Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

virus

None
6 antwoorden
  • hoi.

    ik heb t idee dat mijn comp een aantal hardnekkige virussen bevat die er niet afwillen
    avg geeft niks vreemds aan
    heb in ieder geval een hijackthis log gemaakt. kan iemand kijken wat er mis is met mn comp en wat ik eraan kan doen?
    alvast bedankt

    doei doei saskia

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:23:53, on 28-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\CameraAssistant.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {454bb83a-ac53-4e8d-bf1a-a2dd6f701213} - C:\WINDOWS\system32\msdmlc.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
    O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp7E.tmp.dll (file missing)
    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\mlmmjg.dll",forkonce
    O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [{E7-7E-E9-94-ZN}] C:\WINDOWS\system32\kmdsrngn.exe P2D002
    O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mwinnlds.exe P2D002
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\mwinnlds.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Save with Download Manager… - file://C:\Program Files\J River\Media Center 11\DMDownload.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com
    esources/MsnPUpld.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
    O20 - Winlogon Notify: msdmlc - msdmlc.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)


    End of file - 6778 bytes
  • Voer de volgende acties eerst uit:
    Klik op Start -> (Settings) -> Configuratiescherm -> Software en verwijder het volgende programma:
    [b:f8efe7b84f]WebHancer
    Enhanced Ads by Think-Adz removal
    Think-Adz Search Assistant removal
    [/b:f8efe7b84f]

    start opnieuw op
  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:482fed5e90]
    O2 - BHO: (no name) - {454bb83a-ac53-4e8d-bf1a-a2dd6f701213} - C:\WINDOWS\system32\msdmlc.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp7E.tmp.dll (file missing)
    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)
    O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
    O20 - Winlogon Notify: msdmlc - msdmlc.dll (file missing)
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (file missing)
    [/b:482fed5e90]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Open de verkenner ("Deze Computer") en kies [b:482fed5e90]Extra[/b:482fed5e90] -> [b:482fed5e90]Mapopties…[/b:482fed5e90]
    Controleer onder [b:482fed5e90]Weergave[/b:482fed5e90] de volgende instellingen:

    Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
    Uitzetten: Extensies voor bekende bestandstypen verbergen

    Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
    Selecteer: Verborgen bestanden en mappen weergeven

    Druk daarna op [b:482fed5e90]Toepassen[/b:482fed5e90] gevolgd door [b:482fed5e90]Ok[/b:482fed5e90].

    Verwijder de volgende directories/bestanden: indien aanwezig.
    C:\Program Files\[b:482fed5e90]webHancer\[/b:482fed5e90]\

    C:\Program Files\Common Files\[b:482fed5e90]BOONTY Shared\[/b:482fed5e90]\
    C:\WINDOWS\system32\[b:482fed5e90]kmdsrngn.exe[/b:482fed5e90]
    C:\WINDOWS\system32\[b:482fed5e90]mwinnlds.exe[/b:482fed5e90]


    Download [b:482fed5e90]Combofix[/b:482fed5e90] naar je Bureaublad.
    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:482fed5e90]download Combofix opnieuw[/b:482fed5e90]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:482fed5e90]
    Dubbelklik op [b:482fed5e90]Combofix.exe[/b:482fed5e90]
    Volg de instructies, aanvaard de disclaimer door [b:482fed5e90]1[/b:482fed5e90] (continue) te typen, gevolgd door [b:482fed5e90]ENTER[/b:482fed5e90].
    Tijdens het runnen van de fix, [b:482fed5e90]NIET[/b:482fed5e90] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:482fed5e90]
    Wanneer de fix voltooid is en na herstart, zal de log [b:482fed5e90]combofix.txt[/b:482fed5e90] openen.
    [i:482fed5e90]Plaats dit log in je volgende post samen met een nieuw HijackThis log.[/i:482fed5e90]
  • [quote:2e4f6fbf99="juisterr"]Voer de volgende acties eerst uit:
    Klik op Start -> (Settings) -> Configuratiescherm -> Software en verwijder het volgende programma:
    [b:2e4f6fbf99]WebHancer
    Enhanced Ads by Think-Adz removal
    Think-Adz Search Assistant removal
    [/b:2e4f6fbf99]

    start opnieuw op[/quote:2e4f6fbf99]

    dat was al weg. had ik tijdje terug al gedaan.
    heb het net voor de zekerheid nog een keertje gecheckt,maar staat er idd niet meer tussen.

    wat kan ik nu doen als volgende stap?

    alvast bedankt voor de hulp

    doei doei saskia
  • oke ik heb alle stappen uitgevoerd :D
    hieronder de combofix log en de hijackthis log

    ComboFix 08-01-29.2 - Niels Vaneker 2008-01-29 1:40:52.1 - NTFSx86
    Gestart vanuit: C:\Documents and Settings\Niels Vaneker\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt

    [b:6efa763497]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:6efa763497][/color:6efa763497]
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Niels Vaneker\Menu Start\Programma's\Opstarten\think-adz.lnk
    C:\Program Files\webhancer
    C:\Program Files\webhancer\Programs\webhdll.dll
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\Downloaded Program Files\UDC6M_0001_D19M0709NetInstaller.exe
    C:\WINDOWS\mportv.ini
    C:\WINDOWS\system32\msnav32.ax
    C:\WINDOWS\system32\tmp1A.tmp.dll
    C:\WINDOWS\system32\tmp1E.tmp.dll
    C:\WINDOWS\system32\tmp3.tmp.dll
    C:\WINDOWS\system32\tmp358.tmp.dll
    C:\WINDOWS\system32\tmpD.tmp.dll
    C:\WINDOWS\system32\winpfz32.sys
    C:\WINDOWS\system32\zxdnt3d.cfg
    C:\WINDOWS\vtropm.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    ——-\LEGACY_DOMAINSERVICE
    ——-\DomainService


    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-28 to 2008-01-29 ))))))))))))))))))))))))))))))
    .

    2008-01-29 01:20 . 2008-01-29 01:20 <DIR> d——– C:\backups
    2008-01-28 21:23 . 2008-01-28 21:23 396,288 –a—— C:\HijackThis.exe
    2008-01-27 23:10 . 2008-01-27 23:10 <DIR> d——– C:\MSN Emoticons
    2008-01-12 20:54 . 2008-01-27 20:18 54,156 –ah—– C:\WINDOWS\QTFont.qfn
    2008-01-12 20:54 . 2008-01-12 20:54 1,409 –a—— C:\WINDOWS\QTFont.for

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-28 07:26 ——— d—–w C:\Documents and Settings\Niels Vaneker\Application Data\AVG7
    2008-01-15 18:33 ——— d—–w C:\Program Files\Ahead
    2007-12-04 13:20 ——— d—–w C:\Documents and Settings\Niels Vaneker\Application Data\Adssite Advanced Toolbar
    2007-12-04 10:03 ——— d—–w C:\Program Files\Lavasoft
    2007-12-04 10:02 ——— d—–w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
    2007-06-20 11:50 77,111 —-a-w C:\Program Files\client.rar
    2007-04-04 17:16 80 –sh–r C:\WINDOWS\system32\989048624E.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 13:28 1961984]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-23 17:21 67128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 14:32 225280]
    "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 09:26 489472]
    "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33 73728]
    "QuickTime Task"="D:\qttask.exe" [2007-06-29 05:24 286720]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
    "{E7-7E-E9-94-ZN}"="C:\WINDOWS\system32\kmdsrngn.exe" [ ]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-28 08:26 579072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:03 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-26 07:25 219136]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
    –a—— 2004-11-01 16:22 262144 C:\WINDOWS\system32\ElkCtrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
    C:\WINDOWS\vtropm.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
    ——— 2003-12-31 15:39 40960 C:\WINDOWS\vsnpstd.exe

    R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 14:37]
    S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\wg11tnd5.sys []
    S3 ATHFMWDL;NETGEAR WG111T bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys []
    S3 ctlsb16;Creative SB16/AWE32/AWE64-stuurprogramma (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 21:19]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 11:10]
    S4 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" []

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-29 01:49:25
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ———————— Other Running Processes ————————
    .
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\CameraAssistant.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-01-29 1:52:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-29 00:52:07
    .
    2008-01-05 09:33:01 — E O F —




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:54:55, on 29-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\ComboFix\kmd.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\CameraAssistant.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [{E7-7E-E9-94-ZN}] C:\WINDOWS\system32\kmdsrngn.exe P2D002
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Save with Download Manager… - file://C:\Program Files\J River\Media Center 11\DMDownload.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com
    esources/MsnPUpld.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)


    End of file - 5431 bytes



    is er nu nog iets wat ik moet doen?
    doei doei saskia
  • alleen dit nog even.


    Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:df6dd26d6f][b:df6dd26d6f]
    C:\WINDOWS\vtropm.dll
    C:\WINDOWS\system32\kmdsrngn.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]


    [/color:df6dd26d6f][/b:df6dd26d6f]

    [/list:u:df6dd26d6f]Sla dit op op je Bureaublad als [b:df6dd26d6f]CFScript.txt[/b:df6dd26d6f].

    Sleep [b:df6dd26d6f]CFScript.txt[/b:df6dd26d6f] in [b:df6dd26d6f]ComboFix.exe[/b:df6dd26d6f] zoals getoond in onderstaand voorbeeld :

    [img:df6dd26d6f]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:df6dd26d6f]

    Dit zal [b:df6dd26d6f]ComboFix[/b:df6dd26d6f] doen herstarten.

    Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van [b:df6dd26d6f]Combofix.txt[/b:df6dd26d6f] in je volgende antwoord.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.