Volledige versie bekijken : log met spyware probleem
bike devil 24 March 2007, 13:40 log
Logfile of HijackThis v1.99.1
Scan saved at 12:38:21, on 24-3-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WinMsg\SYSMONMS.EXE
C:\Program Files\WinMsg\UINST.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\??erinit.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://theonlybookmark.com/in.cgi?2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O2 - BHO: StrangeBho Class - {0B9B7B2E-30E3-4C5D-AD2C-C38724979B4B} - C:\PROGRA~1\WinMsg\notepad.dll
O2 - BHO: (no name) - {14E3B9BA-7754-7CA8-7766-75B2686E84BF} - C:\WINDOWS\system32\isuy.dll
O2 - BHO: (no name) - {785C2927-E796-E867-EB4F-B7EE8FF7B9E4} - C:\WINDOWS\system32\jzn.dll (file missing)
O2 - BHO: (no name) - {A95AE74F-2EA1-7F08-8799-7AA2DBA36DE2} - C:\WINDOWS\system32\vdhaytp.dll (file missing)
O2 - BHO: (no name) - {B7567E3A-B384-E571-A6AB-E93B810321E5} - C:\WINDOWS\system32\ftx.dll (file missing)
O2 - BHO: (no name) - {B8128AB8-4A5D-4EAD-2213-127495D079B4} - C:\WINDOWS\system32\adl.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [EvshSrv32] C:\WINDOWS\evshsrv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [bal] C:\Program Files\WinMsg\SYSMONMS.EXE
O4 - HKLM\..\Run: [StUnInst] C:\Program Files\WinMsg\UINST.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Erckf] C:\WINDOWS\system32\??erinit.exe
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O16 - DPF: Dexia Netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {970BF476-3CF2-4572-9EF9-4479E1591DB8} (VacPro.belgio_ver3) - http://www.globalphon.com/dialer/belgio_ver3.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{21E2954C-8BFD-451F-8B28-2372B5B78C0A}: NameServer = 85.255.113.116,85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF824606-865F-4663-9B2D-ED0910994AE3}: NameServer = 85.255.113.116,85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{D14944A7-C791-4505-AC2B-DB517C0FEE11}: NameServer = 85.255.113.116,85.255.112.16
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.116 85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.116 85.255.112.16
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs:
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
jurgenv 24 March 2007, 13:50 Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
bike devil 24 March 2007, 14:07 Van ............" - 07-03-24 13:00:05 Service Pack 2
ComboFix 07-03-23 - Running from: "C:\Documents and Settings\Van ...............\Bureaublad"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\WINDOWS\RACLE~1
C:\qoobox\purity\WINDOWS\YMANTE~1
C:\qoobox\purity\WINDOWS\MANTEC~1
C:\qoobox\purity\WINDOWS\DOBE~1
C:\qoobox\purity\WINDOWS\CROSOF~1
C:\qoobox\purity\WINDOWS\ICROSO~1
C:\qoobox\purity\WINDOWS\TSKS~1
C:\qoobox\purity\WINDOWS\ASKS~1
C:\qoobox\purity\WINDOWS\YSTEM3~1
C:\qoobox\purity\WINDOWS\YMBOLS~1
C:\qoobox\purity\WINDOWS\SMBOLS~1
C:\qoobox\purity\WINDOWS\FNTS~1
C:\qoobox\purity\WINDOWS\system32\DOBE~1
C:\qoobox\purity\WINDOWS\system32\CROSOF~1
C:\qoobox\purity\WINDOWS\system32\MCROSO~1.NET
C:\qoobox\purity\WINDOWS\system32\SKS~1
C:\qoobox\purity\WINDOWS\system32\YSTEM3~1
C:\qoobox\purity\WINDOWS\system32\YSTEM~1
C:\qoobox\purity\WINDOWS\system32\FNTS~1
C:\qoobox\purity\WINDOWS\system32\ASEMBL~1
C:\qoobox\purity\WINDOWS\system32\SSEMBL~1
C:\qoobox\purity\WINDOWS\system32\PPATCH~1
C:\qoobox\purity\Program Files\CROSOF~1
C:\qoobox\purity\Program Files\CROSOF~1.NET
C:\qoobox\purity\Program Files\WNSXS~1
C:\qoobox\purity\Program Files\TSKS~1
C:\qoobox\purity\Program Files\ASKS~1
