• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

hijack log traag internet enz

Status
Niet open voor verdere reacties.
P

pimmiekris

Gast
Hallo Zou iemand eens naar mijn hijack logje willen kijken. Ik heb veel last van pop ups, trage internet, about blank, pagina's die niet open willen gaan. Ik heb Norton 360 draaien maar die vindt niet veel. spysweeper geprobeerd maar weinig op gelost. Dus bij deze een logje van hijackthis.

bvd Pimmiekris

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:12:13, on 28-10-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "C:\WINDOWS\system32\rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdxcd.exe] C:\WINDOWS\system32\kdxcd.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA3301] command /c del "C:\WINDOWS\system32\kdxcd.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1023] cmd /c del "C:\WINDOWS\system32\kdxcd.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6678] command /c del "C:\Documents and Settings\klazien\Favorieten\Antivirus Scan.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9035] cmd /c del "C:\Documents and Settings\klazien\Favorieten\Antivirus Scan.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5128] command /c del "C:\WINDOWS\system32\kdxcd.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7437] cmd /c del "C:\WINDOWS\system32\kdxcd.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1507] command /c del "C:\Documents and Settings\klazien\Favorieten\Antivirus Scan.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2610] cmd /c del "C:\Documents and Settings\klazien\Favorieten\Antivirus Scan.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9225] command /c del "C:\WINDOWS\system32\kdxcd.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2673] cmd /c del "C:\WINDOWS\system32\kdxcd.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8766] command /c del "C:\Documents and Settings\klazien\Favorieten\Antivirus Scan.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9523] cmd /c del "C:\Documents and Settings\klazien\Favorieten\Antivirus Scan.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3523] command /c del "C:\Documents and Settings\All Users\Bureaublad\SpyHunter.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1166] cmd /c del "C:\Documents and Settings\All Users\Bureaublad\SpyHunter.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2909] command /c del "C:\Documents and Settings\All Users\Menu Start\SpyHunter.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2208] cmd /c del "C:\Documents and Settings\All Users\Menu Start\SpyHunter.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3961] command /c del "C:\Documents and Settings\All Users\Menu Start\Programma's\SpyHunter\SpyHunter.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC369] cmd /c del "C:\Documents and Settings\All Users\Menu Start\Programma's\SpyHunter\SpyHunter.lnk"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5714] command /c del "C:\WINDOWS\system32\kdxcd.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD797] cmd /c del "C:\WINDOWS\system32\kdxcd.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7755] command /c del "C:\Documents and Settings\klazien\Favorieten\Antivirus Scan.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2554] cmd /c del "C:\Documents and Settings\klazien\Favorieten\Antivirus Scan.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9517] command /c del "C:\WINDOWS\system32\kdxcd.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7701] cmd /c del "C:\WINDOWS\system32\kdxcd.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4862] command /c del "C:\Documents and Settings\klazien\Favorieten\Antivirus Scan.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4289] cmd /c del "C:\Documents and Settings\klazien\Favorieten\Antivirus Scan.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9716] command /c del "C:\WINDOWS\system32\kdxcd.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD965] cmd /c del "C:\WINDOWS\system32\kdxcd.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB566] command /c del "C:\Documents and Settings\klazien\Favorieten\Antivirus Scan.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7607] cmd /c del "C:\Documents and Settings\klazien\Favorieten\Antivirus Scan.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4775] command /c del "C:\Documents and Settings\All Users\Bureaublad\SpyHunter.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6156] cmd /c del "C:\Documents and Settings\All Users\Bureaublad\SpyHunter.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2762] command /c del "C:\Documents and Settings\All Users\Menu Start\SpyHunter.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1035] cmd /c del "C:\Documents and Settings\All Users\Menu Start\SpyHunter.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8884] command /c del "C:\Documents and Settings\All Users\Menu Start\Programma's\SpyHunter\SpyHunter.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD841] cmd /c del "C:\Documents and Settings\All Users\Menu Start\Programma's\SpyHunter\SpyHunter.lnk"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1DBF705-73D7-48DB-9942-54734043857D}: NameServer = 85.255.112.104;85.255.112.144
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10157 bytes
 
Hallo Pimmiekiris :welkom:

Kan je de pc eens herstarten en dan een nieuw HJTLogje maken en meeposten?
Want nu moet er zo te zien bij de herstart nog een en ander verwijderd worden door spybot s&d,
cfr. de regels met
"O4 - HKCU\..\RunOnce: [SpybotDeletingB9517] command /c del ....."
dus even kijken hoe het eruit ziet als spybot zijn werk nog afgerond heeft.

Kan je je nieuwe logje ook even door de kleurcodering/color coder halen?
zie tweede puntje in de lees dit eerst :)
http://www.nationaalcomputerforum.nl/announcement.php?f=25&a=11
 
ok ik heb hjt log door color codering gehaald. Ik kan alleen niet vinden hoe ik teatime van spybot uit kan zetten.
ik hoop dat je hier iets mee kan doen.

bvd pimmiekris


[hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:44, on 30-10-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\ati2evxx.exe
c:\program files\common files\symantec shared\ccsvchst.exe
c:\windows\explorer.exe
c:\windows\system32\spoolsv.exe
c:\program files\symantec\liveupdate\aluschedulersvc.exe
c:\program files\tortoisesvn\bin\tsvncache.exe
c:\windows\system32\svchost.exe
c:\program files\common files\symantec shared\ccsvchst.exe
c:\windows\soundman.exe
c:\program files\ati technologies\ati.ace\core-static\mom.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\ctfmon.exe
c:\program files\spybot - search & destroy\teatimer.exe
c:\program files\ati technologies\ati.ace\core-static\ccc.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\trend micro\hijackthis\hijackthis.exe

r1 - hkcu\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hkcu\software\microsoft\internet explorer\main,start page = www.msn.com/
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: spybot-s&d ie protection - {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\sdhelper.dll
o2 - bho: nco 2.0 ie bho - {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coieplg.dll
o2 - bho: symantec intrusion prevention - {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\ipsbho.dll
o2 - bho: ssvhelper class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
o3 - toolbar: show norton toolbar - {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\coieplg.dll
o4 - hklm\..\run: [ccapp] c:\program files\common files\symantec shared\ccapp.exe
o4 - hklm\..\run: [oscheck] c:\program files\norton 360\oscheck.exe
o4 - hklm\..\run: [soundman] c:\windows\soundman.exe
o4 - hklm\..\run: [startccc] c:\program files\ati technologies\ati.ace\core-static\clistart.exe msrun
o4 - hklm\..\run: [bluetoothauthenticationagent] c:\windows\system32\rundll32.exe bthprops.cpl,,bluetoothauthenticationagent
o4 - hklm\..\run: [c:\windows\system32\kdxcd.exe] c:\windows\system32\kdxcd.exe
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\java\jre1.6.0_07\bin\jusched.exe
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files\adobe\reader 9.0\reader\reader_sl.exe
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [spybotsd teatimer] c:\program files\spybot - search & destroy\teatimer.exe
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'lokale service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'netwerkservice')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o9 - extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - c:\windows\bdoscandel.exe
o9 - extra 'tools' menuitem: uninstall bitdefender online scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - c:\windows\bdoscandel.exe
o9 - extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - c:\progra~1\spybot~1\sdhelper.dll
o9 - extra 'tools' menuitem: spybot - search & destroy configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - c:\progra~1\spybot~1\sdhelper.dll
o16 - dpf: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} (bdscanonline control) - [noparse]http://download.bitdefender.com/resources/scan8/oscan8.cab[/noparse]
o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash object) - [noparse]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/noparse]
o17 - hklm\system\ccs\services\tcpip\..\{f1dbf705-73d7-48db-9942-54734043857d}: nameserver = 85.255.112.104;85.255.112.144
o23 - service: ati hotkey poller - ati technologies inc. - c:\windows\system32\ati2evxx.exe
o23 - service: ati smart - unknown owner - c:\windows\system32\ati2sgag.exe
o23 - service: automatic liveupdate scheduler - symantec corporation - c:\program files\symantec\liveupdate\aluschedulersvc.exe
o23 - service: symantec event manager (ccevtmgr) - symantec corporation - c:\program files\common files\symantec shared\ccsvchst.exe
o23 - service: symantec settings manager (ccsetmgr) - symantec corporation - c:\program files\common files\symantec shared\ccsvchst.exe
o23 - service: symantec lic netconnect service (cltnetcnservice) - symantec corporation - c:\program files\common files\symantec shared\ccsvchst.exe
o23 - service: com host (comhost) - symantec corporation - c:\program files\common files\symantec shared\vascanner\comhost.exe
o23 - service: liveupdate - symantec corporation - c:\program files\symantec\liveupdate\lucomserver_3_4.exe
o23 - service: liveupdate notice - symantec corporation - c:\program files\common files\symantec shared\ccsvchst.exe
o23 - service: symantec core lc - unknown owner - c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe
--
end of file - 5734 bytes

