Ga naar inhoud
  • 0

Hijack log dochter start traag BigBadsearch?


Anoniem2

Vraag

Bericht aangepast. Ik dacht dat ik er van af was.\r\nBij foute ingave browser verschijnt geen Google maar BigSadSearch \r\n\r\nNa het aaanhoudelijk klagen van mijn dochter dat haar computer zo traag opstart en afsluit\r\nben ik aan het scannen geslagen.\r\n\r\nIk ben adware tegen gekomen en heb die als het goed is verwijderd.\r\n\r\nHier het log en graag jullie advies vwb nog beter kan:\r\n\r\n\r\nLogfile of Trend Micro HijackThis v2.0.2\r\nScan saved at 22:08:55, on 8-12-2009\r\nPlatform: Windows XP SP3 (WinNT 5.01.2600)\r\nMSIE: Internet Explorer v8.00 (8.00.6001.18702)\r\nBoot mode: Normal\r\n\r\nRunning processes:\r\nC:\\WINDOWS\\System32\\smss.exe\r\nC:\\WINDOWS\\system32\\winlogon.exe\r\nC:\\WINDOWS\\system32\\services.exe\r\nC:\\WINDOWS\\system32\\lsass.exe\r\nC:\\WINDOWS\\system32\\svchost.exe\r\nC:\\Program Files\\Windows Defender\\MsMpEng.exe\r\nC:\\WINDOWS\\System32\\svchost.exe\r\nC:\\WINDOWS\\system32\\spoolsv.exe\r\nC:\\WINDOWS\\Explorer.EXE\r\nC:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe\r\nC:\\WINDOWS\\system32\\cisvc.exe\r\nC:\\Program Files\\Java\\jre6\\bin\\jqs.exe\r\nC:\\Program Files\\Common Files\\Microsoft Shared\\VS7Debug\\mdm.exe\r\nC:\\WINDOWS\\system32\\nvsvc32.exe\r\nC:\\WINDOWS\\system32\\HPZipm12.exe\r\nC:\\PROGRA~1\\AVG\\AVG8\\avgrsx.exe\r\nC:\\WINDOWS\\system32\\svchost.exe\r\nC:\\PROGRA~1\\AVG\\AVG8\\avgnsx.exe\r\nC:\\WINDOWS\\system32\\SearchIndexer.exe\r\nC:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe\r\nC:\\Program Files\\Windows Defender\\MSASCui.exe\r\nC:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\r\nC:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\r\nC:\\WINDOWS\\vsnpstd3.exe\r\nC:\\WINDOWS\\LTSMMSG.exe\r\nC:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe\r\nC:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\r\nC:\\WINDOWS\\system32\\ctfmon.exe\r\nC:\\Program Files\\Windows Desktop Search\\WindowsSearch.exe\r\nC:\\WINDOWS\\system32\\wuauclt.exe\r\nC:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe\r\n\r\nR1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = [url]http://www.hyves.nl[/url]\r\nR0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = [url]http://www.google.nl/[/url]\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]\r\nR0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]\r\nR0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Koppelingen\r\nO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll\r\nO2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll\r\nO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll\r\nO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll\r\nO4 - HKLM\\..\\Run: [AVG8_TRAY] C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe\r\nO4 - HKLM\\..\\Run: [Windows Defender] \"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide\r\nO4 - HKLM\\..\\Run: [SynTPLpr] C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\r\nO4 - HKLM\\..\\Run: [SynTPEnh] C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\r\nO4 - HKLM\\..\\Run: [snpstd3] C:\\WINDOWS\\vsnpstd3.exe\r\nO4 - HKLM\\..\\Run: [LTSMMSG] LTSMMSG.exe\r\nO4 - HKLM\\..\\Run: [HPDJ Taskbar Utility] C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe\r\nO4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"\r\nO4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe\r\nO4 - HKCU\\..\\Run: [MessengerPlus3] \"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart\r\nO4 - HKUS\\S-1-5-19\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Lokale service\')\r\nO4 - HKUS\\S-1-5-20\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Netwerkservice\')\r\nO4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')\r\nO4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')\r\nO4 - Global Startup: Windows Search.lnk = C:\\Program Files\\Windows Desktop Search\\WindowsSearch.exe\r\nO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\\WINDOWS\\system32\\GPhotos.scr/200\r\nO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - [url]http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab[/url]\r\nO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab[/url]\r\nO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - [url]http://www.eset.eu/buxus/docs/OnlineScanner.cab[/url]\r\nO16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - [url]http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab[/url]\r\nO16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - [url]http://download.eset.com/special/eos-beta/OnlineScanner.cab[/url]\r\nO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[/url]\r\nO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab[/url]\r\nO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [url]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url]\r\nO16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - [url]http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab[/url]\r\nO16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - [url]http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab[/url]\r\nO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab[/url]\r\nO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG8\\avgpp.dll\r\nO20 - Winlogon Notify: avgrsstarter - C:\\WINDOWS\\SYSTEM32\\avgrsstx.dll\r\nO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe\r\nO23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe\r\nO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe\r\nO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\\nvsvc32.exe\r\nO23 - Service: Pml Driver HPZ12 - HP - C:\\WINDOWS\\system32\\HPZipm12.exe\r\n\r\n--\r\nEnd of file - 6334 bytes
Link naar reactie