C:\qoobox\purity\Program Files\FNTS~1
C:\qoobox\purity\Program Files\APPATC~1
C:\qoobox\purity\Program Files\Common Files\RACLE~1
C:\qoobox\purity\Program Files\Common Files\YMANTE~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~2
C:\qoobox\purity\Program Files\Common Files\MCROSO~1.NET
C:\qoobox\purity\Program Files\Common Files\CROSOF~1.NET
C:\qoobox\purity\Program Files\Common Files\TSKS~1
C:\qoobox\purity\Program Files\Common Files\ASKS~1
C:\qoobox\purity\Program Files\Common Files\ASKS~2
C:\qoobox\purity\Program Files\Common Files\STEM32~1
C:\qoobox\purity\Program Files\Common Files\SMBOLS~1
C:\qoobox\purity\Program Files\Common Files\MBOLS~1
C:\qoobox\purity\Program Files\Common Files\CURITY~1
C:\qoobox\purity\Program Files\Common Files\MCROSO~1.NET\MCROSO~1.NET
C:\qoobox\purity\DOCUME~1\VANDAE~1
C:\qoobox\purity\DOCUME~1\VANDAE~1\APPLIC~1
C:\qoobox\purity\DOCUME~1\VANDAE~1\MIJNDO~1
C:\qoobox\purity\DOCUME~1\VANDAE~1\APPLIC~1\from.t xt
C:\qoobox\purity\DOCUME~1\VANDAE~1\APPLIC~1\YMANTE ~1
C:\qoobox\purity\DOCUME~1\VANDAE~1\APPLIC~1\SMANTE ~1
C:\qoobox\purity\DOCUME~1\VANDAE~1\APPLIC~1\CROSOF ~1
C:\qoobox\purity\DOCUME~1\VANDAE~1\APPLIC~1\ICROSO ~1
C:\qoobox\purity\DOCUME~1\VANDAE~1\APPLIC~1\ICROSO ~1.NET
C:\qoobox\purity\DOCUME~1\VANDAE~1\APPLIC~1\CROSOF ~1.NET
C:\qoobox\purity\DOCUME~1\VANDAE~1\APPLIC~1\WNSXS~ 1
C:\qoobox\purity\DOCUME~1\VANDAE~1\APPLIC~1\TSKS~1
C:\qoobox\purity\DOCUME~1\VANDAE~1\APPLIC~1\ASKS~1
C:\qoobox\purity\DOCUME~1\VANDAE~1\APPLIC~1\YSTEM3 ~1
C:\qoobox\purity\DOCUME~1\VANDAE~1\APPLIC~1\SSTEM~ 1
C:\qoobox\purity\DOCUME~1\VANDAE~1\APPLIC~1\MBOLS~ 1
C:\qoobox\purity\DOCUME~1\VANDAE~1\APPLIC~1\ECURIT ~1
C:\qoobox\purity\DOCUME~1\VANDAE~1\APPLIC~1\SCURIT ~1
C:\qoobox\purity\DOCUME~1\VANDAE~1\MIJNDO~1\from.t xt
C:\qoobox\purity\DOCUME~1\VANDAE~1\MIJNDO~1\SMANTE ~1
C:\qoobox\purity\DOCUME~1\VANDAE~1\MIJNDO~1\DOBE~1
C:\qoobox\purity\DOCUME~1\VANDAE~1\MIJNDO~1\CROSOF ~1
C:\qoobox\purity\DOCUME~1\VANDAE~1\MIJNDO~1\MCROSO ~1.NET
C:\qoobox\purity\DOCUME~1\VANDAE~1\MIJNDO~1\CROSOF ~1.NET
C:\qoobox\purity\DOCUME~1\VANDAE~1\MIJNDO~1\TSKS~1
C:\qoobox\purity\DOCUME~1\VANDAE~1\MIJNDO~1\STEM32 ~1
C:\qoobox\purity\DOCUME~1\VANDAE~1\MIJNDO~1\YMBOLS ~1
C:\qoobox\purity\DOCUME~1\VANDAE~1\MIJNDO~1\SSEMBL ~1
C:\qoobox\purity\DOCUME~1\VANDAE~1\MIJNDO~1\SEMBLY ~1
C:\qoobox\purity\DOCUME~1\VANDAE~1\MIJNDO~1\PPATCH ~1
((((((((((((((((((((((((((((((( Files Created from 2007-02-24 to 2007-03-24 ))))))))))))))))))))))))))))))))))
2007-03-24 12:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-03-24 11:58 349,856 -ra------ C:\WINDOWS\system32\drivers\2862WICB.sys
2007-03-21 21:54 <DIR> d-------- C:\Program Files\Common Files\Companion Wizard
2007-03-21 21:51 <DIR> d--hs---- C:\WA6P
2007-03-21 21:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2006
2007-03-21 21:39 <DIR> d-------- C:\Program Files\WinMsg
2007-03-21 21:39 <DIR> d-------- C:\Program Files\MovieCommander
2007-03-15 20:57 60,416 --a------ C:\WINDOWS\system32\isuy.dll
2007-03-15 20:57 2 --a------ C:\WINDOWS\system32\wintcc32.exe
2007-02-26 13:21 <DIR> d-------- C:\DOCUME~1\VANDAE~1\APPLIC~1\DriveCleaner 2006 Free
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))
2007-03-24 12:32 70744 --a------ C:\WINDOWS\system32\perfc013.dat
2007-03-24 12:32 444074 --a------ C:\WINDOWS\system32\perfh013.dat
2007-03-21 21:54 706 --a------ C:\DOCUME~1\VANDAE~1\APPLIC~1\update.log
2007-02-26 13:54 262 --a------ C:\DOCUME~1\VANDAE~1\APPLIC~1\winsscookie.txt