[/hjt]
 
nogmaals een hjt logje. Is er nog iets wat ik moet doen?

bvd pimmiekris


[hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:18, on 1-11-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\ati2evxx.exe
c:\program files\common files\symantec shared\ccsvchst.exe
c:\windows\explorer.exe
c:\windows\system32\spoolsv.exe
c:\program files\tortoisesvn\bin\tsvncache.exe
c:\program files\common files\symantec shared\ccsvchst.exe
c:\windows\soundman.exe
c:\program files\ati technologies\ati.ace\core-static\mom.exe
c:\windows\system32\rundll32.exe
c:\program files\ati technologies\ati.ace\core-static\ccc.exe
c:\program files\java\jre1.6.0_07\bin\jusched.exe
c:\program files\adobe\reader 9.0\reader\reader_sl.exe
c:\windows\system32\ctfmon.exe
c:\program files\spybot - search & destroy\teatimer.exe
c:\program files\symantec\liveupdate\aluschedulersvc.exe
c:\windows\system32\svchost.exe
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\wuauclt.exe
c:\program files\trend micro\hijackthis\hijackthis.exe

r1 - hkcu\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hkcu\software\microsoft\internet explorer\main,start page = www.msn.com/
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: spybot-s&d ie protection - {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\sdhelper.dll
o2 - bho: nco 2.0 ie bho - {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coieplg.dll
o2 - bho: symantec intrusion prevention - {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\ipsbho.dll
o2 - bho: ssvhelper class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
o3 - toolbar: show norton toolbar - {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\coieplg.dll
o4 - hklm\..\run: [ccapp] c:\program files\common files\symantec shared\ccapp.exe
o4 - hklm\..\run: [oscheck] c:\program files\norton 360\oscheck.exe
o4 - hklm\..\run: [soundman] c:\windows\soundman.exe
o4 - hklm\..\run: [startccc] c:\program files\ati technologies\ati.ace\core-static\clistart.exe msrun
o4 - hklm\..\run: [bluetoothauthenticationagent] c:\windows\system32\rundll32.exe bthprops.cpl,,bluetoothauthenticationagent
o4 - hklm\..\run: [c:\windows\system32\kdxcd.exe] c:\windows\system32\kdxcd.exe
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\java\jre1.6.0_07\bin\jusched.exe
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files\adobe\reader 9.0\reader\reader_sl.exe
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [spybotsd teatimer] c:\program files\spybot - search & destroy\teatimer.exe
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'lokale service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'netwerkservice')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o9 - extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - c:\windows\bdoscandel.exe
o9 - extra 'tools' menuitem: uninstall bitdefender online scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - c:\windows\bdoscandel.exe
o9 - extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - c:\progra~1\spybot~1\sdhelper.dll
o9 - extra 'tools' menuitem: spybot - search & destroy configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - c:\progra~1\spybot~1\sdhelper.dll
o16 - dpf: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} (bdscanonline control) - [noparse]http://download.bitdefender.com/resources/scan8/oscan8.cab[/noparse]
o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash object) - [noparse]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/noparse]
o23 - service: ati hotkey poller - ati technologies inc. - c:\windows\system32\ati2evxx.exe
o23 - service: ati smart - unknown owner - c:\windows\system32\ati2sgag.exe
o23 - service: automatic liveupdate scheduler - symantec corporation - c:\program files\symantec\liveupdate\aluschedulersvc.exe
o23 - service: symantec event manager (ccevtmgr) - symantec corporation - c:\program files\common files\symantec shared\ccsvchst.exe
o23 - service: symantec settings manager (ccsetmgr) - symantec corporation - c:\program files\common files\symantec shared\ccsvchst.exe
o23 - service: symantec lic netconnect service (cltnetcnservice) - symantec corporation - c:\program files\common files\symantec shared\ccsvchst.exe
o23 - service: com host (comhost) - symantec corporation - c:\program files\common files\symantec shared\vascanner\comhost.exe
o23 - service: liveupdate - symantec corporation - c:\program files\symantec\liveupdate\lucomserver_3_4.exe
o23 - service: liveupdate notice - symantec corporation - c:\program files\common files\symantec shared\ccsvchst.exe
o23 - service: symantec core lc - unknown owner - c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe
--
end of file - 5750 bytes

[/hjt]
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan