Volledige versie bekijken : Pop ups en virussen
Ik heb hier al enkele dagen veel last van pop ups(celldorado, winantivirus,en nog enkele).
Daarbij ook de hele tyd virusalarm(trojans,dialers).
Al meerdere malen pc gescant met avg antivirus en avg antispyware, adware en search&destroy. Telkens alles wat gevonden werd verwijderd,ook in veilige modus.Mijn instellingen van beveiliging staan op hoog maar telkens ik zo'n pop-up krijg of virusalarm veranderd die mijn instellingen naar het minimum.
Hierbij het logje
Dank bij voorbaat.
Logfile of HijackThis v1.99.1
Scan saved at 12:58:10, on 3-7-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\jgcdbypx.exe
C:\Documents and Settings\thierry syx\Bureaublad\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\jaarggdq.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
jurgenv 3 July 2007, 13:40 Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
Hier het logje van combofix
"thierry syx" - 2007-07-03 13:45:48 - ComboFix 07-07-03.8 - Service Pack 2
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))) )))))
C:\WINDOWS\system32\hjdurjqt.dll
C:\WINDOWS\system32\jaarggdq.dll
C:\WINDOWS\system32\kupoeebg.dll
C:\WINDOWS\system32\noekstha.dll
C:\WINDOWS\system32\hgghedd.dll
C:\WINDOWS\system32\vyadd.bak1
C:\WINDOWS\system32\vyadd.bak2
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\qdggraaj.ini
C:\WINDOWS\system32\ahtskeon.ini
C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\urqnomj.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\THIERR~1\BUREAU~1.\internet explorer.lnk
((((((((((((((((((((((((( Files Created from 2007-06-03 to 2007-07-03 )))))))))))))))))))))))))))))))
2007-07-03 13:42 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-03 12:43 4,672 --a------ C:\WINDOWS\system32\jgcdbypx.exe
2007-07-01 14:37 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-07-01 13:46 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-01 13:42 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-01 13:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-01 13:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-26 20:54 <DIR> d-------- C:\DOCUME~1\THIERR~1\APPLIC~1\Jasc
2007-06-26 20:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-06-26 20:48 <DIR> d-------- C:\Program Files\Common Files\Jasc Software Inc
2007-06-26 20:48 <DIR> d-------- C:\DOCUME~1\THIERR~1\APPLIC~1\Jasc Software Inc
2007-06-26 20:47 <DIR> d-------- C:\Program Files\Jasc Software Inc
2007-06-25 17:19 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-25 13:16 <DIR> d-------- C:\WINDOWS\Performance
2007-06-25 13:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Corporation
2007-06-25 06:45 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-25 06:45 208,248 --a------ C:\WINDOWS\system32\muweb.dll
2007-06-24 17:23 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-06-24 16:35 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-06-24 16:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
2007-06-24 12:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-21 22:03 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-21 14:59 <DIR> d-------- C:\Program Files\Google
2007-06-21 14:59 <DIR> d-------- C:\DOCUME~1\THIERR~1\APPLIC~1\Google
2007-06-21 14:57 <DIR> d-------- C:\Program Files\CCleaner
2007-06-21 14:56 <DIR> d-------- C:\Program Files\RegCleaner
2007-06-21 12:52 2,180,096 -ra------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2007-06-21 12:51 372,736 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
2007-06-21 12:51 22,016 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-06-21 12:51 211,712 -ra------ C:\WINDOWS\system32\drivers\LV561AV.SYS
2007-06-21 12:51 204,800 -ra------ C:\WINDOWS\system32\LVUI2.dll
2007-06-21 12:51 204,800 -ra------ C:\WINDOWS\system32\lvcodec2.dll
2007-06-21 12:51 106,496 -ra------ C:\WINDOWS\system32\lvcoinst.dll
2007-06-21 12:49 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2007-06-21 12:48 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-06-21 12:47 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll
2007-06-21 12:47 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-06-21 12:47 856,064 --a------ C:\WINDOWS\system32\Ltwvc12n.dll
2007-06-21 12:47 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll
2007-06-21 12:47 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2007-06-21 12:47 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2007-06-21 12:47 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2007-06-21 12:47 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2007-06-21 12:47 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2007-06-21 12:47 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2007-06-21 12:47 466,944 --a------ C:\WINDOWS\system32\QCUI2.dll
2007-06-21 12:47 458,752 --a------ C:\WINDOWS\system32\LCamCpl.dll
2007-06-21 12:47 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2007-06-21 12:47 406,016 --a------ C:\WINDOWS\system32\ltkrn12n.dll
2007-06-21 12:47 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2007-06-21 12:47 328,704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL
2007-06-21 12:47 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll
2007-06-21 12:47 259,072 --a------ C:\WINDOWS\system32\LTDIS12n.dll