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Erckf"="C:\\WINDOWS\\system32\\??erinit.exe"
"ErrorSafeFree"="\"C:\\Program Files\\ErrorSafe Free\\uers.exe\" /min"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"LaunchApp"="Alaunch"
"WCSE Mgr"=""
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"EvshSrv32"="C:\\WINDOWS\\evshsrv.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"msnappau"="\"C:\\Program Files\\MSN Apps\\Updater\\01.02.3000.1001\\nl-be\\msnappau.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"BearShare"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"bal"="C:\\Program Files\\WinMsg\\SYSMONMS.EXE"
"StUnInst"="C:\\Program Files\\WinMsg\\UINST.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"="kdpeh.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{A1918055-56B5-406F-3CAC-FB1BFC956E8B}"=""
"{910DF9E7-9AE3-4F8F-89B5-CCC4A7AAD353}"=""
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ C:\WINDOWS\desktop.html
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\WebReg 20041228161133.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Van Daele Yanaika.job
C:\WINDOWS\tasks\Symantec NetDetect.job
************************************************** ******************
Logfile of HijackThis v1.99.1
Scan saved at 13:07:06, on 24-3-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WinMsg\SYSMONMS.EXE
C:\Program Files\WinMsg\UINST.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\??erinit.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
D:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://theonlybookmark.com/in.cgi?2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: StrangeBho Class - {0B9B7B2E-30E3-4C5D-AD2C-C38724979B4B} - C:\PROGRA~1\WinMsg\notepad.dll
O2 - BHO: (no name) - {14E3B9BA-7754-7CA8-7766-75B2686E84BF} - C:\WINDOWS\system32\isuy.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {785C2927-E796-E867-EB4F-B7EE8FF7B9E4} - C:\WINDOWS\system32\jzn.dll (file missing)
O2 - BHO: (no name) - {A95AE74F-2EA1-7F08-8799-7AA2DBA36DE2} - C:\WINDOWS\system32\vdhaytp.dll (file missing)
O2 - BHO: (no name) - {B7567E3A-B384-E571-A6AB-E93B810321E5} - C:\WINDOWS\system32\ftx.dll (file missing)
O2 - BHO: (no name) - {B8128AB8-4A5D-4EAD-2213-127495D079B4} - C:\WINDOWS\system32\adl.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [EvshSrv32] C:\WINDOWS\evshsrv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [bal] C:\Program Files\WinMsg\SYSMONMS.EXE
O4 - HKLM\..\Run: [StUnInst] C:\Program Files\WinMsg\UINST.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Erckf] C:\WINDOWS\system32\??erinit.exe
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O16 - DPF: Dexia Netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {970BF476-3CF2-4572-9EF9-4479E1591DB8} (VacPro.belgio_ver3) - http://www.globalphon.com/dialer/belgio_ver3.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{21E2954C-8BFD-451F-8B28-2372B5B78C0A}: NameServer = 85.255.113.116,85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF824606-865F-4663-9B2D-ED0910994AE3}: NameServer = 85.255.113.116,85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{D14944A7-C791-4505-AC2B-DB517C0FEE11}: NameServer = 85.255.113.116,85.255.112.16
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.116 85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.116 85.255.112.16
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs:
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
bike devil 24 March 2007, 14:27 daar avg niet meer wilde opstarten
heb ik er nod 32 opgeplaatst nu
moet er een nieuwe log komen?
jurgenv 24 March 2007, 14:57 Je kan beter deze instructies opslaan omdat je pc zal moeten herstarten.
Download Wareoutfix van één van deze twee site's:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe
Sla het op op je bureaublad en laat het runnen. Klik dan op Next, dan op Install, wees zeker dat "Run fixit" is aangevinkt en klik op Finish. De fix zal beginnen; volg de instructies die je krijgt. Er zal gevraagd worden of je je pc wilt herstarten; doe dit ook. Je computer zal nu wat trager opstarten, dit is normaal
Wanneer het bureaublad verschenen is, zal je een tekstbestandje zien te voorschijn komen (report.txt), post daarvan de inhoud hier met een nieuw hijackthis logje.
bike devil 24 March 2007, 15:51 probleemke
ik kan niet meer opstarten krijg blue screen of death en start terug op
ik geraak er wel nog op via veilige modus
bike devil 24 March 2007, 15:54 ok na 4 keer terug opstarten toch gelukt gewoon op te starten
log volgt
bike devil 24 March 2007, 15:57 Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check
»»»»» System restarted
»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdpeh.exe"
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.
Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/
»»»»» Other
»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"LaunchApp"="Alaunch"
"WCSE Mgr"=""
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"EvshSrv32"="C:\\WINDOWS\\evshsrv.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"msnappau"="\"C:\\Program Files\\MSN Apps\\Updater\\01.02.3000.1001\\nl-be\\msnappau.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"BearShare"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"bal"="C:\\Program Files\\WinMsg\\SYSMONMS.EXE"
"StUnInst"="C:\\Program Files\\WinMsg\\UINST.EXE"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Erckf"="C:\\WINDOWS\\system32\\??erinit.exe"
"ErrorSafeFree"="\"C:\\Program Files\\ErrorSafe Free\\uers.exe\" /min"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
Logfile of HijackThis v1.99.1
Scan saved at 14:57:01, on 24-3-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WinMsg\SYSMONMS.EXE
C:\Program Files\WinMsg\UINST.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\internet explorer\iexplore.exe
D:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://theonlybookmark.com/in.cgi?2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: StrangeBho Class - {0B9B7B2E-30E3-4C5D-AD2C-C38724979B4B} - C:\PROGRA~1\WinMsg\notepad.dll
O2 - BHO: (no name) - {14E3B9BA-7754-7CA8-7766-75B2686E84BF} - C:\WINDOWS\system32\isuy.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {785C2927-E796-E867-EB4F-B7EE8FF7B9E4} - C:\WINDOWS\system32\jzn.dll (file missing)
O2 - BHO: (no name) - {A95AE74F-2EA1-7F08-8799-7AA2DBA36DE2} - C:\WINDOWS\system32\vdhaytp.dll (file missing)
O2 - BHO: (no name) - {B7567E3A-B384-E571-A6AB-E93B810321E5} - C:\WINDOWS\system32\ftx.dll (file missing)
O2 - BHO: (no name) - {B8128AB8-4A5D-4EAD-2213-127495D079B4} - C:\WINDOWS\system32\adl.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [EvshSrv32] C:\WINDOWS\evshsrv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [bal] C:\Program Files\WinMsg\SYSMONMS.EXE
O4 - HKLM\..\Run: [StUnInst] C:\Program Files\WinMsg\UINST.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Erckf] C:\WINDOWS\system32\??erinit.exe
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O16 - DPF: Dexia Netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {970BF476-3CF2-4572-9EF9-4479E1591DB8} (VacPro.belgio_ver3) - http://www.globalphon.com/dialer/belgio_ver3.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{21E2954C-8BFD-451F-8B28-2372B5B78C0A}: NameServer = 85.255.113.116,85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF824606-865F-4663-9B2D-ED0910994AE3}: NameServer = 85.255.113.116,85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{D14944A7-C791-4505-AC2B-DB517C0FEE11}: NameServer = 85.255.113.116,85.255.112.16
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.116 85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.116 85.255.112.16
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs:
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
jurgenv 24 March 2007, 18:17 * Ga naar start==>configuratiescherm==>software en deïnstalleer indien aanwezig:
ErrorSafe
Purityscan
BearShare <== installeert malware met zich mee: http://p2p.malwareremoval.com/index.html
* Download en installeer AVG Anti-Spyware (http://www.ewido.net/en/download/).
