Ga naar inhoud

hijackthislog 3


Aanbevolen berichten

ik stuur weer de zoek .exe log om dat ik deze

startupall; code was vergeten erbij te plaatsen.

zoek.exe log

Zoek.exe Version 4.0.0.2 Updated 26-May-2013

Tool run by Brian on ma 27-05-2013 at 21:48:08,37.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results27-05-2013-2143.log 6869 bytes

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== FireFox Fix ======================

Deleted from C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\amifuxy3.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\amifuxy3.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-1099250189-683107137-2628589131-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"ccleaner"="D:\programma's\CCleaner.exe /AUTO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s"

"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

"LWS"="C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Soluto"="c:\program files\soluto\soluto.exe /init"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"ccleaner"="D:\programma's\CCleaner.exe /AUTO"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe ARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AllShareAgent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AllShareAgent"

"hkey"="HKLM"

"command"="C:\\Program Files\\Samsung\\AllShare\\AllShareAgent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BitTorrent"

"hkey"="HKCU"

"command"="\"C:\\Users\\Brian\\AppData\\Roaming\\BitTorrent\\BitTorrent.exe\" /MINIMIZED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ccleaner]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ccleaner"

"hkey"="HKCU"

"command"="\"D:\\programma's\\CCleaner.exe\" /AUTO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FileHippo.com]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="FileHippo.com"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\FileHippo.com\\UpdateChecker.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Logitech Vid]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Logitech Vid"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Logitech\\Vid HD\\Vid.exe\" -bootmode"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SunJavaUpdateSched"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNA1100 Genie.lnk]

"item"="NETGEAR WNA1100 Genie"

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\NETGEAR WNA1100 Genie.lnk"

"backup"="C:\\Windows\\pss\\NETGEAR WNA1100 Genie.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="D:\\PROGRA~1\\WNA1100\\WNA1100.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Brian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Productregistratie.lnk]

"item"="Logitech . Productregistratie"

"path"="C:\\Users\\Brian\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Logitech . Productregistratie.lnk"

"backup"="C:\\Windows\\pss\\Logitech . Productregistratie.lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\PROGRA~1\\Logitech\\Ereg\\eReg.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Brian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Twonky 7.1.lnk]

"item"="Twonky 7.1"

"path"="C:\\Users\\Brian\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Twonky 7.1.lnk"

"backup"="C:\\Windows\\pss\\Twonky 7.1.lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\PROGRA~1\\Twonky\\TWONKY~1\\TWONKY~4.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\nvsvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\nvUpdatusService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SamsungAllShareV2.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TeamViewer8]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WinDefend]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\wlidsvc]

==== Startup Folders ======================

2012-01-15 22:33:20 485 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [20-05-2013 22:05]

==== Firefox Extensions ======================

==== Firefox Plugins ======================

Profilepath: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\amifuxy3.default

3A523765D795DB006C010B915C3A840A - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

42A9B216A7A288512CE2F9A6BCCE96BC - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat

8F24103AB984847AA2939F58F19CCC98 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U21

ADC539F67D3198679F480974EE203678 - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.210.11

D40B9183C149CE2CBBE93AC1A275BDA9 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin

0D80C49D9A4A3E096296C67BD015F614 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery

A5C14075B571AF1C9592595BE724D9D2 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll - Silverlight Plug-In

D7EFF0B98C370E03D7E2593399D9B669 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision

75A1232EAC640B782CDD2132B5271AA8 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION

87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies

2AA3703D87E1327A2290C9D416D89A28 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll - Microsoft® Silverlight

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

TV - Brian - Default\Extensions\beobeededemalmllhkmnkinmfembdimh

YouTube - Brian - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Facebook - Brian - Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm

Last updated at time on date - Brian - Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb

Tetris - Brian - Default\Extensions\cfpkpcnigdggonhlcmbekffepnaflofk

Google Search - Brian - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Powerbot for Gmail - Brian - Default\Extensions\dklapjeioellcmcgfidfhpefmbnihibo

NS Reisplanner - Brian - Default\Extensions\fffdkieelgoekdbgncjjhaaocoglbeoi

AdBlock - Brian - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Google Maps - Brian - Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh

Teletekst - Brian - Default\Extensions\noblnklnhglbnfomoipgcidnbpdjfbom

Background Tab - Brian - Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic

Yann Arthus-Bertrand - Brian - Default\Extensions\plaekpceeonanmjojailaojkconcgofc

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{93D27606-664B-473B-80BE-42D602940602}"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{93D27606-664B-473B-80BE-42D602940602} Google Url="http://www.google.nl/search?hl=nl&q={searchTerms}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\users\Brian\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Brian\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ma 27-05-2013 at 21:56:49,08 ======================

Link naar reactie
Delen op andere sites

Dat ziet er allemaal degelijk uit.

Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.

  • Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
  • Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"
    4f8d1a3bd3fbd-EmsisoftEK11.jpg
  • Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
  • Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
  • Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
  • Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
  • Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"
    4f8d1a4d61ffa-EmsisoftEK2.jpg
  • Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
  • Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
  • Herstart nu de computer.

Link naar reactie
Delen op andere sites

hier dan bij deze de emsisoft scan.

Emsisoft Emergency Kit - Versie 3.0

Laatste Update: 3-6-2013 2:01:09

Scaninstellingen:

Scantype: Diepe scan

Objecten: Rootkits, Geheugen, Sporen, C:\, D:\

Detecteer riskware: Uit

Scan archieven: Aan

ADS Scan: Aan

Bestandsextensiefilter: Uit

Geavanceerde cache: Aan

Directe schijftoegang: Uit

Scan gestart: 3-6-2013 2:03:31

D:\Download bittorent\Norton Internet Security 2013 20.1.1.2 Final + Activation\~Get your Software Here\Activation\N2012 Trial Reset EN.exe Ontdekt: Trojan.Generic.8954034 (B)

Gescand 418340

Gevonden 1

Scan geëindigd: 3-6-2013 2:38:24

Scantijd: 0:34:53

D:\Download bittorent\Norton Internet Security 2013 20.1.1.2 Final + Activation\~Get your Software Here\Activation\N2012 Trial Reset EN.exe Verwijderd Trojan.Generic.8954034 (B)

Verwijderd 1

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.