Ga naar inhoud

Blue Screen of Death + 2 andere zaken

Nukron

Door Nukron
in Archief Windows Algemeen

 Delen

Aanbevolen berichten

Nukron Leerling

Nukron

Geplaatst:
Geplaatst:

Om te beginnen, er zijn een aantal dingen niet goed op mijn computer.

1. Ik kan niet op google komen, andere sites werken prima, alleen google niet.

2. Taakbeheer werkt niet, ik kan dat niet opstarten.

3. (Mijn directe aanleiding tot dit bericht) Sinds kort krijg ik een blauw scherm, met daarop 0x000000D1.

Hierna krijg ik; Uw systeem is hersteld van een ernstige fout;

C:\DOCUME~1\Olivier\LOCALS~1\Temp\WER8218.dir00\Mini070411-01.dmp

C:\DOCUME~1\Olivier\LOCALS~1\Temp\WER8218.dir00\sysdata.xml

Mijn virusscanner NOD32 geeft aan dat ik geen virussen heb.

Hoop dat jullie kunnen helpen!

Heb volgens mij wel een extreem lang HijackThis- report.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:36:48, on 16-4-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Java\jre1.6.0_13\bin\jqs.exe

D:\Programma's\logmein\x86\LMIGuardianSvc.exe

D:\Programma's\logmein\x86\RaMaint.exe

D:\Programma's\logmein\x86\LogMeIn.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe

C:\Program Files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe

D:\Programma's\logmein\x86\LMIGuardianSvc.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe

D:\Programma's\logmein\x86\LogMeInSystray.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

D:\Programma's\Itunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Programma's\DAEMON Tools Lite\daemon.exe

D:\Programma's\utorrent\uTorrent.exe

C:\Program Files\Messenger\msmsgs.exe

D:\programma's\steam\steam.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

D:\Programma's\logmein\x86\LMIGuardianSvc.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\NETGEAR\WN111v2\WN111V2.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

D:\Programma's\Firefox\firefox.exe

C:\Program Files\Opera\opera.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\msiexec.exe

D:\Programma's\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Nederland

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Nederland

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

R3 - URLSearchHook: Messenger Plus Live Netherlands Toolbar - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\prxtbMes2.dll

O1 - Hosts: 74.125.45.100 4-open-davinci.com

O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com

O1 - Hosts: 74.125.45.100 privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 secure-plus-payments.com

O1 - Hosts: 74.125.45.100 getantivirusplusnow.com: The Leading Get Anti Virus Plus Now Site on the Net

O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com

O1 - Hosts: 74.125.45.100 getavplusnow.com

O1 - Hosts: 74.125.45.100 securesoftwarebill.com

O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com

O1 - Hosts: 74.125.45.100 paysoftbillsolution.com

O1 - Hosts: 64.86.17.32 google.ae

O1 - Hosts: 64.86.17.32 google.as

O1 - Hosts: 64.86.17.32 google.at

O1 - Hosts: 64.86.17.32 google.az

O1 - Hosts: 64.86.17.32 google.ba

O1 - Hosts: 64.86.17.32 google.be

O1 - Hosts: 64.86.17.32 google.bg

O1 - Hosts: 64.86.17.32 google.bs

O1 - Hosts: 64.86.17.32 google.ca

O1 - Hosts: 64.86.17.32 google.cd

O1 - Hosts: 64.86.17.32 google.com.gh

O1 - Hosts: 64.86.17.32 google.com.hk

O1 - Hosts: 64.86.17.32 google.com.jm

O1 - Hosts: 64.86.17.32 google.com.mx

O1 - Hosts: 64.86.17.32 google.com.my

O1 - Hosts: 64.86.17.32 google.com.na

O1 - Hosts: 64.86.17.32 google.com.nf

O1 - Hosts: 64.86.17.32 google.com.ng

O1 - Hosts: 64.86.17.32 google.ch

O1 - Hosts: 64.86.17.32 google.com.np

O1 - Hosts: 64.86.17.32 google.com.pr

O1 - Hosts: 64.86.17.32 google.com.qa

O1 - Hosts: 64.86.17.32 google.com.sg

O1 - Hosts: 64.86.17.32 google.com.tj

O1 - Hosts: 64.86.17.32 google.com.tw

O1 - Hosts: 64.86.17.32 google.dj

O1 - Hosts: 64.86.17.32 google.de

O1 - Hosts: 64.86.17.32 google.dk

O1 - Hosts: 64.86.17.32 google.dm

O1 - Hosts: 64.86.17.32 google.ee

O1 - Hosts: 64.86.17.32 google.fi

O1 - Hosts: 64.86.17.32 google.fm

O1 - Hosts: 64.86.17.32 google.fr

O1 - Hosts: 64.86.17.32 google.ge

O1 - Hosts: 64.86.17.32 google.gg

O1 - Hosts: 64.86.17.32 google.gm

O1 - Hosts: 64.86.17.32 google.gr

O1 - Hosts: 64.86.17.32 google.ht

O1 - Hosts: 64.86.17.32 google.ie

O1 - Hosts: 64.86.17.32 google.im

O1 - Hosts: 64.86.17.32 google.in

O1 - Hosts: 64.86.17.32 google.it

O1 - Hosts: 64.86.17.32 google.ki

O1 - Hosts: 64.86.17.32 google.la

O1 - Hosts: 64.86.17.32 google.li

O1 - Hosts: 64.86.17.32 google.lv

O1 - Hosts: 64.86.17.32 google.ma

O1 - Hosts: 64.86.17.32 google.ms

O1 - Hosts: 64.86.17.32 google.mu

O1 - Hosts: 64.86.17.32 google.mw

O1 - Hosts: 64.86.17.32 google.nl

O1 - Hosts: 64.86.17.32 google.no

O1 - Hosts: 64.86.17.32 google.nr

O1 - Hosts: 64.86.17.32 google.nu

O1 - Hosts: 64.86.17.32 google.pl

O1 - Hosts: 64.86.17.32 google.pn

O1 - Hosts: 64.86.17.32 google.pt

O1 - Hosts: 64.86.17.32 google.ro

O1 - Hosts: 64.86.17.32 google.ru

O1 - Hosts: 64.86.17.32 google.rw

O1 - Hosts: 64.86.17.32 google.sc

O1 - Hosts: 64.86.17.32 google.se

O1 - Hosts: 64.86.17.32 google.sh

O1 - Hosts: 64.86.17.32 google.si

O1 - Hosts: 64.86.17.32 google.sm

O1 - Hosts: 64.86.17.32 google.sn

O1 - Hosts: 64.86.17.32 google.st

O1 - Hosts: 64.86.17.32 google.tl

O1 - Hosts: 64.86.17.32 google.tm

O1 - Hosts: 64.86.17.32 google.tt

O1 - Hosts: 64.86.17.32 google.us

O1 - Hosts: 64.86.17.32 google.vu

O1 - Hosts: 64.86.17.32 google.ws

O1 - Hosts: 64.86.17.32 google.co.ck

O1 - Hosts: 64.86.17.32 google.co.id

O1 - Hosts: 64.86.17.32 google.co.il

O1 - Hosts: 64.86.17.32 google.co.in

O1 - Hosts: 64.86.17.32 google.co.jp

O1 - Hosts: 64.86.17.32 google.co.kr

O1 - Hosts: 64.86.17.32 google.co.ls

O1 - Hosts: 64.86.17.32 google.co.ma

O1 - Hosts: 64.86.17.32 google.co.nz

O1 - Hosts: 64.86.17.32 google.co.tz

O1 - Hosts: 64.86.17.32 google.co.ug

O1 - Hosts: 64.86.17.32 google.co.uk

O1 - Hosts: 64.86.17.32 google.co.za

O1 - Hosts: 64.86.17.32 google.co.zm

O1 - Hosts: 64.86.17.32 google.com

O1 - Hosts: 64.86.17.32 google.com.af

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\ReImageCompanion\updatebhoWin32.dll