Na de installatie, open AVG Anti-Spyware:
* onder "Status", klik op Change state naast "Resident shield". (wijzig van active naar inactive!)
* onder "Update", klik op de Start update knop.
* onder "Scanner", tab "Settings":- onder "How to act?", klik op "Recommended actions" en selecteer Quarantine. (ZEER BELANGRIJK!)
* onder "Reports", selecteer Automatically generate report after every scan en verwijder het vinkje bij Only if threats were found
Sluit AVG Anti-Spyware. Laat het nog niet scannen.
* Als je Adaware SE nog niet geïnstalleerd hebt, download, installeer en update het dan volgens de richtlijnen
die je kan vinden op: http://users.pandora.be/marcvn/spyware/1414188.htm
Download link van Ad-aware: http://www.lavasoftusa.com/products/ad-aware_se_personal.php
* Start je computer op in VEILIGE MODUS (http://users.pandora.be/marcvn/spyware/1378056.htm)
* open hijackthis en vink volgende regels aan:
O2 - BHO: (no name) - {785C2927-E796-E867-EB4F-B7EE8FF7B9E4} - C:\WINDOWS\system32\jzn.dll (file missing)
O2 - BHO: (no name) - {A95AE74F-2EA1-7F08-8799-7AA2DBA36DE2} - C:\WINDOWS\system32\vdhaytp.dll (file missing)
O2 - BHO: (no name) - {B7567E3A-B384-E571-A6AB-E93B810321E5} - C:\WINDOWS\system32\ftx.dll (file missing)
O2 - BHO: (no name) - {B8128AB8-4A5D-4EAD-2213-127495D079B4} - C:\WINDOWS\system32\adl.dll (file missing)
O4 - HKLM\..\Run: [EvshSrv32] C:\WINDOWS\evshsrv.exe
O4 - HKLM\..\Run: C:\Program Files\WinMsg\SYSMONMS.EXE
O4 - HKLM\..\Run: [StUnInst] C:\Program Files\WinMsg\UINST.EXE
O4 - HKCU\..\Run: [Erckf] C:\WINDOWS\system32\??erinit.exe
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{21E2954C-8BFD-451F-8B28-2372B5B78C0A}: NameServer = 85.255.113.116,85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF824606-865F-4663-9B2D-ED0910994AE3}: NameServer = 85.255.113.116,85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{D14944A7-C791-4505-AC2B-DB517C0FEE11}: NameServer = 85.255.113.116,85.255.112.16
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.116 85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.116 85.255.112.16
* sluit dan alle vensters behalve hijackthis en klik op 'fix checked'
* Verwijder volgende mappen indien aanwezig:
C:\Program Files\ErrorSafe Free
C:\Program Files\WinMsg
C:\Program Files\BearShare
C:\qoobox\purity
* Verwijder volgend bestand indien aanwezig:
C:\WINDOWS\evshsrv.exe
* Voer een volledige scan uit met Adaware en verwijder alles wat gevonden wordt.
* Start AVG Anti-Spyware.* Klik op [b]Scan en kies Complete System Scan.
Na de scan; volg onderstaande instructies :
BELANGRIJK : Klik niet op de "Save Scan Report" knop vooraleer je de "Apply all Actions" knop hebt aangeklikt !
* Draag er zorg voor dat Set all elements to: op Quarantine staat (1),
zoniet klik op de link en kies Quarantine in de popup menu. (2)
(Dit geldt niet voor cookies, deze worden onveranderlijk gedelete !)