2007-06-21 12:47 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll
2007-06-21 12:47 207,872 --a------ C:\WINDOWS\system32\ltefx12n.dll
2007-06-21 12:47 164,864 --a------ C:\WINDOWS\system32\ltimg12n.dll
2007-06-21 12:47 141,312 --a------ C:\WINDOWS\system32\lftif12n.dll
2007-06-21 12:47 131,072 --a------ C:\WINDOWS\system32\ltfil12n.DLL
2007-06-21 12:47 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-06-21 12:47 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2007-06-21 12:47 <DIR> d-------- C:\Program Files\Logitech
2007-06-21 12:34 <DIR> d-------- C:\DOCUME~1\THIERR~1\APPLIC~1\Hewlett-Packard
2007-06-21 12:19 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-06-21 12:19 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-06-21 12:19 <DIR> d-------- C:\UniScan
2007-06-21 12:19 <DIR> d-------- C:\DOCUME~1\THIERR~1\APPLIC~1\Verzendmap van Share-to-Web
2007-06-21 12:18 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-06-21 12:08 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll
2007-06-21 12:08 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-06-21 12:08 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-06-21 12:08 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-06-21 12:08 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-06-21 12:07 <DIR> d-------- C:\Program Files\HP
2007-06-21 12:07 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-06-21 12:02 15,360 --a------ C:\WINDOWS\system32\drivers\mpcsys.SYS
2007-06-21 11:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-06-19 18:41 5,120 --a------ C:\WINDOWS\system32\drivers\Stdsys.SYS
2007-06-19 18:39 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-06-19 18:39 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-06-19 18:39 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-06-19 18:39 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-06-19 18:39 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-06-19 18:39 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-06-19 18:39 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-06-19 17:00 <DIR> d-------- C:\Program Files\IObit
2007-06-19 16:40 <DIR> d-------- C:\Program Files\LimeWire
2007-06-19 16:40 <DIR> d-------- C:\DOCUME~1\THIERR~1\Shared
2007-06-19 16:40 <DIR> d-------- C:\DOCUME~1\THIERR~1\Incomplete
2007-06-19 16:35 <DIR> d-------- C:\Program Files\Telemeter 3.0
2007-06-19 14:15 1,156 --a------ C:\WINDOWS\mozver.dat
2007-06-19 14:03 10,334 --a------ C:\WINDOWS\system32\drivers\cx88aud.sys
2007-06-19 14:03 <DIR> d-a------ C:\MSI8606_V.2.79.1.65
2007-06-19 12:31 <DIR> d-------- C:\Program Files\Lavalys
2007-06-19 00:19 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-19 00:17 <DIR> d-------- C:\Program Files\MSBuild
2007-06-19 00:14 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-06-19 00:13 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-06-19 00:13 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-06-19 00:12 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-06-19 00:12 <DIR> d-------- C:\aa203536072a8bbffd61fe
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
2007-06-26 08:15:12 91,018 ----a-w C:\WINDOWS\system32\perfc013.dat
2007-06-26 08:15:12 509,146 ----a-w C:\WINDOWS\system32\perfh013.dat
2007-05-10 01:34:34 4,637,232 ----a-w C:\Program Files\AWCSetup.exe
2007-04-25 14:22:52 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:15:26 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{198DF1C4-6F04-48AE-9BA3-04586938212C}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-17 19:09]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe" [2003-04-01 16:41]
"Telemeter 3.0"="C:\Program Files\Telemeter 3.0\telemeter3.exe" [2007-04-16 00:38]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 19:55]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-01 13:48]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-07-01 13:48]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstts]
C:\WINDOWS\system32\sstts.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrzf32]
winrzf32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Guard]
************************************************** ************************
catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-03 13:51:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
************************************************** ************************
Completion time: 2007-07-03 13:53:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-03 13:53
--- E O F ---
Hier het logje van hijack this
Logfile of HijackThis v1.99.1
Scan saved at 13:57:06, on 3-7-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\thierry syx\Bureaublad\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {198DF1C4-6F04-48AE-9BA3-04586938212C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: sstts - C:\WINDOWS\system32\sstts.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
jurgenv 3 July 2007, 14:02 Download OTMoveIt.exe (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe) en plaats het op je bureaublad:
Start OTMoveIt door dubbel te klikken op OTMoveIt.exe
In het linkerpaneel, waar het zegt: Paste List of Files/Folders to be Moved ,kopieer en plak je onderstaand gedeelte:
C:\WINDOWS\system32\jgcdbypx.exe
Klik daarna op de knop MoveIt onderaan.