O2 - BHO: script helper for ie - {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - C:\Program Files\ReImageCompanion\jsloader.dll

O2 - BHO: Messenger Plus Live Netherlands - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\prxtbMes2.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_13\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_13\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: Messenger Plus Live Netherlands Toolbar - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\prxtbMes2.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"

O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [MyPoi Monitor] "C:\Program Files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Programma's\logmein\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "D:\Programma's\Itunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 /CHI=gmdfpnpdmnjaffhcdbobdjpolhpacaem

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programma's\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [uTorrent] "D:\Programma's\utorrent\uTorrent.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [steam] "D:\programma's\steam\steam.exe" -silent

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Disker] rundll32.exe C:\DOCUME~1\Olivier\LOCALS~1\Temp\MS2011Helper.DLL,z

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Olivier\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')

O4 - Startup: FIFA 09 Registration.lnk = E:\Games\Fifa'09\Support\EAregister.exe

O4 - Startup: Logitech-productregistratie.lnk = C:\Program Files\Common Files\LogiShared\eReg\SetPoint\eReg.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Olivier\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\ReImageCompanion\tdataprotocol.dll

O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\ReImageCompanion\tdataprotocol.dll

O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\ReImageCompanion\tdataprotocol.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Ad-Aware Service - Unknown owner - D:\Programma's\Ad-Aware Antivirus\AdAwareService.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre1.6.0_13\bin\jqs.exe

O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - D:\Programma's\logmein\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Programma's\logmein\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Programma's\logmein\x86\LogMeIn.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe

O23 - Service: Ad-Aware (SBAMSvc) - Unknown owner - D:\Programma's\Ad-Aware Antivirus\Engine\SBAMSvc.exe (file missing)

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: TunngleService - Tunngle.net GmbH - D:\Programma's\Tunngle\TnglCtrl.exe

O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 20450 bytes

Link naar reactie
Delen op andere sites
  • Reacties 35
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop "Ad-Aware Service"

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete "Ad-Aware Service"

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

R3 - URLSearchHook: Messenger Plus Live Netherlands Toolbar - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\prxtbMes2.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\ReImageCompanion\updatebhoWin32.dll

O2 - BHO: script helper for ie - {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - C:\Program Files\ReImageCompanion\jsloader.dll

O2 - BHO: Messenger Plus Live Netherlands - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\prxtbMes2.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: Messenger Plus Live Netherlands Toolbar - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\prxtbMes2.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 /CHI=gmdfpnpdmnjaffhcdbobdjpolhpacaem

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k

O4 - HKCU\..\Run: [Disker] rundll32.exe C:\DOCUME~1\Olivier\LOCALS~1\Temp\MS2011Helper.DLL,z

O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\ReImageCompanion\tdataprotocol.dll

O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\ReImageCompanion\tdataprotocol.dll

O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\ReImageCompanion\tdataprotocol.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Verwijder Ask Toolbar of Ask.com via Software (indien aanwezig) of verwijder anders volgende vetgedrukte map : C:\Program Files\Ask.com

Download MVPS Hosts.

Unzip het programma naar een door u bepaalde locatie.

Windows XP

Klik op mvps.bat en kies voor “uitvoeren” om mvps.bat op te starten (*).

Druk op toets om door te gaan.

Van het bestaande bestand HOSTS op de standaardlocatie C:\windows\system32\drivers\etc wordt een backup gemaakt met de naam HOSTS.MVP

Dan wordt het bestand vervangen door de actuele MVPS Hosts-versie.

(*) Windows Vista en Windows 7 gebruikers moeten rechtsklikken op mvps.bat en kiezen voor ”uitvoeren als administrator” om mvps.bat op te starten.

Je Java software is verouderd.

Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 7u3.

  • Scroll omlaag naar : "Java Platform Standard Edition".


  • Klik op de "Download JRE" knop aan de rechterkant.

  • Vink aan: "Accept License Agreement" onder “Java SE Runtime Environment 7u3”.

  • Klik op de jre-7u3-windows-i586.exe link ONDER Download en bewaar het naar je Bureaublad.
  • Sluit alle programma's die eventueel open zijn - Zeker je webbrowser!
  • Ga dan naar Start > Configuratiescherm > Software of Start > Configuratiescherm > Programma's en onderdelen (bij Vista) en verwijder alle oudere versies van Java uit de Softwarelijst.
  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
  • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
  • Herhaal dit tot alle oudere versies verdwenen zijn.
  • Na het verwijderen van alle oudere versies, herstart je pc.
  • Dubbelklik vervolgens op jre-7u3-windows-i586.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites
Nukron Leerling

Nukron

Geplaatst:
  • Auteur
Geplaatst:

Hartstikke bedankt voor de snelle reactie! Heb alles meteen gedaan maar moest toen ff weg, nu terug, hier de bestandjes waar je om vroeg:

Malwarebytes Anti-Malware 1.61.0.1400

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Databaseversie: v2012.04.16.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Olivier :: OLIVIER-C751C5A [administrator]

16-4-2012 19:10:44

mbam-log-2012-04-16 (19-10-44).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 194302

Verstreken tijd: 3 minuut/minuten, 12 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 5

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 2

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Worm.AutoRun) -> Data: C:\RECYCLER\S-1-5-21-0561401161-0317914874-621269210-6763\rundll32.exe,explorer.exe,C:\RECYCLER\S-1-5-21-7259672232-1710621787-259594755-8566\yv8g67.exe -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Succesvol in quarantaine geplaatst en verwijderd.

Registerdata gedetecteerd: 2

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell) -> Slecht: (C:\RECYCLER\S-1-5-21-0561401161-0317914874-621269210-6763\rundll32.exe,explorer.exe,C:\RECYCLER\S-1-5-21-7259672232-1710621787-259594755-8566\yv8g67.exe) Goed: (Explorer.exe) -> Succesvol in quarantaine geplaatst en gerepareerd.

HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Slecht: ("regedit.exe" "%1") Goed: (regedit.exe "%1") -> Succesvol in quarantaine geplaatst en gerepareerd.

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

En de Hijack:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:29:07, on 16-4-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

D:\Programma's\logmein\x86\LMIGuardianSvc.exe

D:\Programma's\logmein\x86\RaMaint.exe

D:\Programma's\logmein\x86\LogMeIn.exe

D:\Programma's\logmein\x86\LMIGuardianSvc.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe

C:\Program Files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

D:\Programma's\logmein\x86\LogMeInSystray.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

D:\Programma's\Itunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Programma's\DAEMON Tools Lite\daemon.exe

D:\Programma's\utorrent\uTorrent.exe

C:\Program Files\Messenger\msmsgs.exe

D:\programma's\steam\steam.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

D:\Programma's\logmein\x86\LMIGuardianSvc.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\NETGEAR\WN111v2\WN111V2.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\Opera\opera.exe

D:\Programma's\Firefox\firefox.exe

D:\Programma's\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Nederland

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Nederland

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: 74.125.45.100 4-open-davinci.com

O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com

O1 - Hosts: 74.125.45.100 privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 secure-plus-payments.com

O1 - Hosts: 74.125.45.100 getantivirusplusnow.com: The Leading Get Anti Virus Plus Now Site on the Net