* Onderaan het venster klik op de Apply all Actions knop. (3)
http://home.scarlet.be/~topalex/ewidoscan.jpg
* Wanneer je de melding krijgt 'All actions have been applied', klik je onderaan op de knop Save Report.
* Herstart je computer in normale modus.
* Download ATF cleaner (http://www.atribune.org/ccount/click.php?id=1) (by Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.
Gebruik je ook Firefox als browser:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords")
Klik op de knop Empty Selected.
Gebruik je ook Opera als browser:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.
* Post dan een nieuw hijackthis logje hier met het rapport van AVG antispyware.
bike devil 24 March 2007, 20:12 Logfile of HijackThis v1.99.1
Scan saved at 19:08:09, on 24-3-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
D:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.minatica.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: StrangeBho Class - {0B9B7B2E-30E3-4C5D-AD2C-C38724979B4B} - C:\PROGRA~1\WinMsg\notepad.dll (file missing)
O2 - BHO: (no name) - {14E3B9BA-7754-7CA8-7766-75B2686E84BF} - C:\WINDOWS\system32\isuy.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: 213.159.117.202
O16 - DPF: Dexia Netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {970BF476-3CF2-4572-9EF9-4479E1591DB8} (VacPro.belgio_ver3) - http://www.globalphon.com/dialer/belgio_ver3.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs:
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 19:00:16 24-3-2007
+ Scan result:
C:\FOUND.000\FILE0049.CHK/C:/WINDOWS/System32/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\FOUND.000\FILE0049.CHK/C:/WINDOWS/System32/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\FOUND.000\FILE0049.CHK/C:/WINDOWS/System32/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\FOUND.000\FILE0049.CHK/C:/WINDOWS/System32/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\FOUND.000\FILE0049.CHK/C:/WINDOWS/System32/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\FOUND.000\FILE0051.CHK -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\psis80ex.ax/C:/Program Files/CashBack/bin/cashback.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\psis80ex.ax/C:/Program Files/CashBack/bin/cb.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\psis80ex.ax/C:/Program Files/CashBack/bin/flash.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\psis80ex.ax/C:/WINDOWS/System32/mscb.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\FOUND.001\FILE0031.CHK -> Adware.Cres : Cleaned with backup (quarantined).
HKLM\SOFTWARE\IEMenuExtension -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\IEMenuExtension\toolbar -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\IEMenuExtension\toolbar\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-3277439761-357967339-2079644369-1005\Software\IEMenuExtension -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-3277439761-357967339-2079644369-1005\Software\IEMenuExtension\toolbar -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-3277439761-357967339-2079644369-1005\Software\IEMenuExtension\toolbar\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\ohbbackup -> Adware.EliteBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\ohbbackup\EliteSideBar -> Adware.EliteBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\ohbbackup\EliteToolBar -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Program Files\Common Files\WinSoftware\Prcheck.dll -> Adware.ErrorSafe : Cleaned with backup (quarantined).
C:\Recycled\Dc1\SB6I.EXE -> Adware.ErrorSafe : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP415\A0217279.exe -> Adware.ErrorSafe : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP418\A0254849.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP418\A0255675.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\k0260afsed260.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\k880lilm18qa.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mgjetoledb40.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP418\A0255674.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP380\A0211904.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP381\A0212033.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP383\A0212215.DLL -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP390\A0212885.DLL -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP390\A0212887.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP391\A0212961.DLL -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP391\A0212963.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP394\A0214330.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP395\A0214503.DLL -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP395\A0214505.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP396\A0214581.DLL -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP396\A0214584.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP397\A0214632.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP397\A0214638.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP398\A0214711.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP399\A0214826.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP411\A0215781.DLL -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP411\A0215782.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP418\A0218571.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP418\A0218573.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP418\A0255689.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fgap.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\t0�skmgr.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP415\A0217235.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP416\A0217478.exe/ffext.mod/{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP415\A0217284.dll -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP415\A0217285.dll -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP415\A0217286.dll -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP415\A0217371.exe -> Adware.SystemDoctor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP401\A0215043.exe -> Adware.ValueAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP415\A0217356.SYS -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP415\A0217357.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP415\A0217360.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP415\A0217364.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP415\A0217365.cpl -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP415\A0217366.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP415\A0217372.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP415\A0217373.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP415\A0217380.SYS -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP415\A0217383.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP415\A0217384.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP416\A0217479.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-3277439761-357967339-2079644369-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP418\A0255713.dll -> Adware.Winfixer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\VacPro.belgio_ver3 -> Dialer.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\VacPro.belgio_ver3\Clsid -> Dialer.Generic : Cleaned with backup (quarantined).
