2 - bho: search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
o2 - bho: windows live aanmelden - help - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar_32.dll
o2 - bho: google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
o2 - bho: google dictionary compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_b7c5ac242193bb3e.dll
o2 - bho: urlhelper class - {cfc4f59b-a2da-4e12-b337-52a4f871e10c} - c:\program files\shareaza applications\shareaza\shareazaiehelper.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: windows live toolbar helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
o3 - toolbar: p2p energy toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbp2p_.dll
o3 - toolbar: shareaza mediabar - {196c3a46-4758-433d-a600-802c804af39c} - c:\program files\shareaza applications\shareaza mediabar\shareazamediabar.dll
o3 - toolbar: &windows live toolbar - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
o3 - toolbar: google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll
o4 - hklm\..\run: [windows defender] %programfiles%\windows defender\msascui.exe -hide
o4 - hklm\..\run: [avast!] c:\progra~1\alwils~1\avast4\ashdisp.exe
o4 - hklm\..\run: [hpdj taskbar utility] c:\windows\system32\spool\drivers\w32x86\hpztsb03.exe
o4 - hklm\..\run: [nvsvc] rundll32.exe c:\windows\system32\nvsvc.dll,nvsvcstart
o4 - hklm\..\run: [nvcpldaemon] rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
o4 - hkcu\..\run: [ehtray.exe] c:\windows\ehome\ehtray.exe
o4 - hkcu\..\run: [google update] c:\users\francis\appdata\local\google\update\googleupdate.exe /c
o4 - hkcu\..\run: [swg] c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
o4 - hkcu\..\run: [wmpnscfg] c:\program files\windows media player\wmpnscfg.exe
o4 - hkcu\..\run: [losalamos] rundll32.exe c:\windows\system32\sshnas.dll,addatomaw
o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /detectmem (user 'local service')
o4 - hkus\s-1-5-19\..\run: [windowswelcomecenter] rundll32.exe oobefldr.dll,showwelcomecenter (user 'local service')
o4 - hkus\s-1-5-20\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /detectmem (user 'network service')
o4 - hkus\s-1-5-18\..\run: [cbssreg] c:\windows\temp\nond.tmp\svchost.exe (user 'systeem')
o4 - hkus\.default\..\run: [cbssreg] c:\windows\temp\nond.tmp\svchost.exe (user 'default user')
o9 - extra button: (no name) - {2d663d1a-8670-49d9-a1a5-4c56b4e14e84} - (no file)
o9 - extra button: add to videoget - {88cfa58b-a63f-4a94-9c54-0c7a58e3333e} - c:\progra~1\nuclea~1\videoget\plugins\videog~1.dll
o9 - extra 'tools' menuitem: add to &videoget - {88cfa58b-a63f-4a94-9c54-0c7a58e3333e} - c:\progra~1\nuclea~1\videoget\plugins\videog~1.dll
o9 - extra button: onderzoek - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office11\refiebar.dll
o9 - extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - c:\program files\spybot - search & destroy\sdhelper.dll
o9 - extra 'tools' menuitem: spybot - search && destroy configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - c:\program files\spybot - search & destroy\sdhelper.dll
o13 - gopher prefix:
o15 - trusted zone: [noparse]http://man.entriq.net[/noparse]
o15 - trusted zone: [noparse]http://messagent.telenet.be[/noparse]
o15 - trusted zone: [noparse]http://pctv.telenet.be[/noparse]
o15 - trusted zone: [noparse]http://www.telenet.be[/noparse]
o16 - dpf: {6f15128c-e66a-490c-b848-5000b5abeeac} (hp download manager) - [noparse]https://h20436.www2.hp.com/ediags/dex/secure/hpdexaxo.cab[/noparse]
o16 - dpf: {8100d56a-5661-482c-bee8-afece305d968} (facebook photo uploader 5 control) - [noparse]http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/facebookphotouploader55.cab[/noparse]
o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash object) - [noparse]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/noparse]
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - [noparse]http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab[/noparse]
o20 - winlogon notify: !saswinlogon - c:\program files\superantispyware\saswinlo.dll
o23 - service: avast! iavs4 control service (aswupdsv) - alwil software - c:\program files\alwil software\avast4\aswupdsv.exe
o23 - service: avast! antivirus - alwil software - c:\program files\alwil software\avast4\ashserv.exe
o23 - service: avast! mail scanner - alwil software - c:\program files\alwil software\avast4\ashmaisv.exe
o23 - service: avast! web scanner - alwil software - c:\program files\alwil software\avast4\ashwebsv.exe
o23 - service: google software updater (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: nero backitup scheduler 3 - nero ag - c:\program files\nero\nero8\nero backitup\nbservice.exe
o23 - service: nmindexingservice - nero ag - c:\program files\common files\nero\lib\nmindexingservice.exe
o23 - service: nmsaccessu - unknown owner - c:\program files\cdburnerxp\nmsaccessu.exe
--
end of file - 8209 bytes
[/hjt]