Logfile of HijackThis v1.99.1
Scan saved at 15:03:03, on 14-9-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Microsoft Office\Office\1043\msoffice.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\BJDEPRO\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.llsktagxvlgooyztowx.com/ZA3uUFUgJyw/forVBi6OUUW9VYB6NSSiH0W_4ctmVJuA6CJ2WA5goyaYGdnwRx Ct.cgi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Siemens SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [DateIdleHtmUp] C:\Documents and Settings\All Users\Application Data\balm bend date idle\Bold Delete.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [titlechic] C:\DOCUME~1\BJDEPRO\APPLIC~1\DATEPO~1\Teamplay.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ZDWlan.lnk = ?
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.yousendit.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://spystream.babenet.com/cabs/videox.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/28b5cdad8ccf5f396718/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096277873886
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{195BFA56-C40C-456D-8112-E8D1E2F2DC1A}: Domain = dalli.nl
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Heb gisteren msn plus gedownload en er ook weer af gelazerd maar denk dat er nog wel meer uit kan eigenlijk... heb alleen geen idee wat.

Wat kan ik eruit mieteren?

om te beginnen alles van Microsoft... :p

wat is dit:

O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe


O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE


en dit?

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

voor de rest lijken het me allemaal programma's en tools die je wel zou gebruiken...

leuk dat je firefox gebruikt...
goeie zet...

Chief108

om te beginnen alles van Microsoft... :p

wat is dit:

O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe



Dat is een aardig progje warmee je videoos kan downloaden die je normaal niet kan downloaden omdat de eigenaar dat niet wil. Of streaming videoos en je kan ook bv alle videoos van 1 site in een keer downloaden ermee, scheel hoop geklik. Handig ding eigenlijk.




O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE



Ik heb geen idee




en dit?

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

voor de rest lijken het me allemaal programma's en tools die je wel zou gebruiken...

leuk dat je firfox gebruikt...
goeie zet...

Chief108

ik heb geen idee wat dat is.

ik vond dit:

Process File: mxoaldr.exe
Process Name: Maxtor Corporation.

Description: mxoaldr.exe is an application which is initiated during install of Maxtor drivers. It by-passes Windows driver certificate engine. This program is a non-essential system process, but should not be terminated unless suspected to be causing problems.


Process File: LVCOMSX.EXE
Process Name: Logitech Multimedia

Description: LVCOMSX.EXE is installed alongside Logitech multimedia webcam devices and provides extra functionality for these products. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems.

Process File: syntplpr.exe
Process Name: Synaptics TouchPad Driver Helper

Description: syntplpr.exe is a process installed alongside the Synaptics TouchPad for laptop computer touchpads. It provides additional configurations and support. This program is a non-essential process, and is installed for ease of use.

lijken wel clean dus...

als je dus een laptop hebt, met een logitech webcam en "iets" van Maxtor...

mooi laten zitten dus...

niets aan de hand.

Chief108

Die files kloppen idd met wat je zegt en Maxtor is de externe Harddrive.

Wel vreemd dat ik nog steeds een search balk in mijn mickysoft browser heb die er niet uit wil...

niet met Mickysoft anti virus
niet met Adware
niet met Spybot

en nu dus ook niet met Hijack this

verrotz

Kan ik niet ergens achterhalen hoe dat ding heet?

dat soort shit zuigt harder als Monica in haar nieuwe blauwe jurk...

wat is de naam van werkbalk?
(bij View -> Toolbars staatie wel...)

zoek op die naam in google en de kans is best groot dat je een oplossing vindt...

suc6...

Chief108

Got it :



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://www.llsktagxvlgooyztowx.com/ZA3uUFUgJyw/forVBi6OUUW9VYB6NSSiH0W_4ctmVJuA6CJ2WA5goyaYGdnwRx Ct.cgi

well done...

Chief108