6 antwoorden op deze vraag

Aanbevolen berichten

  • 0
Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b]Combofix[/b][/url] naar je Bureaublad. \r\n\r\nLees [b][url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden]hier[/url][/b] meer over correct gebruik van Combofix.\r\n\r\nOPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b]download Combofix opnieuw[/b]. \r\nSommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list] \r\nDubbelklik op [b]Combofix.exe[/b] om het te starten. \r\nIndien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate. \r\nVolg de instructies, aanvaard de disclaimer door op [b]Ja[/b] te klikken. \r\nIndien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b]JA[/b] te klikken in het \"Query - Recovery Console\" venster (enkel voor XP, niet voor VISTA). \r\nKlik op [b]OK[/b] en [b]Ja[/b] om automatisch de Recovery Console te laten installeren. \r\nKlik na afloop terug op [b]Ja[/b] om het scannen op malware te starten. \r\nTijdens het runnen van de fix, [b]NIET[/b] in het venster klikken, want dit zal je pc doen vasthangen.[/list] \r\nWanneer de fix voltooid is en na herstart, zal de log [b]Combofix.txt[/b] openen. \r\n\r\nPost dit logje in je volgende antwoord.
Link naar reactie
  • 0
Ik wil wel downloaden etc.maar kan helaas niet. Ik kreeg dit bericht:\r\n\r\nComboFix is not available for download until an issue with the program has been resolved. Please be patient while the developer fixes the program and makes it available once again. As more information becomes available, we will update this page. \r\n\r\nDO NOT attempt to download ComboFix from sites other than BleepingComputer.com and Forospyware.com! \r\n\r\nOther sites hosting ComboFix are not authorized mirrors and are hosting outdated copies of ComboFix that contain a bug that may render some machines unbootable. Using unauthorized mirrors of ComboFix puts your computer at risk of not booting again. Please wait for the official version to be fixed and released again. \r\n\r\nWe will also announce when ComboFix is available on our Twitter and Facebook pages. \r\n\r\nIk heb geen idee hoe lang dit er al staat en of dit lang gaat duren?
Link naar reactie
  • 0
Kape,\r\n\r\nIk heb eindelijk een combofix log en zal zo meteen nog een nieuw HiJack log invoegen:\r\n\r\nComboFix 10-02-08.02 - MG 09-02-2010 0:10:08.7.1 - x86\r\nMicrosoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.509.196 [GMT 1:00]\r\nGestart vanuit: C:\\Documents and Settings\\MG\\Bureaublad\\ComboFix.exe\r\nAV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}\r\n.\r\n\r\n(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))\r\n.\r\n\r\nC:\\RECYCLER\\S-1-5-21-682003330-1580436667-1343024091-1004\r\nC:\\WINDOWS\\system32\\Thumbs.db\r\n\r\n.\r\n(((((((((((((((((((( Bestanden Gemaakt van 2010-01-08 to 2010-02-08 ))))))))))))))))))))))))))))))\r\n.\r\n\r\n2010-02-01 17:21:50 . 2010-02-01 17:21:50 -------- d-----w- C:\\Documents and Settings\\MG \\LimeWire Store Purchased\r\n2010-02-01 17:21:31 . 2010-02-08 20:56:33 -------- d-----w- C:\\Documents and Settings\\MG \\Incomplete\r\n2010-01-28 21:00:21 . 2009-11-21 16:03:19 471552 -c----w- C:\\WINDOWS\\system32\\dllcache\\aclayers.dll\r\n2010-01-17 12:11:06 . 2010-02-08 22:03:31 -------- d--h--r- C:\\Documents and Settings\\MG\\Onlangs geopend\r\n2010-01-13 18:57:26 . 2010-01-13 18:57:26 -------- d-----w- C:\\UC232A\r\n\r\n.\r\n((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))\r\n.\r\n2010-02-08 20:56:33 . 2008-01-31 15:06:06 -------- d-----w- C:\\Documents and Settings\\MG\\Application Data\\LimeWirePlus\r\n2010-02-03 15:15:36 . 2004-08-04 12:00:00 534812 ----a-w- C:\\WINDOWS\\system32\\perfh013.dat\r\n2010-02-03 15:15:35 . 2004-08-04 12:00:00 100840 ----a-w- C:\\WINDOWS\\system32\\perfc013.dat\r\n2010-01-28 21:21:28 . 