Tweet
ik schrijf namens mijn vader, volgens mij heeft mijn vader virus in zijn computer hij loopt steeds vast of hij komt er niet op de pagina waar hij wilt zijn, en steeds komt er overal reclame mijn vader heeft eset ,,,die heb ik vanmiddag gescand maar iets houd weer de scan tegen hier heb je een hijackthis van zijn computer
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:12, on 2-11-2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEDE.EXE
C:\Program Files\eMule\emule.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
C:\Users\m\Downloads\HiJackThis_2.0.4_universal.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type...1TXXXX9SZ1Y11T
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDWEg82mkVRfQOyE5-aY_U0fRoBy7tem3CaudTmqnXNV6ELk-BAZOmArxR_8DGiQKdan8PcCugGfufT38L_nFk0TRohBz7FQ_ZYqdl1Sk6nSJcKp1h6nebFzwocIiLPn3HrmCZ2BT7xRGHm6NTZ4g _JPE09pRpUxzVCOiDz4M5d5IPptSQ,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDWEg82mkVRfQOyE5-aY_U0fRoBy7tem3CaudTmqnXNV6ELk-BAZOmArxR_8DGiQKdan8PcCugGfufT38L_nFk0TRohBz7FQ_ZYqdl1Sk6nSJcKp1h6nebFzwocIiLPn3HrmCZ2BT7xRGHm6NTZ4g _JPE09pRpUxzVCOiDz4M5d5IPptSQ,,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com/?pr=vmn&id=my..._5108&src=5108
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type...1TXXXX9SZ1Y11T
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1406134270&from=tugs&uid=ST3320813AS_9SZ1Y11TXXXX9SZ1Y11T&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1406134270&from=tugs&uid=ST3320813AS_9SZ1Y11TXXXX9SZ1Y11T&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type...1TXXXX9SZ1Y11T
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDWEg82mkVRfQOyE5-aY_U0fRoBy7tem3CaudTmqnXNV6ELk-BAZOmArxR_8DGiQKdan8PcCugGfufT38L_nFk0TRohBz7FQ_ZYqdl1Sk6nSJcKp1h6nebFzwocIiLPn3HrmCZ2BT7xRGHm6NTZ4g _JPE09pRpUxzVCOiDz4M5d5IPptSQ,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDWEg82mkVRfQOyE5-aY_U0fRoBy7tem3CaudTmqnXNV6ELk-BAZOmArxR_8DGiQKdan8PcCugGfufT38L_nFk0TRohBz7FQ_ZYqdl1Sk6nSJcKp1h6nebFzwocIiLPn3HrmCZ2BT7xRGHm6NTZ4g _JPE09pRpUxzVCOiDz4M5d5IPptSQ,,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: CrossriderApp0059599 - {11111111-1111-1111-1111-110511951199} - C:\Program Files\video MediaPlay-Air\video MediaPlay-Air-bho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AnyProtect Scanner] "C:\Program Files\AnyProtectEx\AnyProtect.exe"
O4 - HKLM\..\Run: [AnyProtect Tray] "C:\Program Files\AnyProtectEx\AnyProtectTrayIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [YTDownloader] "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\Windows\TEMP\E_S1F1B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [YTDownloader] "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{464D4205-69DC-4701-B0B2-6813B4DF1B8A}: NameServer = 5.79.84.141,8.38.77.107
O17 - HKLM\System\CS1\Services\Tcpip\..\{464D4205-69DC-4701-B0B2-6813B4DF1B8A}: NameServer = 5.79.84.141,8.38.77.107
O17 - HKLM\System\CS2\Services\Tcpip\..\{464D4205-69DC-4701-B0B2-6813B4DF1B8A}: NameServer = 5.79.84.141,8.38.77.107
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FastPlayer Updater Service (FastPlayerUpdaterService) - Unknown owner - C:\Program Files\FastPlayer\FastPlayerUpdaterService.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IePlugin Services (IePluginServices) - Unknown owner - C:\ProgramData\IePluginServices\PluginService.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: Update EnterDigital - Unknown owner - C:\Program Files\EnterDigital\updateEnterDigital.exe
O23 - Service: Update findopolis - Unknown owner - C:\Program Files\findopolis\updatefindopolis.exe (file missing)
O23 - Service: Update trolatunt - Unknown owner - C:\Program Files\trolatunt\updatetrolatunt.exe (file missing)