O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com

O1 - Hosts: 74.125.45.100 getavplusnow.com

O1 - Hosts: 74.125.45.100 securesoftwarebill.com

O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com

O1 - Hosts: 74.125.45.100 paysoftbillsolution.com

O1 - Hosts: 64.86.17.32 google.ae

O1 - Hosts: 64.86.17.32 google.as

O1 - Hosts: 64.86.17.32 google.at

O1 - Hosts: 64.86.17.32 google.az

O1 - Hosts: 64.86.17.32 google.ba

O1 - Hosts: 64.86.17.32 google.be

O1 - Hosts: 64.86.17.32 google.bg

O1 - Hosts: 64.86.17.32 google.bs

O1 - Hosts: 64.86.17.32 google.ca

O1 - Hosts: 64.86.17.32 google.cd

O1 - Hosts: 64.86.17.32 google.com.gh

O1 - Hosts: 64.86.17.32 google.com.hk

O1 - Hosts: 64.86.17.32 google.com.jm

O1 - Hosts: 64.86.17.32 google.com.mx

O1 - Hosts: 64.86.17.32 google.com.my

O1 - Hosts: 64.86.17.32 google.com.na

O1 - Hosts: 64.86.17.32 google.com.nf

O1 - Hosts: 64.86.17.32 google.com.ng

O1 - Hosts: 64.86.17.32 google.ch

O1 - Hosts: 64.86.17.32 google.com.np

O1 - Hosts: 64.86.17.32 google.com.pr

O1 - Hosts: 64.86.17.32 google.com.qa

O1 - Hosts: 64.86.17.32 google.com.sg

O1 - Hosts: 64.86.17.32 google.com.tj

O1 - Hosts: 64.86.17.32 google.com.tw

O1 - Hosts: 64.86.17.32 google.dj

O1 - Hosts: 64.86.17.32 google.de

O1 - Hosts: 64.86.17.32 google.dk

O1 - Hosts: 64.86.17.32 google.dm

O1 - Hosts: 64.86.17.32 google.ee

O1 - Hosts: 64.86.17.32 google.fi

O1 - Hosts: 64.86.17.32 google.fm

O1 - Hosts: 64.86.17.32 google.fr

O1 - Hosts: 64.86.17.32 google.ge

O1 - Hosts: 64.86.17.32 google.gg

O1 - Hosts: 64.86.17.32 google.gm

O1 - Hosts: 64.86.17.32 google.gr

O1 - Hosts: 64.86.17.32 google.ht

O1 - Hosts: 64.86.17.32 google.ie

O1 - Hosts: 64.86.17.32 google.im

O1 - Hosts: 64.86.17.32 google.in

O1 - Hosts: 64.86.17.32 google.it

O1 - Hosts: 64.86.17.32 google.ki

O1 - Hosts: 64.86.17.32 google.la

O1 - Hosts: 64.86.17.32 google.li

O1 - Hosts: 64.86.17.32 google.lv

O1 - Hosts: 64.86.17.32 google.ma

O1 - Hosts: 64.86.17.32 google.ms

O1 - Hosts: 64.86.17.32 google.mu

O1 - Hosts: 64.86.17.32 google.mw

O1 - Hosts: 64.86.17.32 google.nl

O1 - Hosts: 64.86.17.32 google.no

O1 - Hosts: 64.86.17.32 google.nr

O1 - Hosts: 64.86.17.32 google.nu

O1 - Hosts: 64.86.17.32 google.pl

O1 - Hosts: 64.86.17.32 google.pn

O1 - Hosts: 64.86.17.32 google.pt

O1 - Hosts: 64.86.17.32 google.ro

O1 - Hosts: 64.86.17.32 google.ru

O1 - Hosts: 64.86.17.32 google.rw

O1 - Hosts: 64.86.17.32 google.sc

O1 - Hosts: 64.86.17.32 google.se

O1 - Hosts: 64.86.17.32 google.sh

O1 - Hosts: 64.86.17.32 google.si

O1 - Hosts: 64.86.17.32 google.sm

O1 - Hosts: 64.86.17.32 google.sn

O1 - Hosts: 64.86.17.32 google.st

O1 - Hosts: 64.86.17.32 google.tl

O1 - Hosts: 64.86.17.32 google.tm

O1 - Hosts: 64.86.17.32 google.tt

O1 - Hosts: 64.86.17.32 google.us

O1 - Hosts: 64.86.17.32 google.vu

O1 - Hosts: 64.86.17.32 google.ws

O1 - Hosts: 64.86.17.32 google.co.ck

O1 - Hosts: 64.86.17.32 google.co.id

O1 - Hosts: 64.86.17.32 google.co.il

O1 - Hosts: 64.86.17.32 google.co.in

O1 - Hosts: 64.86.17.32 google.co.jp

O1 - Hosts: 64.86.17.32 google.co.kr

O1 - Hosts: 64.86.17.32 google.co.ls

O1 - Hosts: 64.86.17.32 google.co.ma

O1 - Hosts: 64.86.17.32 google.co.nz

O1 - Hosts: 64.86.17.32 google.co.tz

O1 - Hosts: 64.86.17.32 google.co.ug

O1 - Hosts: 64.86.17.32 google.co.uk

O1 - Hosts: 64.86.17.32 google.co.za

O1 - Hosts: 64.86.17.32 google.co.zm

O1 - Hosts: 64.86.17.32 google.com

O1 - Hosts: 64.86.17.32 google.com.af

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"

O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [MyPoi Monitor] "C:\Program Files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent

O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Programma's\logmein\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "D:\Programma's\Itunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programma's\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [uTorrent] "D:\Programma's\utorrent\uTorrent.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [steam] "D:\programma's\steam\steam.exe" -silent

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Olivier\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: FIFA 09 Registration.lnk = E:\Games\Fifa'09\Support\EAregister.exe

O4 - Startup: Logitech-productregistratie.lnk = C:\Program Files\Common Files\LogiShared\eReg\SetPoint\eReg.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Olivier\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - D:\Programma's\logmein\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Programma's\logmein\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Programma's\logmein\x86\LogMeIn.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe

O23 - Service: Ad-Aware (SBAMSvc) - Unknown owner - D:\Programma's\Ad-Aware Antivirus\Engine\SBAMSvc.exe (file missing)

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: TunngleService - Tunngle.net GmbH - D:\Programma's\Tunngle\TnglCtrl.exe

O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 16457 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Blijkbaar heb je dit deel niet uitgevoerd :

Download MVPS Hosts.

Unzip het programma naar een door u bepaalde locatie.

Windows XP

Klik op mvps.bat en kies voor “uitvoeren” om mvps.bat op te starten (*).

Druk op toets om door te gaan.

Van het bestaande bestand HOSTS op de standaardlocatie C:\windows\system32\drivers\etc wordt een backup gemaakt met de naam HOSTS.MVP

Dan wordt het bestand vervangen door de actuele MVPS Hosts-versie.

(*) Windows Vista en Windows 7 gebruikers moeten rechtsklikken op mvps.bat en kiezen voor ”uitvoeren als administrator” om mvps.bat op te starten.

Wil je dat nog eens herdoen en dan daarna een nieuw log van HijackThis plaatsen in een volgend bericht.

Link naar reactie
Delen op andere sites
Nukron Leerling

Nukron

Geplaatst:
  • Auteur
Geplaatst:

Hmmm. Vreemd, ik heb dat wel gedaan. Heb het nog eens gedaan en als ik kijk staat er dit:

Het systeem kan het opgegeven bestand niet vinden. Toegang geweigerd.

The MVPS Hosts file is now updated

Previous version saved and renamed to hosts.MVP

Druk op een toets om door te gaan.

Dit is erg tegenstrijdig lijkt mij.. ?

Link naar reactie
Delen op andere sites
Nukron Leerling

Nukron

Geplaatst:
  • Auteur
Geplaatst:

Oke, ik krijg btw wel een melding bij HijackThis:

For some reason your system denied acces to the hosts file. If any Hijacked files are in this file, Hijack this may not be able to fix them.*

En daarna:

You have a particularly large amount of hijacked domains. It's probably better to delete the file itself then to fix each item.

Hierna gaat hij wel gewoon verder en krijg ik een hijack report.