2009-07-22 14:54:12 -------- d-----w- C:\\Program Files\\Microsoft Silverlight\r\n2010-01-28 18:51:02 . 2008-07-31 11:24:11 -------- d-----w- C:\\Program Files\\Malwarebytes\' Anti-Malware\r\n2010-01-28 18:50:31 . 2008-11-12 18:09:40 5115824 ----a-w- C:\\Documents and Settings\\All Users\\Application Data\\Malwarebytes\\Malwarebytes\' Anti-Malware\\mbam-setup.exe\r\n2010-01-18 16:55:39 . 2008-02-17 15:47:47 -------- d-----w- C:\\Documents and Settings\\All Users\\Application Data\\Messenger Plus!\r\n2010-01-17 18:56:57 . 2007-07-20 05:13:59 -------- d-----w- C:\\Program Files\\Messenger Plus! Live\r\n2010-01-14 10:12:06 . 2009-10-03 10:49:28 181120 ------w- C:\\WINDOWS\\system32\\MpSigStub.exe\r\n2010-01-07 15:07:14 . 2008-07-31 11:24:13 38224 ----a-w- C:\\WINDOWS\\system32\\drivers\\mbamswissarmy.sys\r\n2010-01-07 15:07:04 . 2008-07-31 11:24:13 19160 ----a-w- C:\\WINDOWS\\system32\\drivers\\mbam.sys\r\n2009-12-28 16:59:55 . 2005-03-17 16:44:04 -------- d-----w- C:\\Program Files\\Common Files\\Adobe\r\n2009-12-21 19:10:30 . 2004-08-04 12:00:00 916480 ----a-w- C:\\WINDOWS\\system32\\wininet.dll\r\n2009-11-21 16:03:19 . 2004-08-04 12:00:00 471552 ----a-w- C:\\WINDOWS\\AppPatch\\aclayers.dll\r\n.\r\n\r\n((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))\r\n.\r\n.\r\n*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond \r\nREGEDIT4\r\n\r\n[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]\r\n\"HPDJ Taskbar Utility\"=\"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe\" [2003-04-26 00:37:20 188416]\r\n\"AVG8_TRAY\"=\"C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe\" [2009-12-13 09:12:18 2043160]\r\n\"SynTPLpr\"=\"C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\" [2003-01-07 16:54:36 126976]\r\n\"SynTPEnh\"=\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\" [2003-01-07 16:54:32 569344]\r\n\"snpstd3\"=\"C:\\WINDOWS\\vsnpstd3.exe\" [2004-12-16 18:55:28 339968]\r\n\"LTSMMSG\"=\"LTSMMSG.exe\" [2002-03-29 15:07:56 32768]\r\n\"Windows Defender\"=\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" [2006-11-03 18:20:12 866584]\r\n\"Adobe Reader Speed Launcher\"=\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\" [2009-10-03 03:08:38 35696]\r\n\"Adobe ARM\"=\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\" [2009-09-04 11:08:30 935288]\r\n\r\n[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]\r\n\"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\CTFMON.EXE\" [2008-04-14 17:02:53 15360]\r\n\"DWQueuedReporting\"=\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" [2007-08-24 01:18:18 437160]\r\n\r\nC:\\Documents and Settings\\All Users\\Menu Start\\Programma\'s\\Opstarten\\\r\nMicrosoft Office.lnk - C:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE [2001-2-13 83360]\r\nWindows Search.lnk - C:\\Program Files\\Windows Desktop Search\\WindowsSearch.exe [2008-5-26 123904]\r\n\r\n[hkey_local_machine\\software\\microsoft\\windows\\currentversion\\explorer\\ShellExecuteHooks]\r\n\"{56F9679E-7826-4C84-81F3-532071A8BCC5}\"= \"C:\\Program Files\\Windows Desktop Search\\MSNLNamespaceMgr.dll\" [2009-05-24 20:41:34 304128]\r\n\r\n[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\winlogon\\notify\\avgrsstarter]\r\n2009-08-28 14:11:26 11952 ----a-w- C:\\WINDOWS\\system32\\avgrsstx.dll\r\n\r\n[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\WinDefend]\r\n@=\"Service\"\r\nHKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Microsoft Works Update Detection\r\nHKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NeroCheck\r\nHKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NvCplDaemon\r\nHKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\nwiz\r\nHKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\QuickTime Task\r\nHKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SoundMan\r\nHKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SunJavaUpdateSched\r\n\r\n[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]\r\n\"C:\\\\Program Files\\\\LimeWire Plus\\\\LimeWire.exe\"=\r\n\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=\r\n\"%windir%\\\\system32\\\\sessmgr.exe\"=\r\n\"C:\\\\Program Files\\\\AVG\\\\AVG8\\\\avgupd.exe\"=\r\n\"C:\\\\Program Files\\\\AVG\\\\AVG8\\\\avgnsx.exe\"=\r\n\"C:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\wlcsdk.exe\"=\r\n\"C:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\msnmsgr.exe\"=\r\n\r\nR3 fsssvc;De service Windows Live Family Safety;C:\\Program Files\\Windows Live\\Family Safety\\fsssvc.exe [2009-08-05 21:48:42 704864]\r\nS1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\\WINDOWS\\System32\\Drivers\\avgldx86.sys [2009-08-28 14:11:23 335240]\r\nS1 AvgTdiX;AVG Free8 Network Redirector;C:\\WINDOWS\\System32\\Drivers\\avgtdix.sys [2009-05-11 10:36:17 108552]\r\nS2 avg8wd;AVG Free8 WatchDog;C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe [2009-08-28 14:08:20 297752]\r\nS2 fssfltr;fssfltr;C:\\WINDOWS\\system32\\DRIVERS\\fssfltr_tdi.sys [2009-08-05 21:48:42 54752]\r\nS2 WinDefend;Windows Defender;C:\\Program Files\\Windows Defender\\MsMpEng.exe [2006-11-03 18:19:58 13592]\r\nS3 LucentSoftModem;Lucent Technologies Soft Modem;C:\\WINDOWS\\system32\\DRIVERS\\LTSM.sys [2002-03-29 15:34:48 807917]\r\n\r\n.\r\nInhoud van de \'Gedeelde Taken\' map\r\n\r\n2010-02-08 C:\\WINDOWS\\Tasks\\MP Scheduled Scan.job\r\n- C:\\Program Files\\Windows Defender\\MpCmdRun.exe [2006-11-03 18:20:06 . 2006-11-03 18:20:06]\r\n\r\n2009-12-08 C:\\WINDOWS\\Tasks\\User_Feed_Synchronization-{48F5A090-7221-4D0E-A7D2-41156B62EE11}.job\r\n- C:\\WINDOWS\\system32\\msfeedssync.exe [2006-10-17 09:58:32 . 2009-03-08 02:31:54]\r\n.\r\n.\r\n------- Bijkomende Scan -------\r\n.\r\nuStart Page = hxxp://www.google.nl/\r\nuInternet Connection Wizard,ShellNext = iexplore\r\nuSearchAssistant = hxxp://www.google.com/ie\r\nuSearchURL,(Default) = hxxp://www.google.com/search?q=%s\r\nIE: Add to Google Photos Screensa&ver - C:\\WINDOWS\\system32\\GPhotos.scr/200\r\n.\r\n- - - - ORPHANS VERWIJDERD - - - -\r\n\r\nToolbar-Locked - (no file)\r\nHKCU-Run-MessengerPlus3 - C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\r\nAddRemove-Scan & X-Stitch - F:\\disk1\\Setup.exe
Link naar reactie
  • 0
Hier het beloofde nieuwe Hijack log. Malwarebytes heb ik vanmiddag uitgebreid gescand,\r\nheeft niets gevonden. BigDid is nog steeds aanwezig:\r\n\r\nLogfile of Trend Micro HijackThis v2.0.2\r\nScan saved at 0:56:43, on 9-2-2010\r\nPlatform: Windows XP SP3 (WinNT 5.01.2600)\r\nMSIE: Internet Explorer v8.00 (8.00.6001.18702)\r\nBoot mode: Normal\r\n\r\nRunning processes:\r\nC:\\WINDOWS\\System32\\smss.exe\r\nC:\\WINDOWS\\system32\\winlogon.exe\r\nC:\\WINDOWS\\system32\\services.exe\r\nC:\\WINDOWS\\system32\\lsass.exe\r\nC:\\WINDOWS\\system32\\svchost.exe\r\nC:\\Program Files\\Windows Defender\\MsMpEng.exe\r\nC:\\WINDOWS\\system32\\svchost.exe\r\nC:\\WINDOWS\\system32\\spoolsv.exe\r\nC:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe\r\nC:\\Program Files\\Java\\jre6\\bin\\jqs.exe\r\nC:\\Program Files\\Common Files\\Microsoft Shared\\VS7Debug\\mdm.exe\r\nC:\\PROGRA~1\\AVG\\AVG8\\avgrsx.exe\r\nC:\\PROGRA~1\\AVG\\AVG8\\avgnsx.exe\r\nC:\\WINDOWS\\Explorer.EXE\r\nC:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe\r\nC:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe\r\nC:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\r\nC:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\r\nC:\\WINDOWS\\vsnpstd3.exe\r\nC:\\WINDOWS\\LTSMMSG.exe\r\nC:\\Program Files\\Windows Defender\\MSASCui.exe\r\nC:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\r\nC:\\WINDOWS\\system32\\ctfmon.exe\r\nC:\\Program Files\\Windows Desktop Search\\WindowsSearch.exe\r\nC:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe\r\n\r\nR0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = [url]http://www.google.nl/[/url]\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]\r\nR0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]\r\nR0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Koppelingen\r\nO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll\r\nO2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll\r\nO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll\r\nO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll\r\nO4 - HKLM\\..\\Run: [HPDJ Taskbar Utility] C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe\r\nO4 - HKLM\\..\\Run: [AVG8_TRAY] C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe\r\nO4 - HKLM\\..\\Run: [SynTPLpr] C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\r\nO4 - HKLM\\..\\Run: [SynTPEnh] C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\r\nO4 - HKLM\\..\\Run: [snpstd3] C:\\WINDOWS\\vsnpstd3.exe\r\nO4 - HKLM\\..\\Run: [LTSMMSG] LTSMMSG.exe\r\nO4 - HKLM\\..\\Run: [Windows Defender] \"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide\r\nO4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"\r\nO4 - HKLM\\..\\Run: [Adobe ARM] \"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"\r\nO4 - HKCU\\..\\Run: [MessengerPlus3] \"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart\r\nO4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe\r\nO4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')\r\nO4 - HKUS\\S-1-5-18\\..\\Run: [DWQueuedReporting] \"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t (User \'SYSTEM\')\r\nO4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')\r\nO4 - Global Startup: Windows Search.lnk = C:\\Program Files\\Windows Desktop Search\\WindowsSearch.exe\r\nO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\\WINDOWS\\system32\\GPhotos.scr/200\r\nO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - [url]http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab[/url]\r\nO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab[/url]\r\nO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - [url]http://www.eset.eu/buxus/docs/OnlineScanner.cab[/url]\r\nO16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - [url]http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab[/url]\r\nO16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - [url]http://download.eset.com/special/eos-beta/OnlineScanner.cab[/url]\r\nO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[/url]\r\nO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab[/url]\r\nO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [url]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url]\r\nO16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - [url]http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab[/url]\r\nO16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - [url]http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab[/url]\r\nO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab[/url]\r\nO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG8\\avgpp.dll\r\nO20 - Winlogon Notify: avgrsstarter - C:\\WINDOWS\\SYSTEM32\\avgrsstx.dll\r\nO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe\r\nO23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe\r\nO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe\r\n\r\n--\r\nEnd of file - 5869 bytes
Link naar reactie

Om een reactie te plaatsen, moet je eerst inloggen

Gast
Antwoord op deze vraag...

×   Geplakt als verrijkte tekst.   Herstel opmaak

  Er zijn maximaal 75 emoji toegestaan.

×   Je link werd automatisch ingevoegd.   Tonen als normale link

×   Je vorige inhoud werd hersteld.   Leeg de tekstverwerker

×   Je kunt afbeeldingen niet direct plakken. Upload of voeg afbeeldingen vanaf een URL in

×
×
  • Nieuwe aanmaken...