Vraag & Antwoord

Beveiliging & privacy

hotoffers hijack log

Anoniem
None
8 antwoorden
 • ik wordt al een paar dagen gefrustreerd van een andere startpagina. Na Hitman pro te hebben gedraaid is hij nog niet weg. Hier is mijn log

  Logfile of HijackThis v1.99.1
  Scan saved at 22:20:01, on 03/14/2005
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
  C:\Program Files\Winamp3\winampa.exe
  C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
  C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
  C:\Program Files\Logitech\Video\LogiTray.exe
  C:\PROGRA~1\Support.com\bin\tgcmd.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
  C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
  C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\WINDOWS\System32\ctfmon.exe
  C:\Program Files\Hitman Pro\srhelper.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  C:\Program Files\WinZip\WZQKPICK.EXE
  C:\WINDOWS\System32\LVComS.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
  C:\WINDOWS\System32\wuauclt.exe
  C:\WINDOWS\System32\ping.exe
  C:\Program Files\Azureus\Azureus.exe
  C:\Program Files\Java\jre1.5.0_01\bin\javaw.exe
  C:\WINDOWS\System32\ping.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
  C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
  C:\PROGRA~1\Logitech\Video\AlbumDB2.exe
  C:\PROGRA~1\Logitech\Video\FxSvr2.exe
  F:\Hijackthis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/179/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
  O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
  O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
  O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
  O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
  O4 - HKLM\..\Run: [tgcmd] "C:\PROGRA~1\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
  O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
  O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "C:\Program Files\Hitman Pro\srhelper.exe"
  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
  O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/QuickFix2/asp/chelloInstall.CAB
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

  Misschien kan iemand me helpen?

  Johan
 • Download SilentRunners.
  Unzip het naar een eigen map.
  Klik op silentrunners.vbs om het te starten.
  Er wordt een bestand aangemaakt dat Startup Programs… noemt. Post de inhoud.

  Maak een nieuwe hijackthislog en post deze ook.
 • Dit is de inhoud van silent runners

  "Silent Runners.vbs", revision 32, http://www.silentrunners.org/
  Operating System: Windows XP
  Output limited to non-default values, except where indicated by "{++}"


  Startup items buried in registry:
  ———————————

  HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
  "CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
  "Hitman Pro SurfRight Helper" = ""C:\Program Files\Hitman Pro\srhelper.exe"" [null data]

  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
  "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" ["Sun Microsystems, Inc."]
  "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
  "WinampAgent" = ""C:\Program Files\Winamp3\winampa.exe"" [null data]
  "CloneCDTray" = ""C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."]
  "HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
  "HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"" ["Hewlett-Packard"]
  "HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"]
  "LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" ["Logitech Inc."]
  "LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
  "tgcmd" = ""C:\PROGRA~1\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf" ["Support.com, Inc."]
  "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]
  "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
  "WinPatrol" = ""C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"" ["BillP Studios"]
  "gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
  "Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs LLC"]

  En hier is de nieuwe log van hijack this

  Logfile of HijackThis v1.99.1
  Scan saved at 23:08:52, on 03/14/2005
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
  C:\Program Files\Winamp3\winampa.exe
  C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
  C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
  C:\Program Files\Logitech\Video\LogiTray.exe
  C:\PROGRA~1\Support.com\bin\tgcmd.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
  C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\WINDOWS\System32\ctfmon.exe
  C:\Program Files\Hitman Pro\srhelper.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  C:\Program Files\WinZip\WZQKPICK.EXE
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\WINDOWS\System32\LVComS.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
  C:\WINDOWS\System32\wuauclt.exe
  C:\Program Files\Azureus\Azureus.exe
  C:\Program Files\Java\jre1.5.0_01\bin\javaw.exe
  C:\WINDOWS\System32\ping.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  F:\Hijackthis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/179/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
  O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
  O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
  O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
  O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
  O4 - HKLM\..\Run: [tgcmd] "C:\PROGRA~1\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
  O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
  O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "C:\Program Files\Hitman Pro\srhelper.exe"
  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
  O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/QuickFix2/asp/chelloInstall.CAB
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 • Logje van Silent Runners lijkt me niet compleet.
 • hier is nogmaals de log van silent runners

  "Silent Runners.vbs", revision 32, http://www.silentrunners.org/
  Operating System: Windows XP
  Output limited to non-default values, except where indicated by "{++}"


  Startup items buried in registry:
  ———————————

  HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
  "CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
  "Hitman Pro SurfRight Helper" = ""C:\Program Files\Hitman Pro\srhelper.exe"" [null data]

  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
  "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" ["Sun Microsystems, Inc."]
  "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
  "WinampAgent" = ""C:\Program Files\Winamp3\winampa.exe"" [null data]
  "CloneCDTray" = ""C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."]
  "HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
  "HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"" ["Hewlett-Packard"]
  "HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"]
  "LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" ["Logitech Inc."]
  "LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
  "tgcmd" = ""C:\PROGRA~1\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf" ["Support.com, Inc."]
  "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]
  "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
  "WinPatrol" = ""C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"" ["BillP Studios"]
  "gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
  "Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs LLC"]

  HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
  {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

  HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
  "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Configuratiescherm-uitbreiding Beeldscherm-panning"
  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
  "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-pictogramuitbreiding"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
  "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
  "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
  "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
  "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
  "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
  "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
  "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
  "{596AB062-B4D2-4215-9F74-E9109B0A8153}" = "Previous Versions Property Page"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\twext.dll" [file not found]
  "{9DB7A13C-F208-4981-8353-73CC61AE2783}" = "Previous Versions"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\twext.dll" [file not found]
  "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
  "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
  "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
  "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

  HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
  INFECTION WARNING! "{12345678-0000-0010-8000-00AAFF6D2EA4}" = "Sysctl Desktop Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\systr.dll" [null data]


  Startup items in "Johan" & "All Users" startup folders:
  ——————————————————-

  C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
  "Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]
  "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
  "WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]


  Running Services (Display Name, Service Name, Path {Service DLL}):
  ——————————————————————

  AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
  AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
  Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
  TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs LLC"]


  Winsock2 Service Provider DLLs:
  ——————————-

  Namespace Service Providers

  HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
  000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
  000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
  000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

  Transport Service Providers

  HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
  0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
  %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
  %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


  ———-
  This report excludes default entries except where indicated.
  To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
  ———-

  Is hij nu compleet?
  Johan
 • Hallo Johan,

  Nu is het logje compleet. Hier is je fix. Heb je ergens problemen, meld je dan terug.

  Open een klablokbestand.
  Kopieer onderstaande code in dit kladblokbestand.
  Ga naar Bestand - Opslaan als.
  Bij "Opslaan in" kies je: Bureaublad
  Bij "Bestandsnaam" zet je: fix.reg
  Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
  Klik op de knop Opslaan.

  [code:1:6b111543cf]REGEDIT4

  [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12345678-0000-0010-8000-00AAFF6D2EA4}]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
  "{12345678-0000-0010-8000-00AAFF6D2EA4}"=-
  [/code:1:6b111543cf]
  Gebruik het regfiletje nog niet.

  Download Pocket KillBox.
  Unzip het programma naar je bureaublad.
  Klik op killbox.exe.
  Selecteer de optie "Delete on reboot".
  In het veld "Full path of file to delete" Kopieer en plak je het volgende:
  [code:1:6b111543cf]
  C:\WINDOWS\System32\systr.dll
  [/code:1:6b111543cf]
  Plaats een vinkje bij "Unregister .dll before deletion"
  Klik op de knop met de rode cirkel en het witte kruis.
  Wanneer het programma vraagt om nu te rebooten, geef je hier toestemming voor. Klik op de knop "YES".
  De computer zal nu opnieuw starten.

  Wanneer de computer opnieuw opgestart is start je Hijackthis en laat volgende fixen:
  [b:6b111543cf]
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/179/
  [/b:6b111543cf]

  Dubbelklik nu op de fix.reg file (op je bureaublad) en laat de wijzigingen aan het register toevoegen.

  Herstart de computer maak een nieuwe hijackthislog en post deze.
  Vertel me hoe de situatie nu is.

  Succes.
  Marc
 • De link is er nu uit. Als dit de oplossing was dan dank ik je hartelijk.

  Hier is de log van hijack this

  Logfile of HijackThis v1.99.1
  Scan saved at 19:45:33, on 03/15/2005
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
  C:\Program Files\Winamp3\winampa.exe
  C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
  C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
  C:\Program Files\Logitech\Video\LogiTray.exe
  C:\PROGRA~1\Support.com\bin\tgcmd.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
  C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
  C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\WINDOWS\System32\ctfmon.exe
  C:\Program Files\Hitman Pro\srhelper.exe
  C:\Program Files\WinZip\WZQKPICK.EXE
  C:\WINDOWS\System32\LVComS.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
  C:\PROGRA~1\Logitech\Video\AlbumDB2.exe
  C:\PROGRA~1\Logitech\Video\FxSvr2.exe
  C:\WINDOWS\System32\wuauclt.exe
  F:\Hijackthis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
  O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
  O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
  O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
  O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
  O4 - HKLM\..\Run: [tgcmd] "C:\PROGRA~1\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
  O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
  O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "C:\Program Files\Hitman Pro\srhelper.exe"
  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
  O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/QuickFix2/asp/chelloInstall.CAB
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


  Gr. Johan
 • Ziet er weer goed uit.

  Maak je Temp-map leeg: Start - Uitvoeren tik in: %TEMP%.
  Selecteer alle bestanden in deze map en verwijder ze.

  Ledig de map met tijdelijke internetbestanden: Configuratiescherm - Internetopties - tabblad Algemeen - klik bij Tijdelijke internetbestanden op Bestanden Verwijderen.

  Maak je Prullenbak leeg.

  Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
  Systeemherstel uitschakelen.

  Bezoek regelmatig de Windows Update Site. Alleen zo ben je zeker dat je de nieuwste patches voor je besturingssysteem geïnstalleerd hebt. Als er nieuwe updates beschikbaar zijn, dan dowload en installeer je alle essentiële updates en service packs. Reboot je computer en controleer opnieuw. Herhaal deze procedure tot dat er geen essentiële updates meer zijn.

  Installeer ook SpywareBlaster en Spywareguard.
  Gebruik je de laatste versie van Spybot Search & Destroy, en je maakt gebruik van de realtime protectie TeaTimer, dan moet je Spywareguard niet installeren.
  Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier.

  groeten,
  Marc

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.