vol met malware ?

Status
Niet open voor verdere reacties.

andre2

Gebruiker
Lid geworden
7 mrt 2010
Berichten
117
Hallo allemaal,

Op het ogenblik en laptop van mijn dochter.
Asus x70L serie met window vista premium

Het probleem is dat hij zeer traag is ,maar ook dat je niet fatsoenlijk op internet kunt.
Geregeld komen er niet gevraagde website's er over heen.
Vaak zijn het site's die het zogoed weten dat de laptop traag is en hun het tegen betaling weer goed maken, .....
Ik kan hier maar net met veel moeite op het forum komen.
Ik heb er Ccleaner al over heen gehaald,dat ik heb gedownload van ander laptop.

Wat kan ik er aan doen ?

Met vriendelijke groet , Andre
 
Boot mode: Normal
Code:
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\BrowserCompanion\BCHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_TATII4E.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Primary Color\bin\PrimaryColor.expext.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Primary Color\bin\PrimaryColor.BrowserAdapter.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_19_0_0_245_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Public\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.istartsurf.com/?type=hp&ts=1447334091&z=c310b0181d39d51349a6ce1g1zfz1m2cacfz7e4teg&from=tugss&uid=samsungxhm641ji_s23tjdqzb00870[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-885a21ba[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.istartsurf.com/?type=hp&ts=1447334091&z=c310b0181d39d51349a6ce1g1zfz1m2cacfz7e4teg&from=tugss&uid=samsungxhm641ji_s23tjdqzb00870[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1447334091&z=c310b0181d39d51349a6ce1g1zfz1m2cacfz7e4teg&from=tugss&uid=samsungxhm641ji_s23tjdqzb00870&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1447334091&z=c310b0181d39d51349a6ce1g1zfz1m2cacfz7e4teg&from=tugss&uid=samsungxhm641ji_s23tjdqzb00870&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.istartsurf.com/?type=hp&ts=1447334091&z=c310b0181d39d51349a6ce1g1zfz1m2cacfz7e4teg&from=tugss&uid=samsungxhm641ji_s23tjdqzb00870[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=4c096f760000000000000015afadc946&tlver=1.4.19.19&affID=19405
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Toolbar BHO - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\PROGRA~1\MAPSGA~2\bar\1.bin\39bar.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Search Assistant BHO - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll
O2 - BHO: Primary Color 1.0.0.7 - {b0a28f54-b08f-4049-a9bf-8d33bd1e9222} - C:\Program Files\Primary Color\PrimaryColorbho.dll
O2 - BHO: Music Toolbar (Dist. by Musiclab, Inc.) - {d4be399f-cfdf-462f-b234-2e3a62cff5a8} - C:\PROGRA~1\MUSICT~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O3 - Toolbar: MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll
O3 - Toolbar: Music Toolbar (Dist. by Musiclab, Inc.) - {d4be399f-cfdf-462f-b234-2e3a62cff5a8} - C:\PROGRA~1\MUSICT~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [MapsGalaxy Search Scope Monitor] "C:\PROGRA~1\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BearShare] "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" --lightmode
O4 - HKCU\..\Run: [SoftonicAssistant] "C:\Users\Eigenaar\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATII4E.EXE /EPT "EPLTarget\P0000000000000000" /M "L355 Series"
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1447335408
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [url]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url]
O18 - Protocol: amisie - {183A003A-3D01-4E94-A2C5-AD0108C68370} - C:\Program Files\AMIS\IeDtbPlugin.dll
O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: devolo Network Service (DevoloNetworkService) - devolo AG - C:\Program Files\devolo\dlan\devolonetsvc.exe
O23 - Service: EDciHtCiR - Irrational Number Applications - C:\ProgramData\mMEEdm\EDciHtCiR.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Seiko Epson Corporation - C:\Windows\system32\EscSvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ihpmServer - Unknown owner - C:\Program Files\RayDld\ihpmServer.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MapsGalaxyService (MapsGalaxy_39Service) - COMPANYVERS_NAME - C:\PROGRA~1\MAPSGA~2\bar\1.bin\39barsvc.exe
O23 - Service: Reimage Real Time Protector (ReimageRealTimeProtector) - Reimage® - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
O23 - Service: Update Primary Color - Unknown owner - C:\Program Files\Primary Color\updatePrimaryColor.exe
O23 - Service: Util Primary Color - Unknown owner - C:\Program Files\Primary Color\bin\utilPrimaryColor.exe

--
End of file - 11050 bytes

Dit is een ongevraagd Hijackthis scan ,misschien heeft er iemand wat aan.

In die R's zie je wat internet exploier ophaald,ik her inner me nog dat je die dan moet verwijderen , of klopt dat niet

Groetjes Andre
 
Laatst bewerkt door een moderator:
Hoi,

Als je die behandeld wil zien kan je beter bij deze laten doen dat doen we hier niet meer
 
Oke , Dank je wel , ik denk wel geholpen te zijn voorlopig,

Dank iedereen ,


Groet , Andre
 
Dit was een rapportje van Hijackthis, heb intussen op laptop adwcleaner gedraaid,

ik zie de delfde bestanden voorbij komen als mik in rapportje van hijackthis zie ,

Groet , Andre
 
Hoi , Ja , zeker enige verbetering met de twee propjes die ik er overheen heb gehaald

Kan nu gewoon goed op internet, een heleboel zooi verwijderd,

Dank voor jullie hulp.

Groet, Andre
 
Wanneer je alles wat opstart op de computer wilt zien, gebruik dan het portable programma AutoRuns van System Internals. Dit toont de programma's in categorieën. Bij de eerste zoekresultaten met Google vind je meestal al of het nuttig en/of schadelijk is met waar de malware van afkomstig is en je kunt alles binnen het programma ook uitschakelen.
 
Status
Niet open voor verdere reacties.
Terug
Bovenaan Onderaan