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - Fuyu LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
--
End of file - 7945 bytes
hoop dat jullie kan zien wat het kan zijn
groetjes yoli
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:12, on 2-11-2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEDE.EXE
C:\Program Files\eMule\emule.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
C:\Users\m\Downloads\HiJackThis_2.0.4_universal.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type...1TXXXX9SZ1Y11T
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDWEg82mkVRfQOyE5-aY_U0fRoBy7tem3CaudTmqnXNV6ELk-BAZOmArxR_8DGiQKdan8PcCugGfufT38L_nFk0TRohBz7FQ_ZYqdl1Sk6nSJcKp1h6nebFzwocIiLPn3HrmCZ2BT7xRGHm6NTZ4g _JPE09pRpUxzVCOiDz4M5d5IPptSQ,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDWEg82mkVRfQOyE5-aY_U0fRoBy7tem3CaudTmqnXNV6ELk-BAZOmArxR_8DGiQKdan8PcCugGfufT38L_nFk0TRohBz7FQ_ZYqdl1Sk6nSJcKp1h6nebFzwocIiLPn3HrmCZ2BT7xRGHm6NTZ4g _JPE09pRpUxzVCOiDz4M5d5IPptSQ,,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com/?pr=vmn&id=my..._5108&src=5108
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type...1TXXXX9SZ1Y11T
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1406134270&from=tugs&uid=ST3320813AS_9SZ1Y11TXXXX9SZ1Y11T&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1406134270&from=tugs&uid=ST3320813AS_9SZ1Y11TXXXX9SZ1Y11T&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type...1TXXXX9SZ1Y11T
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDWEg82mkVRfQOyE5-aY_U0fRoBy7tem3CaudTmqnXNV6ELk-BAZOmArxR_8DGiQKdan8PcCugGfufT38L_nFk0TRohBz7FQ_ZYqdl1Sk6nSJcKp1h6nebFzwocIiLPn3HrmCZ2BT7xRGHm6NTZ4g _JPE09pRpUxzVCOiDz4M5d5IPptSQ,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDWEg82mkVRfQOyE5-aY_U0fRoBy7tem3CaudTmqnXNV6ELk-BAZOmArxR_8DGiQKdan8PcCugGfufT38L_nFk0TRohBz7FQ_ZYqdl1Sk6nSJcKp1h6nebFzwocIiLPn3HrmCZ2BT7xRGHm6NTZ4g _JPE09pRpUxzVCOiDz4M5d5IPptSQ,,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: CrossriderApp0059599 - {11111111-1111-1111-1111-110511951199} - C:\Program Files\video MediaPlay-Air\video MediaPlay-Air-bho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AnyProtect Scanner] "C:\Program Files\AnyProtectEx\AnyProtect.exe"
O4 - HKLM\..\Run: [AnyProtect Tray] "C:\Program Files\AnyProtectEx\AnyProtectTrayIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [YTDownloader] "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\Windows\TEMP\E_S1F1B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [YTDownloader] "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{464D4205-69DC-4701-B0B2-6813B4DF1B8A}: NameServer = 5.79.84.141,8.38.77.107
O17 - HKLM\System\CS1\Services\Tcpip\..\{464D4205-69DC-4701-B0B2-6813B4DF1B8A}: NameServer = 5.79.84.141,8.38.77.107
O17 - HKLM\System\CS2\Services\Tcpip\..\{464D4205-69DC-4701-B0B2-6813B4DF1B8A}: NameServer = 5.79.84.141,8.38.77.107
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FastPlayer Updater Service (FastPlayerUpdaterService) - Unknown owner - C:\Program Files\FastPlayer\FastPlayerUpdaterService.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IePlugin Services (IePluginServices) - Unknown owner - C:\ProgramData\IePluginServices\PluginService.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: Update EnterDigital - Unknown owner - C:\Program Files\EnterDigital\updateEnterDigital.exe
O23 - Service: Update findopolis - Unknown owner - C:\Program Files\findopolis\updatefindopolis.exe (file missing)
O23 - Service: Update trolatunt - Unknown owner - C:\Program Files\trolatunt\updatetrolatunt.exe (file missing)
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - Fuyu LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
--
End of file - 7945 bytes
hoop dat jullie kan zien wat het kan zijn
groetjes yoli
Comment