Wanneer voltooid zal het een log aanmaken (********_******.log -- de * staat voor datum en tijd) in de volgende map: C:\_OTMoveIt\MovedFiles.
Post de inhoud daarvan in je volgende bericht met een nieuw hijackthis logje.
resultaat van otmoveit
File/Folder not found.
C:\WINDOWS\system32\jgcdbypx.exe moved successfully.
Created on 07/03/2007 14:06:25
nieuw logje van hijack this
Logfile of HijackThis v1.99.1
Scan saved at 14:11:18, on 3-7-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\jgcdbypx. exe
C:\Documents and Settings\thierry syx\Bureaublad\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {198DF1C4-6F04-48AE-9BA3-04586938212C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: sstts - C:\WINDOWS\system32\sstts.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
jurgenv 3 July 2007, 14:31 * Open hijackthis en vink volgende regels aan:
O2 - BHO: (no name) - {198DF1C4-6F04-48AE-9BA3-04586938212C} - (no file)
O20 - Winlogon Notify: sstts - C:\WINDOWS\system32\sstts.dll (file missing)
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
* Sluit dan alle vensters behalve hijackthis en klik op 'fix checked'
* Download ATF cleaner (http://www.atribune.org/ccount/click.php?id=1) (by Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.
Gebruik je ook Firefox als browser:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords")
Klik op de knop Empty Selected.
Gebruik je ook Opera als browser:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.
* Herstart dan je pc, post een nieuw hijackthis logje hier en vertel hoe alles verder werkt.
Nieuw logje van hijack this
Logfile of HijackThis v1.99.1
Scan saved at 14:40:22, on 3-7-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\thierry syx\Bureaublad\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
Momenteel werkt alles goed heb nog geen meldingen gekregen van virussen of pop-ups.
Indien er zouden komen zal ik deze direct melden.
Mogen alle files van de gebruikte tools verwijderd worden,of zou ik best nog wachten?
Alvast heel hartelijk bedankt Jurgen :good:
Zie plots in de log dat deze erin staat: C:\WINDOWS\system32\wuauclt.exe
en in de andere logjes niet heb niets veranderd of geinstalleerd.
jurgenv 3 July 2007, 14:58 De tools mag je verwijderen. :)
Nog een paar tips om problemen te voorkomen in de toekomst:
Installeer alvast volgende GRATIS programmatjes indien je ze nog niet hebt:
Spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html)
Adaware se (http://www.majorgeeks.com/download506.html)
Spybot s&d (http://www.safer-networking.org/en/index.html)
Tijdens het surfen, klik niet overal klakkeloos op ja als je dit gevraagd wordt... doe dit enkel wanneer je het volledig vertrouwt.
En kies eventueel een alternatieve browser zoals Opera (http://www.opera.com) of Firefox (http://www.mozilla.org/products/firefox/).
En ik raad je ook aan om af en toe een online virusscan uit te voeren. housecall (http://housecall.trendmicro.com/) en/of Bitdefender (http://nl.bitdefender.com/scan8/). Want, wat de ene scanner niet kan vinden, kan een andere misschien wel.
Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is!!
En... geregeld eens een bezoekje brengen aan: http://windowsupdate.microsoft.com/
Bekijk ook eens deze 2 filmpjes.. Heel interessant:
http://www2.trosradar.nl/mediaplayer/player.php?videoID=524&mode=dossier#
http://www.benedelman.org/spyware/security-111804.wmv
Meer preventietips zijn ook op volgende sites te vinden:
http://www.bluemedicine.be
http://users.telenet.be/marcvn/spyware
How did I get infected in the first place (http://castlecops.com/postitle7736-0-0-.html) (article by TonyKlein)
Het voorkomen van spyware-infecties en browserhijacking (http://www.antispywareoffensief.nl/forum/showthread.php?t=55)
O.K.hartelijk bedankt.
Als er meldingen zijn post ik die hier,want de vorige meldingen kreeg ik niet konstant,soms 3 tot 4 uur niks en dan plots alle na elkaar zowel met firefox en explorer.
Deze die er bijgekomen is in hijack logje kan geen kwaad dan:C:\WINDOWS\system32\wuauclt.exe omdat ik bij sommige meldingen van virussen de letters ook begonnen met wu.
Geen meldingen meer,dus alles in pico bello
mag slotje op
:thx: jurgenv :good:
jurgenv 6 July 2007, 13:31 Graag gedaan. ;)
|
|