Ga naar inhoud

Hijackthis logje


Aanbevolen berichten

Hallo,

Kan iemand het logje even nakijken? Mijn computer(s) lijken de laatste tijd nogal traag te zijn. Verder heb ik het gevoel dat om één of andere reden mijn voorkeuren niet meer hetzelfde zijn als voorheen. In het logje vallen me ook de AVG- en Ad Aware entries op, terwijl ik beide programma's deze week verwijderd heb. Is dit normaal?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:55:45, on 15/04/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: NormalRunning processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\PixArt\PAC207\Monitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Windows Live\Family Safety\fsui.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Creative\MediaSource5\MtdAcqu.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Users\Joeri\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\PrintKey2000\Printkey2000.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup

O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode

O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [zeSetup.exe] C:\DOWNLO~1\ZESETU~1.EXE /r

O4 - HKCU\..\Run: [Google Update] "C:\Users\Joeri\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O13 - Gopher Prefix:

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powersoccer.spel.nl/applet/PowerLoader.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{030246C0-61F2-4C80-83E5-0C44F993C10C}: NameServer = 85.255.116.70,85.255.112.101

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.70,85.255.112.101

O17 - HKLM\System\CS1\Services\Tcpip\..\{030246C0-61F2-4C80-83E5-0C44F993C10C}: NameServer = 85.255.116.70,85.255.112.101

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.70,85.255.112.101

O17 - HKLM\System\CS2\Services\Tcpip\..\{030246C0-61F2-4C80-83E5-0C44F993C10C}: NameServer = 85.255.116.70,85.255.112.101

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.70,85.255.112.101

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe

O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--

End of file - 12312 bytes

Ook malwarebytes even laten lopen...

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Databaseversie: 7253

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.19088

23/07/2011 22:36:26

mbam-log-2011-07-23 (22-36-23).txt

Scantype: Snelle scan

Objecten gescand: 176152

Verstreken tijd: 7 minuut/minuten, 9 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 3

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 5

Bestanden geïnfecteerd: 144

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gaopdxserv.sys (Trojan.Agent) -> No action taken.

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

c:\Users\Joeri\AppData\Roaming\ErrorFix (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\Logs (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330 (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\Results (Rogue.ErrorFix) -> No action taken.

Bestanden geïnfecteerd:

c:\downloads\cakemania2setup-dm[1].exe (Adware.TryMedia) -> No action taken.

c:\downloads\mpesetup-dm[1].exe (Adware.TryMedia) -> No action taken.

c:\downloads\ponyluvsetup-dm[1].exe (Adware.TryMedia) -> No action taken.

c:\downloads\puppyluv-dm[1].exe (Adware.TryMedia) -> No action taken.

c:\downloads\puppyluvnb-dm[1].exe (Adware.TryMedia) -> No action taken.

c:\downloads\singlesmsetup-dm[1].exe (Adware.TryMedia) -> No action taken.

c:\downloads\zesetup-dm[1].exe (Adware.TryMedia) -> No action taken.

c:\Windows\Temp\tmp00000006276cdf59238086d2 (Rootkit.Agent) -> No action taken.

c:\Windows\Tasks\errorfix scan.job (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\spy_ignore.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\Logs\2009-05-03 13-48-200.log (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\filelist.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-0.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-1.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-10.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-100.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-101.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-102.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-103.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-104.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-105.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-106.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-107.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-108.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-109.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-11.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-110.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-111.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-112.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-113.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-26.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-27.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-28.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-29.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-3.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-30.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-31.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-32.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-33.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-34.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-35.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-36.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-37.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-38.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-39.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-4.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-40.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-41.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-42.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-44.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-45.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-46.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-47.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-48.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-49.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-5.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-50.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-51.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-52.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-53.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-54.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-55.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-56.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-57.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-58.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-59.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-6.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-60.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-62.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-63.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-64.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-65.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-66.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-67.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-68.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-69.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-7.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-70.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-71.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-72.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-73.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-74.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-75.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-76.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-77.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-78.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-79.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-80.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-81.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-82.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-83.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-84.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-85.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-86.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-87.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-88.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-89.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-9.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-90.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-91.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-92.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-93.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-94.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-95.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-96.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-97.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-98.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-99.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-114.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-25.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-43.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-61.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-8.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-115.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-116.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-117.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-118.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-119.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-12.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-120.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-121.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-122.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-123.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-124.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-125.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-126.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-127.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-13.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-14.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-15.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-16.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-17.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-18.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-19.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-2.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-20.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-21.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-22.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-23.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\quarantinew\2009-05-03 13-54-330\regb-24.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\Results\Evidence.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\Results\Junk.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\Results\Registry.db (Rogue.ErrorFix) -> No action taken.

c:\Users\Joeri\AppData\Roaming\ErrorFix\Results\Update.db (Rogue.ErrorFix) -> No action taken.

Alvast bedankt!

Link naar reactie
Delen op andere sites

Onze Oekraïense "vrienden" hebben je te pakken :dong:

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O4 - HKCU\..\Run: [zeSetup.exe] C:\DOWNLO~1\ZESETU~1.EXE /r

O17 - HKLM\System\CCS\Services\Tcpip\..\{030246C0-61F2-4C80-83E5-0C44F993C10C}: NameServer = 85.255.116.70,85.255.112.101

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.70,85.255.112.101

O17 - HKLM\System\CS1\Services\Tcpip\..\{030246C0-61F2-4C80-83E5-0C44F993C10C}: NameServer = 85.255.116.70,85.255.112.101

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.70,85.255.112.101

O17 - HKLM\System\CS2\Services\Tcpip\..\{030246C0-61F2-4C80-83E5-0C44F993C10C}: NameServer = 85.255.116.70,85.255.112.101

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.70,85.255.112.101

Klik op 'Fix checked' om de items te verwijderen.

Je Java software is verouderd.

Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 6 Update 26.

  • Scroll omlaag naar : "Java Platform Standard Edition".
  • Klik op de "Download JRE" knop aan de rechterkant.
  • In het uitklapmenu rechts naast Platform, selecteer Windows
  • Vink aan: "I agree to the Java SE Runtime Environment 6u26 with JavaFX License Agreement", en klik op Continue.
  • De pagina zal herladen.
  • Klik op de jre-6u26-windows-i586.exe link ONDER Available Files en bewaar het naar je Bureaublad.
  • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
  • Ga dan naar Start > Configuratiescherm > Software of Start > Configuratiescherm > Programma's en onderdelen (bij Vista) en verwijder alle oudere versies van Java uit de Softwarelijst.
  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
  • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
  • Herhaal dit tot alle oudere versies verdwenen zijn.
  • Na het verwijderen van alle oudere versies, herstart je pc.
  • Dubbelklik vervolgens op jre-6u26-windows-i586.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Laat dan Malwarebytes terug scannen, want "no action taken" wijst er normaal op dat je de gevonden items niet hebt verwijderd. Doe dat nu wél ... en hang daarna - ter controle - een nieuw log van Malwarebytes en HijackThis in je volgende bericht.

Link naar reactie
Delen op andere sites

Beste kape,

Bedankt voor de hulp. Ik wist niet dat ik Oekraiense vrienden had... Gaat dit enkel om malware, of kan de computer harder geinfecteerd zijn?

Ik heb in ieder geval alle hierboven beschreven acties ondernomen. Enkele bemerkingen:

(1) De O4 en O17 entries in de hijackthis log kon ik opeens niet meer terugvinden. Er is dus eigenlijk niets verwijderd.

(2) Er zijn wel twee andere O4 entries in de plaats gekomen: ehtray.exe en EAcore.

(3) Wat malwarebytes betreft: niks kwaadaardigs meer gevonden. Ik wist oorspronkelijk niet of ik alles mocht verwijderen, aangezien er infecties in het register zaten. Uiteindelijk dan toch alles verwijderd.

(4) AVG en Adaware blijft opduiken in het hijackthis logje. Is dit normaal? Beide programma's zijn verwijderd sinds begin deze week?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:55:45, on 15/04/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\PixArt\PAC207\Monitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Windows Live\Family Safety\fsui.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Creative\MediaSource5\MtdAcqu.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Users\Joeri\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\PrintKey2000\Printkey2000.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup

O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode

O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [zeSetup.exe] C:\DOWNLO~1\ZESETU~1.EXE /r

O4 - HKCU\..\Run: [Google Update] "C:\Users\Joeri\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O13 - Gopher Prefix:

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powersoccer.spel.nl/applet/PowerLoader.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{030246C0-61F2-4C80-83E5-0C44F993C10C}: NameServer = 85.255.116.70,85.255.112.101

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.70,85.255.112.101

O17 - HKLM\System\CS1\Services\Tcpip\..\{030246C0-61F2-4C80-83E5-0C44F993C10C}: NameServer = 85.255.116.70,85.255.112.101

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.70,85.255.112.101

O17 - HKLM\System\CS2\Services\Tcpip\..\{030246C0-61F2-4C80-83E5-0C44F993C10C}: NameServer = 85.255.116.70,85.255.112.101

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.70,85.255.112.101

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe

O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--

End of file - 12312 bytes

Er zullen nog enkele logs volgen deze week. Grootschalige opkuisactie van verschillende pc's :-)

Link naar reactie
Delen op andere sites

Het probleem dat je niets kan terugvinden, lijkt veroorzaakt te worden door een oud logje dat je hier gepost hebt. Kijk eens naar de datum van het log :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:55:45, on 15/04/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

Probeer eens een actueel log van HJT aan te maken en dit te plaatsen in je volgende bericht. Dan zal de situatie helemaal anders zijn dan in het huidig geplaatste log.

Gebruik om AVG te verwijderen eens de AVG Removal Tool.

aangepast door kape
Link naar reactie
Delen op andere sites

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.