Pagina 1 van 2 12 LaatsteLaatste
Weergegeven resultaten: 1 t/m 10 van 11

Discussie: Pop ups en virussen

  1. #1
    PC-Freak   sykke's schermafbeelding
    Geregistreerd
    10 June 2006
    Locatie
    8930 MENEN
    Berichten
    1.656
    Bedankjes
    2.129
    Bedankt
    2.794 keer in 1.540 posts

    Pop ups en virussen

    Ik heb hier al enkele dagen veel last van pop ups(celldorado, winantivirus,en nog enkele).
    Daarbij ook de hele tyd virusalarm(trojans,dialers).
    Al meerdere malen pc gescant met avg antivirus en avg antispyware, adware en search&destroy. Telkens alles wat gevonden werd verwijderd,ook in veilige modus.Mijn instellingen van beveiliging staan op hoog maar telkens ik zo'n pop-up krijg of virusalarm veranderd die mijn instellingen naar het minimum.
    Hierbij het logje

    Dank bij voorbaat.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:58:10, on 3-7-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    C:\Program Files\Telemeter 3.0\telemeter3.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\jgcdbypx.exe
    C:\Documents and Settings\thierry syx\Bureaublad\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\jaarggdq.dll",forkonce
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe


  2. #2
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.887
    Bedankjes
    100
    Bedankt
    901 keer in 829 posts
    Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Member of ASAP

  3. De volgende gebruiker bedankt jurgenv voor deze nuttige post:

    sykke ( 3 July 2007)

  4. #3
    PC-Freak   sykke's schermafbeelding
    Geregistreerd
    10 June 2006
    Locatie
    8930 MENEN
    Berichten
    1.656
    Bedankjes
    2.129
    Bedankt
    2.794 keer in 1.540 posts
    Hier het logje van combofix

    "thierry syx" - 2007-07-03 13:45:48 - ComboFix 07-07-03.8 - Service Pack 2


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))) )))))


    C:\WINDOWS\system32\hjdurjqt.dll
    C:\WINDOWS\system32\jaarggdq.dll
    C:\WINDOWS\system32\kupoeebg.dll
    C:\WINDOWS\system32\noekstha.dll
    C:\WINDOWS\system32\hgghedd.dll
    C:\WINDOWS\system32\vyadd.bak1
    C:\WINDOWS\system32\vyadd.bak2
    C:\WINDOWS\system32\vyadd.ini
    C:\WINDOWS\system32\qdggraaj.ini
    C:\WINDOWS\system32\ahtskeon.ini
    C:\WINDOWS\system32\sttss.bak1
    C:\WINDOWS\system32\sttss.bak2
    C:\WINDOWS\system32\sttss.ini
    C:\WINDOWS\system32\ddayv.dll
    C:\WINDOWS\system32\urqnomj.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\THIERR~1\BUREAU~1.\internet explorer.lnk


    ((((((((((((((((((((((((( Files Created from 2007-06-03 to 2007-07-03 )))))))))))))))))))))))))))))))


