Vraag & Antwoord
Highkackthis log
5 antwoorden
- Ook ik ben besmet, zelfs zo erg dat ik enorm problemen heb met het openen van highjackthis zelf.
Ik heb de highjack this nu wel op mijn pc, echter op het moment dat ik het open verdwijnt het enorm snel weer.
Het is me toch gelukt een txt logfile te maken.
Maar ook die "floept"meteen weer weg als ik die tracht te bekijken.
Maar ook dat is me door snel te zijn wel gelukt en heb dat opnieuw gesaved als een .doc.
Ook als ik bv misc-tools wil openen krijg ik niet te tijd te reageren, het is openen en gelijk weer sluiten.
Hier in ieder geval dan toch mijn logfile.
Probleem is de CiD advertisement shit en de internet infectie popup en de vraag of ik de protection wil installeren.
Hoewel………….waar is het gebleven ???, ik zie nu ineens rechtsonder niet meer het windows firewall icoontje meer !!
Wat moet ik doen om van al die vervelende popups af te komen?
Let wel, werken met highjachthis gaat nauuwelijks…..
Oh ja,
Ik heb ook last van 6 folders in mijn favarieten die ik kwijt wil( cool stuff-travel-shopping gifts-internet…enz)
Logfile of HijackThis v1.99.1
Scan saved at 21:05, on 2007-06-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vmaxhrel.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ipmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ipmon.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNAC~1\PPE.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Blehbitsinternetidol] C:\Documents and Settings\All Users.WINDOWS\Application Data\body flag bleh bits\BONEDELETE.exe
O4 - HKLM\..\Run: [mwinpcv] apicodhc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\quecmkqt.dll",realset
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Maillove] C:\DOCUME~1\Home\APPLIC~1\01POKE~1\Bird Boob Bits.exe
O4 - HKCU\..\Run: [mwinpcv] apicodhc.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Zaznod] "C:\Program Files\Common Files\M?crosoft\m?iexec.exe"
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://static.waverevenue.com/website.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{326C78D6-7EA6-4035-BBA0-AE2E5AA35D4E}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CCA6280-1D63-4A93-902F-9741F138A849}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{326C78D6-7EA6-4035-BBA0-AE2E5AA35D4E}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{326C78D6-7EA6-4035-BBA0-AE2E5AA35D4E}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{326C78D6-7EA6-4035-BBA0-AE2E5AA35D4E}: NameServer = 192.168.1.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\vmaxhrel.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe - Download [b:8962cec592]VirtumundoBegone[/b:8962cec592], sla dit op op je bureaublad.
Dubbelklik op [b:8962cec592]VirtumundoBeGone.exe[/b:8962cec592] en volg de aanwijzingen.
Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
Als de fix klaar is, start je de pc opnieuw op.
Plaats de inhoud van het logbestand [b:8962cec592]VBG.TXT[/b:8962cec592], dat nu op je bureaublad staat, hier in je volgende bericht.
Download:
Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.
Er zal een schermpje openen, daarin zullen snel enkele regels voorbijkomen, daarna zal dit scherm vanzelf sluiten, dit is normaal.
[b:8962cec592]Mogelijk[/b:8962cec592] start er ook een uninstaller van een rogue scanner op, [b:8962cec592]sluit deze niet af[/b:8962cec592] maar volg eventuele aanwijzingen en laat deze zijn werk doen.
Daarna de [b:8962cec592]PC herstarten[/b:8962cec592] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken.
Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
[b:8962cec592]O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Blehbitsinternetidol] C:\Documents and Settings\All Users.WINDOWS\Application Data\body flag bleh bits\BONEDELETE.exe
O4 - HKLM\..\Run: [mwinpcv] apicodhc.exe
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\quecmkqt.dll",realset
O4 - HKCU\..\Run: [Maillove] C:\DOCUME~1\Home\APPLIC~1\01POKE~1\Bird Boob Bits.exe
O4 - HKCU\..\Run: [mwinpcv] apicodhc.exe
O4 - HKCU\..\Run: [Zaznod] "C:\Program Files\Common Files\M?crosoft\m?iexec.exe"
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://static.waverevenue.com/website.cab [/b:8962cec592]
Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.
Herstart nogmaals je computer.
Zoek daarna even het volgende bestand op C:\[b:8962cec592]RVAXO-results.log[/b:8962cec592]
Dubbelklik dit bestand, het zal als een logje openen, post de inhoud in je volgende bericht tesamen met een logje van HijackThis. - Deel één heb ik uitgevoerd, hier de log:
[06/29/2007, 17:27:24] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Home\Bureaublad\VirtumundoBeGone.exe" )
[06/29/2007, 17:27:31] - Detected System Information:
[06/29/2007, 17:27:31] - Windows Version: 5.1.2600, Service Pack 2
[06/29/2007, 17:27:31] - Current Username: Home (Admin)
[06/29/2007, 17:27:31] - Windows is in NORMAL mode.
[06/29/2007, 17:27:31] - Searching for Browser Helper Objects:
[06/29/2007, 17:27:31] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/29/2007, 17:27:31] - BHO 2: {2F7E70C9-C853-426F-8D53-DEB791BBDABB} ()
[06/29/2007, 17:27:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:31] - No filename found. Continuing.
[06/29/2007, 17:27:31] - BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[06/29/2007, 17:27:31] - BHO 4: {5327D454-B907-43DA-8FEE-0277DEC38B3A} ()
[06/29/2007, 17:27:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:31] - Checking for HKLM\…\Winlogon\Notify\jkkjh
[06/29/2007, 17:27:31] - Found: HKLM\…\Winlogon\Notify\jkkjh - This is probably Virtumundo.
[06/29/2007, 17:27:31] - Assigning {5327D454-B907-43DA-8FEE-0277DEC38B3A} MSEvents Object
[06/29/2007, 17:27:31] - BHO list has been changed! Starting over…
[06/29/2007, 17:27:31] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/29/2007, 17:27:31] - BHO 2: {2F7E70C9-C853-426F-8D53-DEB791BBDABB} ()
[06/29/2007, 17:27:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:31] - No filename found. Continuing.
[06/29/2007, 17:27:31] - BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[06/29/2007, 17:27:31] - BHO 4: {5327D454-B907-43DA-8FEE-0277DEC38B3A} (MSEvents Object)
[06/29/2007, 17:27:31] - ALERT: Found MSEvents Object!
[06/29/2007, 17:27:31] - BHO 5: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/29/2007, 17:27:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:31] - Checking for HKLM\…\Winlogon\Notify\piowvvwn
[06/29/2007, 17:27:31] - Key not found: HKLM\…\Winlogon\Notify\piowvvwn, continuing.
[06/29/2007, 17:27:31] - BHO 6: {6277E6E7-672F-4C51-B721-08F6B3D76B12} ()
[06/29/2007, 17:27:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:31] - No filename found. Continuing.
[06/29/2007, 17:27:31] - BHO 7: {65E8D911-38A9-4106-A14B-6DE33D92FABA} ()
[06/29/2007, 17:27:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:31] - No filename found. Continuing.
[06/29/2007, 17:27:31] - BHO 8: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (EWPBrowseObject Class)
[06/29/2007, 17:27:31] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/29/2007, 17:27:31] - BHO 10: {8A61098D-612B-4EF2-943D-64E920684061} ()
[06/29/2007, 17:27:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:31] - Checking for HKLM\…\Winlogon\Notify\ljjheba
[06/29/2007, 17:27:31] - Found: HKLM\…\Winlogon\Notify\ljjheba - This is probably Virtumundo.
[06/29/2007, 17:27:31] - Assigning {8A61098D-612B-4EF2-943D-64E920684061} MSEvents Object
[06/29/2007, 17:27:31] - BHO list has been changed! Starting over…
[06/29/2007, 17:27:31] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/29/2007, 17:27:31] - BHO 2: {2F7E70C9-C853-426F-8D53-DEB791BBDABB} ()
[06/29/2007, 17:27:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:31] - No filename found. Continuing.
[06/29/2007, 17:27:31] - BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[06/29/2007, 17:27:31] - BHO 4: {5327D454-B907-43DA-8FEE-0277DEC38B3A} (MSEvents Object)
[06/29/2007, 17:27:31] - ALERT: Found MSEvents Object!
[06/29/2007, 17:27:31] - BHO 5: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/29/2007, 17:27:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:31] - Checking for HKLM\…\Winlogon\Notify\piowvvwn
[06/29/2007, 17:27:31] - Key not found: HKLM\…\Winlogon\Notify\piowvvwn, continuing.
[06/29/2007, 17:27:31] - BHO 6: {6277E6E7-672F-4C51-B721-08F6B3D76B12} ()
[06/29/2007, 17:27:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:31] - No filename found. Continuing.
[06/29/2007, 17:27:31] - BHO 7: {65E8D911-38A9-4106-A14B-6DE33D92FABA} ()
[06/29/2007, 17:27:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:31] - No filename found. Continuing.
[06/29/2007, 17:27:31] - BHO 8: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (EWPBrowseObject Class)
[06/29/2007, 17:27:31] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/29/2007, 17:27:31] - BHO 10: {8A61098D-612B-4EF2-943D-64E920684061} (MSEvents Object)
[06/29/2007, 17:27:31] - ALERT: Found MSEvents Object!
[06/29/2007, 17:27:31] - BHO 11: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/29/2007, 17:27:31] - BHO 12: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/29/2007, 17:27:31] - BHO 13: {B7016912-DBDA-D10B-DB0E-FDADAF9420B0} ()
[06/29/2007, 17:27:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:31] - No filename found. Continuing.
[06/29/2007, 17:27:31] - BHO 14: {D1159422-16E3-462F-A93D-FB718E100408} ()
[06/29/2007, 17:27:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:31] - Checking for HKLM\…\Winlogon\Notify\d3dxim
[06/29/2007, 17:27:31] - Key not found: HKLM\…\Winlogon\Notify\d3dxim, continuing.
[06/29/2007, 17:27:31] - Finished Searching Browser Helper Objects
[06/29/2007, 17:27:31] - *** Detected MSEvents Object
[06/29/2007, 17:27:31] - Trying to remove MSEvents Object…
[06/29/2007, 17:27:32] - Terminating Process: IEXPLORE.EXE
[06/29/2007, 17:27:33] - Terminating Process: RUNDLL32.EXE
[06/29/2007, 17:27:34] - Disabling Automatic Shell Restart
[06/29/2007, 17:27:34] - Terminating Process: EXPLORER.EXE
[06/29/2007, 17:27:34] - Suspending the NT Session Manager System Service
[06/29/2007, 17:27:34] - Terminating Windows NT Logon/Logoff Manager
[06/29/2007, 17:27:34] - Re-enabling Automatic Shell Restart
[06/29/2007, 17:27:34] - File to disable: C:\WINDOWS\system32\jkkjh.dll
[06/29/2007, 17:27:34] - Renaming C:\WINDOWS\system32\jkkjh.dll -> C:\WINDOWS\system32\jkkjh.dll.vir
[06/29/2007, 17:27:34] - File successfully renamed!
[06/29/2007, 17:27:34] - Removing HKLM\…\Browser Helper Objects\{5327D454-B907-43DA-8FEE-0277DEC38B3A}
[06/29/2007, 17:27:34] - Removing HKCR\CLSID\{5327D454-B907-43DA-8FEE-0277DEC38B3A}
[06/29/2007, 17:27:34] - Adding Kill Bit for ActiveX for GUID: {5327D454-B907-43DA-8FEE-0277DEC38B3A}
[06/29/2007, 17:27:34] - Deleting ATLEvents/MSEvents Registry entries
[06/29/2007, 17:27:34] - Removing HKLM\…\Winlogon\Notify\jkkjh
[06/29/2007, 17:27:34] - Searching for Browser Helper Objects:
[06/29/2007, 17:27:34] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/29/2007, 17:27:34] - BHO 2: {2F7E70C9-C853-426F-8D53-DEB791BBDABB} ()
[06/29/2007, 17:27:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:34] - No filename found. Continuing.
[06/29/2007, 17:27:34] - BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[06/29/2007, 17:27:34] - BHO 4: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/29/2007, 17:27:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:34] - Checking for HKLM\…\Winlogon\Notify\piowvvwn
[06/29/2007, 17:27:34] - Key not found: HKLM\…\Winlogon\Notify\piowvvwn, continuing.
[06/29/2007, 17:27:34] - BHO 5: {6277E6E7-672F-4C51-B721-08F6B3D76B12} ()
[06/29/2007, 17:27:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:34] - No filename found. Continuing.
[06/29/2007, 17:27:34] - BHO 6: {65E8D911-38A9-4106-A14B-6DE33D92FABA} ()
[06/29/2007, 17:27:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:34] - No filename found. Continuing.
[06/29/2007, 17:27:34] - BHO 7: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (EWPBrowseObject Class)
[06/29/2007, 17:27:34] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/29/2007, 17:27:34] - BHO 9: {8A61098D-612B-4EF2-943D-64E920684061} (MSEvents Object)
[06/29/2007, 17:27:34] - ALERT: Found MSEvents Object!
[06/29/2007, 17:27:34] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/29/2007, 17:27:34] - BHO 11: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/29/2007, 17:27:34] - BHO 12: {B7016912-DBDA-D10B-DB0E-FDADAF9420B0} ()
[06/29/2007, 17:27:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:34] - No filename found. Continuing.
[06/29/2007, 17:27:34] - BHO 13: {D1159422-16E3-462F-A93D-FB718E100408} ()
[06/29/2007, 17:27:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:34] - Checking for HKLM\…\Winlogon\Notify\d3dxim
[06/29/2007, 17:27:34] - Key not found: HKLM\…\Winlogon\Notify\d3dxim, continuing.
[06/29/2007, 17:27:34] - Finished Searching Browser Helper Objects
[06/29/2007, 17:27:34] - *** Detected MSEvents Object
[06/29/2007, 17:27:34] - Trying to remove MSEvents Object…
[06/29/2007, 17:27:35] - Terminating Process: IEXPLORE.EXE
[06/29/2007, 17:27:36] - Terminating Process: RUNDLL32.EXE
[06/29/2007, 17:27:36] - Disabling Automatic Shell Restart
[06/29/2007, 17:27:36] - Terminating Process: EXPLORER.EXE
[06/29/2007, 17:27:36] - Suspending the NT Session Manager System Service
[06/29/2007, 17:27:36] - Terminating Windows NT Logon/Logoff Manager
[06/29/2007, 17:27:36] - Re-enabling Automatic Shell Restart
[06/29/2007, 17:27:36] - File to disable: C:\WINDOWS\system32\ljjheba.dll
[06/29/2007, 17:27:36] - Renaming C:\WINDOWS\system32\ljjheba.dll -> C:\WINDOWS\system32\ljjheba.dll.vir
[06/29/2007, 17:27:36] - File successfully renamed!
[06/29/2007, 17:27:36] - Removing HKLM\…\Browser Helper Objects\{8A61098D-612B-4EF2-943D-64E920684061}
[06/29/2007, 17:27:36] - Removing HKCR\CLSID\{8A61098D-612B-4EF2-943D-64E920684061}
[06/29/2007, 17:27:36] - Adding Kill Bit for ActiveX for GUID: {8A61098D-612B-4EF2-943D-64E920684061}
[06/29/2007, 17:27:36] - Deleting ATLEvents/MSEvents Registry entries
[06/29/2007, 17:27:36] - Removing HKLM\…\Winlogon\Notify\ljjheba
[06/29/2007, 17:27:36] - Searching for Browser Helper Objects:
[06/29/2007, 17:27:36] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/29/2007, 17:27:36] - BHO 2: {2F7E70C9-C853-426F-8D53-DEB791BBDABB} ()
[06/29/2007, 17:27:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:36] - No filename found. Continuing.
[06/29/2007, 17:27:36] - BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[06/29/2007, 17:27:36] - BHO 4: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/29/2007, 17:27:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:36] - Checking for HKLM\…\Winlogon\Notify\piowvvwn
[06/29/2007, 17:27:36] - Key not found: HKLM\…\Winlogon\Notify\piowvvwn, continuing.
[06/29/2007, 17:27:36] - BHO 5: {6277E6E7-672F-4C51-B721-08F6B3D76B12} ()
[06/29/2007, 17:27:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:36] - No filename found. Continuing.
[06/29/2007, 17:27:36] - BHO 6: {65E8D911-38A9-4106-A14B-6DE33D92FABA} ()
[06/29/2007, 17:27:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:36] - No filename found. Continuing.
[06/29/2007, 17:27:36] - BHO 7: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (EWPBrowseObject Class)
[06/29/2007, 17:27:36] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/29/2007, 17:27:36] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/29/2007, 17:27:36] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/29/2007, 17:27:36] - BHO 11: {B7016912-DBDA-D10B-DB0E-FDADAF9420B0} ()
[06/29/2007, 17:27:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:36] - No filename found. Continuing.
[06/29/2007, 17:27:36] - BHO 12: {D1159422-16E3-462F-A93D-FB718E100408} ()
[06/29/2007, 17:27:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/29/2007, 17:27:36] - Checking for HKLM\…\Winlogon\Notify\d3dxim
[06/29/2007, 17:27:36] - Key not found: HKLM\…\Winlogon\Notify\d3dxim, continuing.
[06/29/2007, 17:27:36] - Finished Searching Browser Helper Objects
[06/29/2007, 17:27:36] - Finishing up…
[06/29/2007, 17:27:36] - A restart is needed.
[06/29/2007, 17:27:50] - Attempting to Restart via STOP error (Blue Screen!) - Ook stap 2 en 3 zijn klaar:
—————-RemoveVideoActiveXObject.exe first run————-
Files found:
C:\WINDOWS\system32\d3dxim.dll
C:\WINDOWS\system32\jkkjh.dll.vir
C:\WINDOWS\system32\ljjheba.dll.vir
C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\uvvwa.ini2
C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\ijjlm.bak1
C:\WINDOWS\system32\ghhkj.bak2
C:\WINDOWS\system32\hjkkj.bak2
C:\WINDOWS\g1234703.exe
C:\WINDOWS\g14704500.exe
C:\WINDOWS\g156359.exe
C:\WINDOWS\g159156.exe
C:\WINDOWS\g1718609.exe
C:\WINDOWS\g2226062.exe
C:\WINDOWS\g2563765.exe
C:\WINDOWS\g274187.exe
C:\WINDOWS\g288062.exe
C:\WINDOWS\g397234.exe
C:\WINDOWS\g531687.exe
C:\WINDOWS\g565937.exe
C:\WINDOWS\system32\wudb.dll
C:\WINDOWS\system32\ipmon.exe
Uninstallers Rogue scanners:
Folders Found:
C:\Program Files\WinPop
————–RemoveVideoActiveXObject.exe last run—————
Files found:
Uninstallers Rogue scanners:
Folders Found:
En hier de laatse highjack this
Logfile of HijackThis v1.99.1
Scan saved at 17:50, on 2007-06-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Home\Bureaublad\Spy en antivirus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F7E70C9-C853-426F-8D53-DEB791BBDABB} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\piowvvwn.dll
O2 - BHO: (no name) - {6277E6E7-672F-4C51-B721-08F6B3D76B12} - (no file)
O2 - BHO: (no name) - {65E8D911-38A9-4106-A14B-6DE33D92FABA} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B7016912-DBDA-D10B-DB0E-FDADAF9420B0} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNAC~1\PPE.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{326C78D6-7EA6-4035-BBA0-AE2E5AA35D4E}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CCA6280-1D63-4A93-902F-9741F138A849}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{326C78D6-7EA6-4035-BBA0-AE2E5AA35D4E}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{326C78D6-7EA6-4035-BBA0-AE2E5AA35D4E}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{326C78D6-7EA6-4035-BBA0-AE2E5AA35D4E}: NameServer = 192.168.1.1
O20 - Winlogon Notify: awvvu - C:\WINDOWS\
O20 - Winlogon Notify: bddaeeeeabcf - C:\WINDOWS\system32\bddaeeeeabcf.dll
O20 - Winlogon Notify: mljji - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe - Het ziet er allemaal weer erg goed uit.
Ik heb even het weekend afgewacht maar:
Geen vervelende ongewenste folders in de favorites
Geen CiD reclame popups meer.
Geen windows-achtig popup om de paar minuten over virus infectie en dat ik beslist een of andere protectie moet installeren.
En last but not least……………de snelheid is weer als vanouds.
Mijn dank aan Smeenk, alles wat hij voorstelde liep gesmeerd en het eindresultaat is geweldig.
M.v.g.
Ad
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
