HijackThis

• 

  isabel

  17-08-2010 19:53

  goede avond allemaal

  ik heb problemen met mijn pc,heb alle stappen van boven gedaan

  tot ik bij hijacthis kwam,heb hem binnengehaald en gedaan wat ik moest doen en laten scannen

  logje komt ik wilde copieren maar klikte hem weg ( blontt he!! )

  ik wil een nieuwe maken maar dat lukt niet,steeds als ik hem wil openen krijg ik de melding:

  HijackThis is al ready running

  hoe kan ik nou een nieuwe logje maken??

  alvast bedankt, isabel

  Rapporteren
• 

  Argus

  17-08-2010 22:43

  Open taakbeheer en sluit hijackthis.exe.

  Probeer vervolgens Hijackthis nogmaals op te starten.

  Indien dit niet lukt, herstart dan de computer en probeer hijackthis te laten runnen.

  Rapporteren
• 

  lsabel

  18-08-2010 09:04

  Het is me gelukt OM EEN vanuit België te Logje ,

  Plaats sterven IK hierbij in De Hoop iemand DAT VOOR Het Kan me na Kijken

  Mijn pc is Heel Erg Traag internet en sluit af rossen

  Scan saved at 08:53:30 op 18-8-2010

  Platform : Windows Vista SP2 ( WinNT 6.00.1906 )

  MSIE : Internet Explorer v8.00 ( 8.00.6001.18943 )

  Boot mode: Normal

  Lopende processen :

  C: \ Windows \ system32 \ taskeng.exe

  C: \ Windows \ system32 \ dwm.exe

  C : \ Windows \ explorer.exe

  C: \ Windows \ RtHDVCpl.exe

  C : \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe

  : C: \ Program Files \ HP \ HP Software Update \ hpwuSchd2.exe

  C: \ Program Files \ AVG \ AVG9 \ avgtray.exe

  C : \ Program Files \ Common Files \ Java \ Java Update \ jusched.exe

  C: \ Program Files \ Windows Sidebar \ sidebar.exe

  C : \ Program Files \ Common Files \ LightScribe \ LightScribeControlPanel.exe

  C: \ Program Files \ Samsung \ Nieuwe Samsung PC Studio \ NPSAgent.exe

  C : \ Program Files \ Windows Media Player \ wmpnscfg.exe

  C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe

  C: \ Windows \ VPro520.exe

  C : \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ArcCon.ac

  C: \ Windows \ System32 \ mobsync.exe

  C : \ Program Files \ Internet Explorer \ iexplore.exe

  C : \ Program Files \ HP \ Digital Imaging \ bin \ hpqSTE08.exe

  C : \ Program Files \ Internet Explorer \ iexplore.exe

  C : \ Program Files \ Google \ Google Toolbar \ GoogleToolbarUser_32.exe

  C: \ Program Files \ Trend Micro \ HiJackThis \ HijackThis.exe

  C : \ Program Files \ HP \ Digital Imaging \ bin \ hpqbam08.exe

  C : \ Program Files \ HP \ Digital Imaging \ Smart Web Printing \ hpswp_clipbook.exe

  C: \ Windows \ system32 \ Macromed \ Flash \ FlashUtil10i_ActiveX.exe

  C: \ Windows \ system32 \ WerCon.exe

  R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.startpagina.nl/

  R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

  R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

  R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Startpagina = http://go.microsoft.com/fwlink/?LinkId=69157

  R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search , SearchAssistant =

  R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search , CustomizeSearch =

  R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =

  R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar , LinksFolderName =

  O1 - Hosts ::: 1 localhost

  O2 - BHO : HP Print Enhancer - { 0347C33E - 8762 tot 4,905 - BF09 - 768834316C61 } - C: \ Program Files \ HP \ Digital Imaging \ Smart Web Printing \ hpswp_printenhancer.dll

  O2 - BHO : Adobe PDF Reader Help BIJ Koppelingen - { 06849E9F - C8D7 - 4D59 - B87D - 784B7D6BE0B3 } - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll

  O2 - BHO : WormRadar.com IESiteBlocker.NavFilter - { 3CA2F312 - 4B53 - 6F6E - A66E - 4E65E497C8C0 } - C: \ Program Files \ AVG \ AVG9 \ avgssie.dll

  O2 - BHO : (no name) - { 5C255C8A - E604 - 49b4 - 9D64 - 90988571CECB } - (geen file)

  O2 - BHO : Zoeken Helper - { 6EBF7485 - 159F - A14F - 4bff - B9E3AAC4465B } - C: \ Program Files \ Microsoft \ Search Enhancement Pack \ Search Helper \ SEPsearchhelperie.dll

  O2 - BHO : van Windows Live Aanmelden - Help - { 9030D464 - 4C02 - 4ABF - 8ECC - 5164760863C6 } - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll

  O2 - BHO : Google Toolbar Helper - { AA58ED58 - 01DD - 4d91 - +8333 - CF10577473F7 } - C: \ Program Files \ Google \ Google Toolbar \ GoogleToolbar_32.dll

  O2 - BHO : Google Toolbar Notifier BHO - { AF69DE43 - 7D58 - +4638 - B6FA - CE66B5AD205D } - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 5.5.5126.1836 \ swg.dll

  O2 - BHO : Java (TM ) Plug- In 2 Helper SSV - { DBC80044 - A445 - 435b - BC74 - 9C25C1C588A9 } - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll

  O2 - BHO : Windows Live Toolbar Helper - { E15A8DC0 - 8516 - 42A1 - 81EA - DC94EC1ACF10 } - C: \ Program Files \ Windows Live \ Toolbar \ wltcore.dll

  O2 - BHO : HP Smart klasse BHO - { FFFFFFFF - CF4E - 4F2B - BDC2 - 0E72E116A856 } - C: \ Program Files \ HP \ digital imaging \ Smart Web Printing \ hpswp_BHO.dll

  O3 - Toolbar : & Windows Live Toolbar - { 21FA44EF - 376D - 4D53 - 9B0F - 8A89D3229068 } - C: \ Program Files \ Windows Live \ Toolbar \ wltcore.dll

  O3 - Toolbar : (no name) - { CCC7A320 - B3CA -4199 - B1A6 - 9F516DD69829 } - (geen file)

  O3 - Toolbar : Google Toolbar - { 2318C2B1 - 4.965 -11D4- 9B18 - 009027A5CD4F } - C: \ Program Files \ Google \ Google Toolbar \ GoogleToolbar_32.dll

  O4 - HKLM \ .. \ Run: % ProgramFiles % \ Windows Defender \ MSASCui.exe verbergen

  O4 - HKLM \ .. \ Run: RtHDVCpl.exe

  O4 - HKLM \ .. \ Run: Skytel.exe

  O4 - HKLM \ .. \ run: C \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe

  O4 - HKLM \ .. \ Run: C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe

  O4 - HKLM \ .. \ Run: C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqSRMon.exe

  O4 - HKLM \ .. \ Run: C: \ Program Files \ Ascentive \ Performance Center \ APCMain.exe -m

  O4 - HKLM \ .. \ Run: “C : \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe ”

  O4 - HKLM \ .. \ Run : “C : \ Program Files \ Common Files \ Adobe \ ARM \ 1.0 \ AdobeARM.exe ”

  O4 - HKLM \ .. \ Run: C: \ PROGRA ~ 1 \ AVG \ AVG9 \ avgtray.exe

  O4 - HKLM \ .. \ Run: “C : \ Program Files \ Common Files \ Java \ Java Update \ jusched.exe ”

  O4 - HKLM \ .. \ Run: “ C: \ Program Files \ Malwarebytes 'Anti -Malware \ mbam.exe ”/ runcleanupscript

  O4 - HKCU \ .. \ Run: C: \ Program Files \ Windows Sidebar \ sidebar.exe / autorun

  O4 - HKCU \ .. \ Run: C: \ Program Files \ Common Files \ LightScribe \ LightScribeControlPanel.exe verborgen

  O4 - HKCU \ .. \ Run: C: \ PROGRA ~ 1 \ HYVESD ~ 1 \ bin \ HYVESD ~ 1.EXE

  O4 - HKCU \ .. \ Run: C: \ Program Files \ Samsung \ Nieuwe Samsung PC Studio \ NPSAgent.exe

  O4 - HKCU \ .. \ Run: “C : \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNotifier.exe ”

  O4 - HKCU \ .. \ Run: C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe

  O4 - Global Startup : HP Digital Imaging Monitor.lnk = C : \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe

  O4 - Global Startup : VPro520.lnk = ?

  O8 - Extra context menu item: E & xporteren to Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 3 \ Office12 \ EXCEL.EXE/3000

  O8 - Extra context menu item : Google Sidewiki … - res: / / C : \ Program Files \ Google \ Google Toolbar \ Component \ GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

  O9 - Extra button : In weblog opnemen - { 219C3416 - 8CB2 - 491a - A3C7 - D9FCDDC9D600 } - C: \ Program Files \ Windows Live \ Schrijver \ WriterBrowserExtension.dll

  O9 - Extra ‘Tools’ menuitem : In & weblog opnemen voldaan Windows Live Writer - { 219C3416 - 8CB2 - 491a - A3C7 - D9FCDDC9D600 } - C: \ Program Files \ Windows Live \ Schrijver \ WriterBrowserExtension.dll

  O9 - Extra button : (geen naam ) - { 85d1f590 - 48f4 - 11d9 - 9669 - 0800200c9a66 } - C: \ Windows \ bdoscandel.exe

  O9 - Extra ‘Tools’ menuitem : Uninstall BitDefender Online Scanner - { 85d1f590 - 48f4 - 11d9 - 9669 - 0800200c9a66 } - C: \ Windows \ bdoscandel.exe

  O9 - Extra button : PartyPoker.com - { B7FE5D70 - 9AA2 - 40F1 - 9C6B - 12A255F085E1 } - C: \ Program Files \ PartyGaming \ PartyPoker \ RunApp.exe ( file missing)

  O9 - Extra ‘Tools’ menuitem : PartyPoker.com - { B7FE5D70 - 9AA2 - 40F1 - 9C6B - 12A255F085E1 } - C: \ Program Files \ PartyGaming \ PartyPoker \ RunApp.exe ( file missing)

  O9 - Extra button : Toon Verberg van de HP Smart Web Printing - { DDE87865 - 83C5 - 48c4 - 8.357 - 2F5B1AA84522 } - C: \ Program Files \ HP \ Digital Imaging \ Smart Web Printing \ hpswp_BHO.dll

  O16 - DPF : ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

  O16 - DPF : { 02BF25D5 - 8C17 - 4B23 - BC80 - D3488ABDDC6B } (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

  O16 - DPF : { 1E54D648 - B804 - 468d - BC78 - 4AFFED8E262F } (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

  O16 - DPF : { 20A60F0D - 9AFA -4515 - A0FD - 83BD84642501 } ( Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

  O16 - DPF : { 2BC66F54 - 93A8 -11D3- BEB6 - 00105AA9B6AE } (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

  O16 - DPF : { 2D8ED06D - 3C30 - 438B - 96AE - 4D110FDC1FB8 } ( ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

  O16 - DPF : { 2FC9A21E - 2069 - 4E47 - 8.235 - 36318989DB13 } ( PPSDKActiveXScanner.MainScreen ) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

  O16 - DPF : { 34DC6011 - 88B5 - 4EA9 - BA7A - DC7B4F4437FE } ( JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

  O16 - DPF : { 4F1E5B1A - 2A80 - 42CA - 8532 - 2D05CB959537 } (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldnl-nl.cab

  O16 - DPF : { 5C051655 FCD5 - - 4969-+9182 - 770EA5AA5565 } ( Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

  O16 - DPF : { 5D6F45B3 - 9043 - 443D - A792 - 115447494D24 } ( UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab

  O16 - DPF : { 5D86DDB5 - BDF9 - 441B - 9E9E - D4730F4EE499 } ( BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

  O16 - DPF : { 644E432F - 49D3 - 41A1 - 8DD5 - E099162EEEC5 } (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

  O16 - DPF : { 6F15128C - E66A - 490C -B848- 5000B5ABEEAC } (HP Download Manager ) - https: / / h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

  O16 - DPF : { 9122D757 - 5A4F - 4768 - 82C5 - B4171D8556A7 } ( PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

  O16 - DPF : { BB21F850 - 63F4 - 4EC9 - BF9D - 565BD30C9AE9 } ( a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

  O16 - DPF : { BFF1950D - B1B4 - 4AE8 - B842 - B2CCF06D9A1B } ( Zylom Games Player ) - http://game04.zylom.com/activex/zylomgamesplayer.cab

  O16 - DPF : { C3F79A2B - B9B4 - 4A66 - B012 - 3EE46475B072 } ( MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

  O16 - DPF : { CAC677B6 -4963-4305-9066- 0BD135CD9233 } ( IPSUploader4 controle) - https: / / asp.photoprintit.de/microsite/2663/defaults/activex/ips/IPSUploader4.cab

  O16 - DPF : { D27CDB6E - AE6D -11CF- 96B8 -444553540000 } (Shockwave Flash Object ) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

  O16 - DPF : { E6BB2089 - 163F - 466B - 812A - 748096614DFD } ( CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab

  O16 - DPF : { E77F23EB - E7AB - 4502 - 8F37 - 247DBAF1A147 } ( Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab

  O16 - DPF : { F5A7706B - B9C0 - 4C89 - A715 - 7A0C6B05DD48 } ( Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

  O18 - Protocol : LinkScanner - { F274614C - 63F8 - 47D5 - A4D1 - FBDDE494F8D1 } - C: \ Program Files \ AVG \ AVG9 \ avgpp.dll

  O20 - AppInit_DLLs : avgrsstx.dll

  O22 - SharedTaskScheduler : Component Categorieën cache daemon - { 8C7461EF - 2B13 -11d2- BE35 - 3078302C2030 } - C: \ Windows \ system32 \ browseui.dll

  O23 - Dienst : ArcSoft Sluit Daemon ( ACDaemon ) - ArcSoft Inc - C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACService.exe

  O23 - Service: AVG Free E -mail Scanner ( avg9emc ) - AVG Technologies CZ, sro - C: \ Program Files \ AVG \ AVG9 \ avgemc.exe

  O23 - Service: AVG Free watchdog ( avg9wd ) - AVG Technologies CZ, sro - C: \ Program Files \ AVG \ AVG9 \ avgwdsvc.exe

  O23 - Service: FsUsbExService - Teruten - C: \ Windows \ system32 \ FsUsbExService.Exe

  O23 - Service: Google UpdateService ( gupdate ) ( gupdate ) - Google Inc - C: \ Program Files \ Google \ Update \ GoogleUpdate.exe

  O23 - Service: Google Software Updater ( gusvc ) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe

  O23 - Service: InstallDriver Table Manager ( IDriverT ) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1050 \ Intel 32 \ IDriverT.exe

  O23 - Service: LightScribeService Direct Disc Labeling Service ( LightScribeService ) - Hewlett -Packard Company - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe

  O23 - Service: NVIDIA Display Driver Service ( nvsvc ) - NVIDIA Corporation - C: \ Windows \ system32 \ nvvsvc.exe

  O23 - Service: ServiceLayer - Nokia. - C: \ Program Files \ PC Connectivity Solution \ ServiceLayer.exe

  -

  End of file - 12244 bytes

   

  nl Het log van MBAM

  www.malwarebytes.org

  Databaseversie : 4440

  Windows 6.0.6002 Service Pack 2

  Internet Explorer 8.0.6001.18943

  17-8-2010 18:45:24

  mbam -log -2010-08-17 (18-45-24) . txt

  Scantype : Snelle scan

  Objecten gescand : 128482

  VERSTREKEN Tijd : 13 Minuut / minuten van 31 seconde (n )

  Geheugenprocessen geïnfecteerd : 0

  Geheugenmodulen geïnfecteerd : 0

  Registersleutels geïnfecteerd : 3

  Registerwaarden geïnfecteerd : 0

  Registerdata geïnfecteerd : 0

  Mappen geïnfecteerd : 0

  Bestanden geïnfecteerd : 1

  Geheugenprocessen geïnfecteerd :

  ( Geen kwaadaardige objecten gedetecteerd )

  Geheugenmodulen geïnfecteerd :

  ( Geen kwaadaardige objecten gedetecteerd )

  Registersleutels geïnfecteerd :

  HKEY_CURRENT_USER \ SOFTWARE \ AppDataLow \ HavingFunOnline ( Adware.BHO.FL ) - quarantaine > en met succes verwijderd .

  HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ { 98fb80e5 - bd3d - 4ae1 - 4e92 - 9ca12c3fbe63 } ( Adware.AdRotator ) -> in quarantaine geplaatst en met succes verwijderd .

  HKEY_CLASSES_ROOT \ CLSID \ { 98fb80e5 - bd3d - 4ae1 - 4e92 - 9ca12c3fbe63 } ( Adware.AdRotator ) -> in quarantaine geplaatst en met succes verwijderd .

  Registerwaarden geïnfecteerd :

  ( Geen kwaadaardige objecten gedetecteerd )

  Registerdata geïnfecteerd :

  ( Geen kwaadaardige objecten gedetecteerd )

  Mappen geïnfecteerd :

  ( Geen kwaadaardige objecten gedetecteerd )

  Bestanden geïnfecteerd :

  C: \ Windows \ System32 \ nss413D.dll ( Adware.AdRotator ) -> Delete on reboot .

  Rapporteren