Hier m'n Hijack-rapport;

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:54:51, on 16-4-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

D:\Programma's\logmein\x86\LMIGuardianSvc.exe

D:\Programma's\logmein\x86\RaMaint.exe

D:\Programma's\logmein\x86\LogMeIn.exe

D:\Programma's\logmein\x86\LMIGuardianSvc.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe

C:\Program Files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

D:\Programma's\logmein\x86\LogMeInSystray.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

D:\Programma's\Itunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Programma's\DAEMON Tools Lite\daemon.exe

D:\Programma's\utorrent\uTorrent.exe

C:\Program Files\Messenger\msmsgs.exe

D:\programma's\steam\steam.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

D:\Programma's\logmein\x86\LMIGuardianSvc.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\NETGEAR\WN111v2\WN111V2.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\Opera\opera.exe

D:\Programma's\Firefox\firefox.exe

D:\Programma's\Firefox\plugin-container.exe

D:\Programma's\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Nederland

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Nederland

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: 74.125.45.100 4-open-davinci.com

O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com

O1 - Hosts: 74.125.45.100 privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 secure-plus-payments.com

O1 - Hosts: 74.125.45.100 getantivirusplusnow.com: The Leading Get Anti Virus Plus Now Site on the Net

O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com

O1 - Hosts: 74.125.45.100 getavplusnow.com

O1 - Hosts: 74.125.45.100 securesoftwarebill.com

O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com

O1 - Hosts: 74.125.45.100 paysoftbillsolution.com

O1 - Hosts: 64.86.17.32 google.ae

O1 - Hosts: 64.86.17.32 google.as

O1 - Hosts: 64.86.17.32 google.at

O1 - Hosts: 64.86.17.32 google.az

O1 - Hosts: 64.86.17.32 google.ba

O1 - Hosts: 64.86.17.32 google.be

O1 - Hosts: 64.86.17.32 google.bg

O1 - Hosts: 64.86.17.32 google.bs

O1 - Hosts: 64.86.17.32 google.ca

O1 - Hosts: 64.86.17.32 google.cd

O1 - Hosts: 64.86.17.32 google.com.gh

O1 - Hosts: 64.86.17.32 google.com.hk

O1 - Hosts: 64.86.17.32 google.com.jm

O1 - Hosts: 64.86.17.32 google.com.mx

O1 - Hosts: 64.86.17.32 google.com.my

O1 - Hosts: 64.86.17.32 google.com.na

O1 - Hosts: 64.86.17.32 google.com.nf

O1 - Hosts: 64.86.17.32 google.com.ng

O1 - Hosts: 64.86.17.32 google.ch

O1 - Hosts: 64.86.17.32 google.com.np

O1 - Hosts: 64.86.17.32 google.com.pr

O1 - Hosts: 64.86.17.32 google.com.qa

O1 - Hosts: 64.86.17.32 google.com.sg

O1 - Hosts: 64.86.17.32 google.com.tj

O1 - Hosts: 64.86.17.32 google.com.tw

O1 - Hosts: 64.86.17.32 google.dj

O1 - Hosts: 64.86.17.32 google.de

O1 - Hosts: 64.86.17.32 google.dk

O1 - Hosts: 64.86.17.32 google.dm

O1 - Hosts: 64.86.17.32 google.ee

O1 - Hosts: 64.86.17.32 google.fi

O1 - Hosts: 64.86.17.32 google.fm

O1 - Hosts: 64.86.17.32 google.fr

O1 - Hosts: 64.86.17.32 google.ge

O1 - Hosts: 64.86.17.32 google.gg

O1 - Hosts: 64.86.17.32 google.gm

O1 - Hosts: 64.86.17.32 google.gr

O1 - Hosts: 64.86.17.32 google.ht

O1 - Hosts: 64.86.17.32 google.ie

O1 - Hosts: 64.86.17.32 google.im

O1 - Hosts: 64.86.17.32 google.in

O1 - Hosts: 64.86.17.32 google.it

O1 - Hosts: 64.86.17.32 google.ki

O1 - Hosts: 64.86.17.32 google.la

O1 - Hosts: 64.86.17.32 google.li

O1 - Hosts: 64.86.17.32 google.lv

O1 - Hosts: 64.86.17.32 google.ma

O1 - Hosts: 64.86.17.32 google.ms

O1 - Hosts: 64.86.17.32 google.mu

O1 - Hosts: 64.86.17.32 google.mw

O1 - Hosts: 64.86.17.32 google.nl

O1 - Hosts: 64.86.17.32 google.no

O1 - Hosts: 64.86.17.32 google.nr

O1 - Hosts: 64.86.17.32 google.nu

O1 - Hosts: 64.86.17.32 google.pl

O1 - Hosts: 64.86.17.32 google.pn

O1 - Hosts: 64.86.17.32 google.pt

O1 - Hosts: 64.86.17.32 google.ro

O1 - Hosts: 64.86.17.32 google.ru

O1 - Hosts: 64.86.17.32 google.rw

O1 - Hosts: 64.86.17.32 google.sc

O1 - Hosts: 64.86.17.32 google.se

O1 - Hosts: 64.86.17.32 google.sh

O1 - Hosts: 64.86.17.32 google.si

O1 - Hosts: 64.86.17.32 google.sm

O1 - Hosts: 64.86.17.32 google.sn

O1 - Hosts: 64.86.17.32 google.st

O1 - Hosts: 64.86.17.32 google.tl

O1 - Hosts: 64.86.17.32 google.tm

O1 - Hosts: 64.86.17.32 google.tt

O1 - Hosts: 64.86.17.32 google.us

O1 - Hosts: 64.86.17.32 google.vu

O1 - Hosts: 64.86.17.32 google.ws

O1 - Hosts: 64.86.17.32 google.co.ck

O1 - Hosts: 64.86.17.32 google.co.id

O1 - Hosts: 64.86.17.32 google.co.il

O1 - Hosts: 64.86.17.32 google.co.in

O1 - Hosts: 64.86.17.32 google.co.jp

O1 - Hosts: 64.86.17.32 google.co.kr

O1 - Hosts: 64.86.17.32 google.co.ls

O1 - Hosts: 64.86.17.32 google.co.ma

O1 - Hosts: 64.86.17.32 google.co.nz

O1 - Hosts: 64.86.17.32 google.co.tz

O1 - Hosts: 64.86.17.32 google.co.ug

O1 - Hosts: 64.86.17.32 google.co.uk

O1 - Hosts: 64.86.17.32 google.co.za

O1 - Hosts: 64.86.17.32 google.co.zm

O1 - Hosts: 64.86.17.32 google.com

O1 - Hosts: 64.86.17.32 google.com.af

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"

O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [MyPoi Monitor] "C:\Program Files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent

O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Programma's\logmein\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "D:\Programma's\Itunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programma's\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [uTorrent] "D:\Programma's\utorrent\uTorrent.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [steam] "D:\programma's\steam\steam.exe" -silent

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Olivier\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: FIFA 09 Registration.lnk = E:\Games\Fifa'09\Support\EAregister.exe

O4 - Startup: Logitech-productregistratie.lnk = C:\Program Files\Common Files\LogiShared\eReg\SetPoint\eReg.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Olivier\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - D:\Programma's\logmein\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Programma's\logmein\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Programma's\logmein\x86\LogMeIn.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe

O23 - Service: Ad-Aware (SBAMSvc) - Unknown owner - D:\Programma's\Ad-Aware Antivirus\Engine\SBAMSvc.exe (file missing)

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: TunngleService - Tunngle.net GmbH - D:\Programma's\Tunngle\TnglCtrl.exe

O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 16502 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

De HOSTS-file wordt inderdaad niet gewijzigd zoals gewenst. Even een ander programma proberen :

Download HostsXpert

Unzip het programma naar je Bureaublad.

Open de map en dubbelklik op Hoster.exe

Klik op "Restore Microsofts Original Hosts File"

Klik op "OK" en sluit het programma.

En daarna weer een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.