C:\FOUND.000\FILE0049.CHK/C:/WINDOWS/System32/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP402\A0215104.exe -> Downloader.Newpon.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP413\A0216909.exe -> Downloader.Newpon.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP415\A0217205.exe -> Downloader.Newpon.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP416\A0217435.exe -> Downloader.Newpon.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Mmtask.exe -> Downloader.Newpon.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP418\A0255682.exe -> Downloader.PurityScan.be : Cleaned with backup (quarantined).
C:\Documents and Settings\Van Daele Yanaika\Local Settings\Temp\!update.exe -> Downloader.PurityScan.ee : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP418\A0251627.exe -> Dropper.Purity.aj : Cleaned with backup (quarantined).
C:\WINDOWS\win32.bmp -> Hijacker.JS : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UERSM_0001_N68M1602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6PM_0001_N91M2107NetInstaller. exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UERSM_9999_N91S2009NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA6PM_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@www.adobe[2].txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@ad.adocean[2].txt -> TrackingCookie.Adocean : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@cz11.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@counter.cnw[2].txt -> TrackingCookie.Cnw : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@hit.gemius[1].txt -> TrackingCookie.Gemius : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@ilead.itrack[2].txt -> TrackingCookie.Itrack : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@image.masterstats[2].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@search.msn[4].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@search.msn[6].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@stats1.reliablestats[4].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@www.saxobank[2].txt -> TrackingCookie.Saxobank : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@share.skype[1].txt -> TrackingCookie.Skype : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@skype[1].txt -> TrackingCookie.Skype : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@www.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Van Daele Yanaika\Cookies\van daele yanaika@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP380\A0211906.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP381\A0212037.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP383\A0212221.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP388\A0212800.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP390\A0212891.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP391\A0212967.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP394\A0214336.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP395\A0214509.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP396\A0214588.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP397\A0214636.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP398\A0214715.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP399\A0214830.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP401\A0215046.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3722B6BB-C438-47B4-9505-B7B8E34DBD9A}\RP416\A0217485.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wintcc32.exe -> Trojan.Small : Cleaned with backup (quarantined).
::Report end
jurgenv 24 March 2007, 20:31 * Open hijackthis en vink volgende regels aan:
O2 - BHO: StrangeBho Class - {0B9B7B2E-30E3-4C5D-AD2C-C38724979B4B} - C:\PROGRA~1\WinMsg\notepad.dll (file missing)
O2 - BHO: (no name) - {14E3B9BA-7754-7CA8-7766-75B2686E84BF} - C:\WINDOWS\system32\isuy.dll (file missing)
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O16 - DPF: {970BF476-3CF2-4572-9EF9-4479E1591DB8} (VacPro.belgio_ver3) - http://www.globalphon.com/dialer/belgio_ver3.CAB
* Sluit dan alle vensters behalve hijackthis en klik op 'fix checked'
* Herstart dan je pc en post dan een nieuw hijackthis logje hier en vertel hoe alles verder werkt.
bike devil 24 March 2007, 21:33 bureaublad is niet aan te passen
is nu een witte achtergrond
krijg geen enkele foto op
melding spyware is verdwenen
Logfile of HijackThis v1.99.1
Scan saved at 20:32:34, on 24-3-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.minatica.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: 213.159.117.202
O16 - DPF: Dexia Netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs:
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
jurgenv 24 March 2007, 22:01 * Ga dan naar Start -> configuratiescherm -> vormgeving en thema's -> bureaublad ->bureaublad aanpassen -> Website -> haal het vinkje weg bij "Security Info" als het er nog staat.
Kijk dan of het gebeterd is.
bike devil 24 March 2007, 22:36 opgelost
bij deze zeer erg bedankt voor de hulp
:good: :bow:
jurgenv 24 March 2007, 23:22 Graag gedaan.
|
|