    2007-07-03 13:42 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-03 12:43 4,672 --a------ C:\WINDOWS\system32\jgcdbypx.exe
    2007-07-01 14:37 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2007-07-01 13:46 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-07-01 13:42 <DIR> d-------- C:\Program Files\Lavasoft
    2007-07-01 13:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-01 13:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-06-26 20:54 <DIR> d-------- C:\DOCUME~1\THIERR~1\APPLIC~1\Jasc
    2007-06-26 20:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    2007-06-26 20:48 <DIR> d-------- C:\Program Files\Common Files\Jasc Software Inc
    2007-06-26 20:48 <DIR> d-------- C:\DOCUME~1\THIERR~1\APPLIC~1\Jasc Software Inc
    2007-06-26 20:47 <DIR> d-------- C:\Program Files\Jasc Software Inc
    2007-06-25 17:19 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-06-25 13:16 <DIR> d-------- C:\WINDOWS\Performance
    2007-06-25 13:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Corporation
    2007-06-25 06:45 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-06-25 06:45 208,248 --a------ C:\WINDOWS\system32\muweb.dll
    2007-06-24 17:23 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
    2007-06-24 16:35 <DIR> d-------- C:\Program Files\Windows Live Toolbar
    2007-06-24 16:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    2007-06-24 12:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-06-21 22:03 <DIR> d-------- C:\Program Files\MSXML 4.0
    2007-06-21 14:59 <DIR> d-------- C:\Program Files\Google
    2007-06-21 14:59 <DIR> d-------- C:\DOCUME~1\THIERR~1\APPLIC~1\Google
    2007-06-21 14:57 <DIR> d-------- C:\Program Files\CCleaner
    2007-06-21 14:56 <DIR> d-------- C:\Program Files\RegCleaner
    2007-06-21 12:52 2,180,096 -ra------ C:\WINDOWS\system32\drivers\lvsvf2.sys
    2007-06-21 12:51 372,736 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
    2007-06-21 12:51 22,016 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
    2007-06-21 12:51 211,712 -ra------ C:\WINDOWS\system32\drivers\LV561AV.SYS
    2007-06-21 12:51 204,800 -ra------ C:\WINDOWS\system32\LVUI2.dll
    2007-06-21 12:51 204,800 -ra------ C:\WINDOWS\system32\lvcodec2.dll
    2007-06-21 12:51 106,496 -ra------ C:\WINDOWS\system32\lvcoinst.dll
    2007-06-21 12:49 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
    2007-06-21 12:48 <DIR> d-------- C:\Program Files\Common Files\Logitech
    2007-06-21 12:47 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll
    2007-06-21 12:47 89,088 --a------ C:\WINDOWS\system32\atl71.dll
    2007-06-21 12:47 856,064 --a------ C:\WINDOWS\system32\Ltwvc12n.dll
    2007-06-21 12:47 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll
    2007-06-21 12:47 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
    2007-06-21 12:47 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
    2007-06-21 12:47 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
    2007-06-21 12:47 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
    2007-06-21 12:47 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
    2007-06-21 12:47 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
    2007-06-21 12:47 466,944 --a------ C:\WINDOWS\system32\QCUI2.dll
    2007-06-21 12:47 458,752 --a------ C:\WINDOWS\system32\LCamCpl.dll
    2007-06-21 12:47 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
    2007-06-21 12:47 406,016 --a------ C:\WINDOWS\system32\ltkrn12n.dll
    2007-06-21 12:47 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
    2007-06-21 12:47 328,704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL
    2007-06-21 12:47 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll
    2007-06-21 12:47 259,072 --a------ C:\WINDOWS\system32\LTDIS12n.dll
    2007-06-21 12:47 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll
    2007-06-21 12:47 207,872 --a------ C:\WINDOWS\system32\ltefx12n.dll
    2007-06-21 12:47 164,864 --a------ C:\WINDOWS\system32\ltimg12n.dll
    2007-06-21 12:47 141,312 --a------ C:\WINDOWS\system32\lftif12n.dll
    2007-06-21 12:47 131,072 --a------ C:\WINDOWS\system32\ltfil12n.DLL
    2007-06-21 12:47 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2007-06-21 12:47 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
    2007-06-21 12:47 <DIR> d-------- C:\Program Files\Logitech
    2007-06-21 12:34 <DIR> d-------- C:\DOCUME~1\THIERR~1\APPLIC~1\Hewlett-Packard
    2007-06-21 12:19 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
    2007-06-21 12:19 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2007-06-21 12:19 <DIR> d-------- C:\UniScan
    2007-06-21 12:19 <DIR> d-------- C:\DOCUME~1\THIERR~1\APPLIC~1\Verzendmap van Share-to-Web
    2007-06-21 12:18 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
    2007-06-21 12:08 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll
    2007-06-21 12:08 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
    2007-06-21 12:08 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
    2007-06-21 12:08 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
    2007-06-21 12:08 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
    2007-06-21 12:07 <DIR> d-------- C:\Program Files\HP
    2007-06-21 12:07 <DIR> d-------- C:\Program Files\Hewlett-Packard
    2007-06-21 12:02 15,360 --a------ C:\WINDOWS\system32\drivers\mpcsys.SYS
    2007-06-21 11:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    2007-06-19 18:41 5,120 --a------ C:\WINDOWS\system32\drivers\Stdsys.SYS
    2007-06-19 18:39 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
    2007-06-19 18:39 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
    2007-06-19 18:39 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
    2007-06-19 18:39 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
    2007-06-19 18:39 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
    2007-06-19 18:39 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
    2007-06-19 18:39 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
    2007-06-19 17:00 <DIR> d-------- C:\Program Files\IObit
    2007-06-19 16:40 <DIR> d-------- C:\Program Files\LimeWire
    2007-06-19 16:40 <DIR> d-------- C:\DOCUME~1\THIERR~1\Shared
    2007-06-19 16:40 <DIR> d-------- C:\DOCUME~1\THIERR~1\Incomplete
    2007-06-19 16:35 <DIR> d-------- C:\Program Files\Telemeter 3.0
    2007-06-19 14:15 1,156 --a------ C:\WINDOWS\mozver.dat
    2007-06-19 14:03 10,334 --a------ C:\WINDOWS\system32\drivers\cx88aud.sys
    2007-06-19 14:03 <DIR> d-a------ C:\MSI8606_V.2.79.1.65
    2007-06-19 12:31 <DIR> d-------- C:\Program Files\Lavalys
    2007-06-19 00:19 <DIR> d-------- C:\WINDOWS\network diagnostic
    2007-06-19 00:17 <DIR> d-------- C:\Program Files\MSBuild
    2007-06-19 00:14 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
    2007-06-19 00:13 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2007-06-19 00:13 <DIR> d-------- C:\Program Files\Reference Assemblies
    2007-06-19 00:12 <DIR> d-------- C:\Program Files\Windows Media Connect 2
    2007-06-19 00:12 <DIR> d-------- C:\aa203536072a8bbffd61fe


    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

    2007-06-26 08:15:12 91,018 ----a-w C:\WINDOWS\system32\perfc013.dat
    2007-06-26 08:15:12 509,146 ----a-w C:\WINDOWS\system32\perfh013.dat
    2007-05-10 01:34:34 4,637,232 ----a-w C:\Program Files\AWCSetup.exe
    2007-04-25 14:22:52 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:15:26 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{198DF1C4-6F04-48AE-9BA3-04586938212C}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    2005-05-31 01:04 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-17 19:09]
    "SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 C:\WINDOWS\SOUNDMAN.EXE]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe" [2003-04-01 16:41]
    "Telemeter 3.0"="C:\Program Files\Telemeter 3.0\telemeter3.exe" [2007-04-16 00:38]
    "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 19:55]
    "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-01 13:48]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-07-01 13:48]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstts]
    C:\WINDOWS\system32\sstts.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrzf32]
    winrzf32.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\aawservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Guard]


    ************************************************** ************************

    catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-03 13:51:19
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    ************************************************** ************************

    Completion time: 2007-07-03 13:53:56 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-03 13:53

    --- E O F ---


    Hier het logje van hijack this

    Logfile of HijackThis v1.99.1
    Scan saved at 13:57:06, on 3-7-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    C:\Program Files\Telemeter 3.0\telemeter3.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\thierry syx\Bureaublad\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {198DF1C4-6F04-48AE-9BA3-04586938212C} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O20 - Winlogon Notify: sstts - C:\WINDOWS\system32\sstts.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe


  5. #4
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.887
    Bedankjes
    100
    Bedankt
    901 keer in 829 posts
    Download OTMoveIt.exe en plaats het op je bureaublad:

    Start OTMoveIt door dubbel te klikken op OTMoveIt.exe
    In het linkerpaneel, waar het zegt: Paste List of Files/Folders to be Moved ,kopieer en plak je onderstaand gedeelte:

    C:\WINDOWS\system32\jgcdbypx.exe


    Klik daarna op de knop MoveIt onderaan.
    Wanneer voltooid zal het een log aanmaken (********_******.log -- de * staat voor datum en tijd) in de volgende map: C:\_OTMoveIt\MovedFiles.
    Post de inhoud daarvan in je volgende bericht met een nieuw hijackthis logje.

    Member of ASAP

  6. De volgende gebruiker bedankt jurgenv voor deze nuttige post:

    sykke ( 3 July 2007)

  7. #5
    PC-Freak   sykke's schermafbeelding
    Geregistreerd
    10 June 2006
    Locatie
    8930 MENEN
    Berichten
    1.656
    Bedankjes
    2.129
    Bedankt
    2.794 keer in 1.540 posts
    resultaat van otmoveit

    File/Folder not found.
    C:\WINDOWS\system32\jgcdbypx.exe moved successfully.

    Created on 07/03/2007 14:06:25



    nieuw logje van hijack this
    Logfile of HijackThis v1.99.1
    Scan saved at 14:11:18, on 3-7-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    C:\Program Files\Telemeter 3.0\telemeter3.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\_OTMoveIt\MovedFiles\WINDOWS\system32\jgcdbypx. exe
    C:\Documents and Settings\thierry syx\Bureaublad\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {198DF1C4-6F04-48AE-9BA3-04586938212C} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O20 - Winlogon Notify: sstts - C:\WINDOWS\system32\sstts.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe


  8. #6
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.887
    Bedankjes
    100
    Bedankt
    901 keer in 829 posts
    * Open hijackthis en vink volgende regels aan:

    O2 - BHO: (no name) - {198DF1C4-6F04-48AE-9BA3-04586938212C} - (no file)
    O20 - Winlogon Notify: sstts - C:\WINDOWS\system32\sstts.dll (file missing)
    O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)


    * Sluit dan alle vensters behalve hijackthis en klik op 'fix checked'

    * Download ATF cleaner (by Atribune)

    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Gebruik je ook Firefox als browser:
    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit verwijdert het vinkje bij "Firefox saved passwords")
    Klik op de knop Empty Selected.

    Gebruik je ook Opera als browser:
    Klik op tabblad "Opera", plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop Empty Selected.
    Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

    * Herstart dan je pc, post een nieuw hijackthis logje hier en vertel hoe alles verder werkt.

    Member of ASAP

  9. De volgende gebruiker bedankt jurgenv voor deze nuttige post:

    sykke ( 3 July 2007)

  10. #7
    PC-Freak   sykke's schermafbeelding
    Geregistreerd
    10 June 2006
    Locatie
    8930 MENEN
    Berichten
    1.656
    Bedankjes
    2.129
    Bedankt
    2.794 keer in 1.540 posts
    Nieuw logje van hijack this

    Logfile of HijackThis v1.99.1
    Scan saved at 14:40:22, on 3-7-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    C:\Program Files\Telemeter 3.0\telemeter3.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\thierry syx\Bureaublad\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe


    Momenteel werkt alles goed heb nog geen meldingen gekregen van virussen of pop-ups.
    Indien er zouden komen zal ik deze direct melden.

    Mogen alle files van de gebruikte tools verwijderd worden,of zou ik best nog wachten?
    Alvast heel hartelijk bedankt Jurgen

    Zie plots in de log dat deze erin staat: C:\WINDOWS\system32\wuauclt.exe
    en in de andere logjes niet heb niets veranderd of geinstalleerd.
    Laatst gewijzigd door sykke; 3 July 2007 om 14:57


  11. #8
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.887
    Bedankjes
    100
    Bedankt
    901 keer in 829 posts
    De tools mag je verwijderen.


    Nog een paar tips om problemen te voorkomen in de toekomst:

    Installeer alvast volgende GRATIS programmatjes indien je ze nog niet hebt:

    Spywareblaster
    Adaware se
    Spybot s&d


    Tijdens het surfen, klik niet overal klakkeloos op ja als je dit gevraagd wordt... doe dit enkel wanneer je het volledig vertrouwt.

    En kies eventueel een alternatieve browser zoals Opera of Firefox.

    En ik raad je ook aan om af en toe een online virusscan uit te voeren. housecall en/of Bitdefender. Want, wat de ene scanner niet kan vinden, kan een andere misschien wel.
    Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is!!

    En... geregeld eens een bezoekje brengen aan: http://windowsupdate.microsoft.com/

    Bekijk ook eens deze 2 filmpjes.. Heel interessant:
    http://www2.trosradar.nl/mediaplayer...&mode=dossier#
    http://www.benedelman.org/spyware/security-111804.wmv


    Meer preventietips zijn ook op volgende sites te vinden:

    http://www.bluemedicine.be
    http://users.telenet.be/marcvn/spyware
    How did I get infected in the first place (article by TonyKlein)
    Het voorkomen van spyware-infecties en browserhijacking

    Member of ASAP

  12. De volgende gebruiker bedankt jurgenv voor deze nuttige post:

    sykke ( 3 July 2007)

  13. #9
    PC-Freak   sykke's schermafbeelding
    Geregistreerd
    10 June 2006
    Locatie
    8930 MENEN
    Berichten
    1.656
    Bedankjes
    2.129
    Bedankt
    2.794 keer in 1.540 posts
    O.K.hartelijk bedankt.

    Als er meldingen zijn post ik die hier,want de vorige meldingen kreeg ik niet konstant,soms 3 tot 4 uur niks en dan plots alle na elkaar zowel met firefox en explorer.
    Deze die er bijgekomen is in hijack logje kan geen kwaad dan:C:\WINDOWS\system32\wuauclt.exe omdat ik bij sommige meldingen van virussen de letters ook begonnen met wu.


  14. #10
    PC-Freak   sykke's schermafbeelding
    Geregistreerd
    10 June 2006
    Locatie
    8930 MENEN
    Berichten
    1.656
    Bedankjes
    2.129
    Bedankt
    2.794 keer in 1.540 posts
    Geen meldingen meer,dus alles in pico bello
    mag slotje op

    jurgenv


Discussie informatie

Users Browsing this Thread

Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)

Soortgelijke discussies

  1. Top 20 A-Virussen
    Door alBildjiekiyya in forum Malware
    Reacties: 9
    Laatste bericht: 25 June 2007, 14:48
  2. Virussen ??
    Door narcis13 in forum Malware
    Reacties: 5
    Laatste bericht: 17 June 2007, 05:29
  3. PC VOL spyware & virussen
    Door FraiD in forum Malware
    Reacties: 4
    Laatste bericht: 29 September 2006, 19:19
  4. virussen
    Door eric2 in forum Malware
    Reacties: 8
    Laatste bericht: 7 November 2005, 17:35
  5. virussen
    Door JelleB in forum HijackThis
    Reacties: 4
    Laatste bericht: 7 November 2005, 15:47

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •