wel verbinding, geen site

Status
Niet open voor verdere reacties.
R

rudolf100

Gebruiker
Lid geworden
11 aug 2003
Berichten
129
Ik kom net bij een vriend vandaan die gisteren adsl heeft geïnstalleerd.

Na installatie kon hij direct surfen over het net.
Vanmorgen lukte dat niet meer. De aanmelding bij wanadoo gaat heel vlot maar een pagina krijgt hij niet op het scherm. Welk adres ook wordt ingetikt, hij krijgt telkens de melding "kan pagina niet vinden"

Waarom kon hij na installatie wel surfen en nu geen site meer vinden?

Hier is het log:


Logfile of HijackThis v1.98.2
Scan saved at 22:04:43, on 8-11-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\Imapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\winssv.exe
C:\WINDOWS\System32\csdata32.exe
C:\WINDOWS\System32\videosd32.exe
C:\WINDOWS\System32\sysrestore.exe
C:\WINDOWS\System32\regexpress.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system\lsvchost.exe
C:\WINDOWS\System32\WINIUPDATES.EXE
C:\WINDOWS\System32\winaiva.exe
C:\WINDOWS\System32\wupdmgr32.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ctpdehwhekthrolyr.uk/F9J...oIgvA_3R0bR.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WinInit] Win86.exe
O4 - HKLM\..\Run: [WinLogin] win32x.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\Run: [.mscdsr] C:\WINDOWS\system\lsvchost.exe
O4 - HKLM\..\Run: [Microsoft Windows Updater] WINIUPDATES.EXE
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [] winaiva.exe
O4 - HKLM\..\Run: [MS SyS Restore] sysrestore.exe
O4 - HKLM\..\Run: [Win32 USB2.0 Driver] w32usb2.exe
O4 - HKLM\..\Run: [Windows Update Manager for NT] wupdmgr32.exe
O4 - HKLM\..\Run: [Windows Registry Express Loader] regexpress.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunServices: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] WINIUPDATES.EXE
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunServices: [] winaiva.exe
O4 - HKLM\..\RunServices: [MS SyS Restore] sysrestore.exe
O4 - HKLM\..\RunServices: [Win32 USB2.0 Driver] w32usb2.exe
O4 - HKLM\..\RunServices: [Windows Update Manager for NT] wupdmgr32.exe
O4 - HKLM\..\RunServices: [Windows Registry Express Loader] regexpress.exe
O4 - HKLM\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunOnce: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [MS SyS Restore] sysrestore.exe
O4 - HKLM\..\RunOnce: [Windows Registry Express Loader] regexpress.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\download\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [MS SyS Restore] sysrestore.exe
O4 - HKCU\..\Run: [Windows Registry Express Loader] regexpress.exe
O4 - HKCU\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [MS SyS Restore] sysrestore.exe
O4 - HKCU\..\RunOnce: [Windows Registry Express Loader] regexpress.exe
O4 - HKCU\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\RunOnce: [Microsoft Data Machine] csdata32.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\download\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {10000000-1000-0000-1000-000000000000} -
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...1/Installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{540A3A1C-47BE-447F-B340-8A2A3B5BBBAB}: NameServer = 194.134.5.5 194.134.0.97


Wie kan mij helpen?
 
Mijn hemel. Een verschrikkelijk virusfestijn.:(
Installeer meteen een firewall!


1. Scan met HijackThis en vink de volgende items aan:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ctpdehwhekthrolyr.uk/F9J...oIgvA_3R0bR.cgi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)

O4 - HKLM\..\Run: [WinInit] Win86.exe
O4 - HKLM\..\Run: [WinLogin] win32x.exe
O4 - HKLM\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\Run: [.mscdsr] C:\WINDOWS\system\lsvchost.exe
O4 - HKLM\..\Run: [Microsoft Windows Updater] WINIUPDATES.EXE
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [] winaiva.exe
O4 - HKLM\..\Run: [MS SyS Restore] sysrestore.exe
O4 - HKLM\..\Run: [Win32 USB2.0 Driver] w32usb2.exe
O4 - HKLM\..\Run: [Windows Update Manager for NT] wupdmgr32.exe
O4 - HKLM\..\Run: [Windows Registry Express Loader] regexpress.exe
O4 - HKLM\..\RunServices: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunServices: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] WINIUPDATES.EXE
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunServices: [] winaiva.exe
O4 - HKLM\..\RunServices: [MS SyS Restore] sysrestore.exe
O4 - HKLM\..\RunServices: [Win32 USB2.0 Driver] w32usb2.exe
O4 - HKLM\..\RunServices: [Windows Update Manager for NT] wupdmgr32.exe
O4 - HKLM\..\RunServices: [Windows Registry Express Loader] regexpress.exe
O4 - HKLM\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunOnce: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [MS SyS Restore] sysrestore.exe
O4 - HKLM\..\RunOnce: [Windows Registry Express Loader] regexpress.exe
O4 - HKCU\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [MS SyS Restore] sysrestore.exe
O4 - HKCU\..\Run: [Windows Registry Express Loader] regexpress.exe
O4 - HKCU\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [MS SyS Restore] sysrestore.exe
O4 - HKCU\..\RunOnce: [Windows Registry Express Loader] regexpress.exe
O4 - HKCU\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\RunOnce: [Microsoft Data Machine] csdata32.exe

O16 - DPF: {10000000-1000-0000-1000-000000000000} -
Klik om te vergroten...
Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Herstart de pc in veilige modus.
Mocht je niet weten hoe dat moet, kijk dan hier even: http://www.virushelp.nl/veilige_modus.htm

Zorg ervoor dat verborgen bestanden en mappen worden weergegeven.
Hier kun je lezen hoe dat moet: http://users.telenet.be/marcvn/spyware/1117602.htm

Verwijder nu, in veilige modus dus, de volgende bestanden:

C:\WINDOWS\System\lsvchost.exe
C:\WINDOWS\System32\winssv.exe
C:\WINDOWS\System32\csdata32.exe
C:\WINDOWS\System32\videosd32.exe
C:\WINDOWS\System32\sysrestore.exe
C:\WINDOWS\System32\regexpress.exe
C:\WINDOWS\System32\WINIUPDATES.EXE
C:\WINDOWS\System32\winaiva.exe
C:\WINDOWS\System32\wupdmgr32.exe

3. Herstart de pc in 'normale modus'.

4. Hopelijk lukt het nu weer om sites te bereiken. Is dat inderdaad het geval, doe dan de volgende online scans op virussen en trojans:
- Housecall: http://housecall.trendmicro.com/
- Panda: http://www.pandasoftware.com/activescan/com/activescan_principal.htm

5. Herstart de pc, maak een nieuw log en plaats dat hier.
 
Ik heb de dingen verwijderd zoals je had gezegt, ik kon op de panda site komen. Maar daarna kreeg ik weer de melding van kan pagina niet vinden.

Hier is het nieuw hijack this log:


Logfile of HijackThis v1.98.2
Scan saved at 22:57:21, on 9-11-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\Imapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\servicelog.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\sysrestore.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\wupdmgr32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\WINDOWS\system32\cmd.exe
F:\HijackThis.exe
C:\WINDOWS\system32\ftp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [USB Device] servicelog.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] svshost.exe
O4 - HKLM\..\Run: [MS SyS Restore] sysrestore.exe
O4 - HKLM\..\Run: [Windows Update Manager for NT] wupdmgr32.exe
O4 - HKLM\..\RunServices: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunServices: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] WINIUPDATES.EXE
O4 - HKLM\..\RunServices: [USB Device] servicelog.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] svshost.exe
O4 - HKLM\..\RunServices: [MS SyS Restore] sysrestore.exe
O4 - HKLM\..\RunServices: [Windows Update Manager for NT] wupdmgr32.exe
O4 - HKLM\..\RunOnce: [USB Device] servicelog.exe
O4 - HKLM\..\RunOnce: [MS SyS Restore] sysrestore.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\download\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [USB Device] servicelog.exe
O4 - HKCU\..\Run: [MS SyS Restore] sysrestore.exe
O4 - HKCU\..\RunOnce: [USB Device] servicelog.exe
O4 - HKCU\..\RunOnce: [MS SyS Restore] sysrestore.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\download\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{540A3A1C-47BE-447F-B340-8A2A3B5BBBAB}: NameServer = 194.134.5.5 194.134.0.97
 
Kan bovenstaande te maken hebben met de trojan horse "Collected AE" Deze virus geeft mijn AVG aan maar hoewel het zegt de virus te hebben verwijderd komt het steeds terug.
In een temp map staat het bestand installer.exe welke volgens mij de oorzaak is.
Na het verwijderen van het bestand kan ik even op internet, 5 minuten, en dan ligt de boel weer plat. De virus scanner geeft niet aan dat er een virus is gevonden, maar als ik in de temp map kijk staat het bewuste bestand er weer.
Na het scannen van de map geeft AVG inderdaad aan dat er weer een collected AE virus is.

Help o help: eindelijk ADSL en toch het net niet op.
Om hopeloos van te worden.

Rudolf
 
Het nieuwe log:



Logfile of HijackThis v1.98.2
Scan saved at 19:07:00, on 17-11-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\Imapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\servicelog.exe
C:\WINDOWS\System32\msdev.exe
C:\WINDOWS\System32\regexpress.exe
C:\WINDOWS\System32\winssv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\wupdmgr32.exe
C:\WINDOWS\System32\ntcmd.exe
C:\WINDOWS\System32\sap.exe
C:\WINDOWS\cancel.exe
C:\WINDOWS\System32\fierwall.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [USB Device] servicelog.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] svshost.exe
O4 - HKLM\..\Run: [Windows Update Manager for NT] wupdmgr32.exe
O4 - HKLM\..\Run: [msdev] msdev.exe
O4 - HKLM\..\Run: [Windows Registry Express Loader] regexpress.exe
O4 - HKLM\..\Run: [Microsoft Intrenets Explorer] ntcmd.exe
O4 - HKLM\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\Run: [System Applications Profile] sap.exe
O4 - HKLM\..\Run: [msconfig.exe] C:\WINDOWS\cancel.exe
O4 - HKLM\..\Run: [Microsoft fierwall] fierwall.exe
O4 - HKLM\..\RunServices: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] WINIUPDATES.EXE
O4 - HKLM\..\RunServices: [USB Device] servicelog.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] svshost.exe
O4 - HKLM\..\RunServices: [Windows Update Manager for NT] wupdmgr32.exe
O4 - HKLM\..\RunServices: [msdev] msdev.exe
O4 - HKLM\..\RunServices: [Windows Registry Express Loader] regexpress.exe
O4 - HKLM\..\RunServices: [Microsoft Intrenets Explorer] ntcmd.exe
O4 - HKLM\..\RunServices: [System Applications Profile] sap.exe
O4 - HKLM\..\RunServices: [Microsoft fierwall] fierwall.exe
O4 - HKLM\..\RunOnce: [USB Device] servicelog.exe
O4 - HKLM\..\RunOnce: [msdev] msdev.exe
O4 - HKLM\..\RunOnce: [Windows Registry Express Loader] regexpress.exe
O4 - HKLM\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\download\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [USB Device] servicelog.exe
O4 - HKCU\..\Run: [msdev] msdev.exe
O4 - HKCU\..\Run: [Windows Registry Express Loader] regexpress.exe
O4 - HKCU\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\RunOnce: [USB Device] servicelog.exe
O4 - HKCU\..\RunOnce: [msdev] msdev.exe
O4 - HKCU\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\RunOnce: [Windows Registry Express Loader] regexpress.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\download\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
 
Heb je nu al een firewall geïnstalleerd? Installeer een firewall en blijf zo veel mogelijk off-line totdat we dit hebben opgeschoond. Probeer mijn adviezen zo spoedig mogelijk op te volgen, bij voorkeur nu meteen, want hoe langer je wacht hoe erger het zal worden.


1. Scan met HijackThis en vink de volgende items aan:
O4 - HKLM\..\Run: [USB Device] servicelog.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] svshost.exe
O4 - HKLM\..\Run: [Windows Update Manager for NT] wupdmgr32.exe
O4 - HKLM\..\Run: [msdev] msdev.exe
O4 - HKLM\..\Run: [Windows Registry Express Loader] regexpress.exe
O4 - HKLM\..\Run: [Microsoft Intrenets Explorer] ntcmd.exe
O4 - HKLM\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\Run: [System Applications Profile] sap.exe
O4 - HKLM\..\Run: [msconfig.exe] C:\WINDOWS\cancel.exe
O4 - HKLM\..\Run: [Microsoft fierwall] fierwall.exe
O4 - HKLM\..\RunServices: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] WINIUPDATES.EXE
O4 - HKLM\..\RunServices: [USB Device] servicelog.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] svshost.exe
O4 - HKLM\..\RunServices: [Windows Update Manager for NT] wupdmgr32.exe
O4 - HKLM\..\RunServices: [msdev] msdev.exe
O4 - HKLM\..\RunServices: [Windows Registry Express Loader] regexpress.exe
O4 - HKLM\..\RunServices: [Microsoft Intrenets Explorer] ntcmd.exe
O4 - HKLM\..\RunServices: [System Applications Profile] sap.exe
O4 - HKLM\..\RunServices: [Microsoft fierwall] fierwall.exe
O4 - HKLM\..\RunOnce: [USB Device] servicelog.exe
O4 - HKLM\..\RunOnce: [msdev] msdev.exe
O4 - HKLM\..\RunOnce: [Windows Registry Express Loader] regexpress.exe
O4 - HKLM\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\Run: [USB Device] servicelog.exe
O4 - HKCU\..\Run: [msdev] msdev.exe
O4 - HKCU\..\Run: [Windows Registry Express Loader] regexpress.exe
O4 - HKCU\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\RunOnce: [USB Device] servicelog.exe
O4 - HKCU\..\RunOnce: [msdev] msdev.exe
O4 - HKCU\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\RunOnce: [Windows Registry Express Loader] regexpress.exe
Klik om te vergroten...
Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Herstart de pc in veilige modus.
Mocht je niet weten hoe dat moet, kijk dan hier even: http://www.virushelp.nl/veilige_modus.htm

Zorg ervoor dat verborgen bestanden en mappen worden weergegeven.
Hier kun je lezen hoe dat moet: http://users.telenet.be/marcvn/spyware/1117602.htm

- Verwijder nu, in veilige modus dus, de volgende bestanden:

C:\WINDOWS\System32\servicelog.exe
C:\WINDOWS\System32\msdev.exe
C:\WINDOWS\System32\regexpress.exe
C:\WINDOWS\System32\winssv.exe
C:\WINDOWS\System32\wupdmgr32.exe
C:\WINDOWS\System32\ntcmd.exe
C:\WINDOWS\System32\sap.exe
C:\WINDOWS\cancel.exe
C:\WINDOWS\System32\fierwall.exe

- Doe, nog steeds in veilige modus, schijfopruiming: Start -> Alle programma's -> Bureau-accessoires -> Systeemwerkset -> Schijfopruiming. Het 'berekenen' kan even duren. Vink alle opties aan.

- Doe, nog steeds in veilige modus, een volledige scan met AVG.

3. Herstart de pc in 'normale modus'.

4. Maak een nieuw log en plaats dat hier.
 
Ik heb alles uitgevoerd zoals je had neergezet. Bij het scannen in veilige modus, vond ie 3 backdoors (weet niet precies welke) en gaf de melding dat ie er 1 had vverwijderd en de andere 2 had laten staan. In normale modus vond ie niks.

Er is nog geen verbinding met internet gemaakt. En we hebben de Windows Firewall van sp2 geinstalleerd.

Hier is het nieuwe log:
Is er nog iets mis?

Logfile of HijackThis v1.98.2
Scan saved at 16:34:53, on 20-11-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\Imapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\system32\spoolscv.exe
C:\WINDOWS\system32\enotxa2.exe
C:\WINDOWS\system32\ctfmon.exe
c:\windows\system32\qsws\beird.exe
c:\windows\system32\qsws\beird.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Win32 USB32 Driver] spoolscv.exe
O4 - HKLM\..\Run: [Start aThe Roll] enotxa2.exe
O4 - HKLM\..\Run: [DATABASE MySql] c:\windows\system32\qsws\repcale.exe c:\windows\system32\qsws\beird.exe
O4 - HKLM\..\RunServices: [Win32 USB32 Driver] spoolscv.exe
O4 - HKLM\..\RunServices: [Start aThe Roll] enotxa2.exe
O4 - HKLM\..\RunServices: [DATABASE MySql] c:\windows\system32\qsws\repcale.exe c:\windows\system32\qsws\beird.exe
O4 - HKLM\..\RunOnce: [Win32 USB32 Driver] spoolscv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\download\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Win32 USB32 Driver] spoolscv.exe
O4 - HKCU\..\Run: [Start aThe Roll] enotxa2.exe
O4 - HKCU\..\Run: [DATABASE MySql] c:\windows\system32\qsws\repcale.exe c:\windows\system32\qsws\beird.exe
O4 - HKCU\..\RunServices: [DATABASE MySql] c:\windows\system32\qsws\repcale.exe c:\windows\system32\qsws\beird.exe
O4 - HKCU\..\RunOnce: [Win32 USB32 Driver] spoolscv.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\download\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe



PS. wat is de onderste? (O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe)


Groeten Rudolf
 
Daar gaan we weer:

1. Scan met HijackThis en vink de volgende items aan:
O4 - HKLM\..\Run: [Win32 USB32 Driver] spoolscv.exe
O4 - HKLM\..\Run: [Start aThe Roll] enotxa2.exe
O4 - HKLM\..\Run: [DATABASE MySql] c:\windows\system32\qsws\repcale.exe c:\windows\system32\qsws\beird.exe
O4 - HKLM\..\RunServices: [Win32 USB32 Driver] spoolscv.exe
O4 - HKLM\..\RunServices: [Start aThe Roll] enotxa2.exe
O4 - HKLM\..\RunServices: [DATABASE MySql] c:\windows\system32\qsws\repcale.exe c:\windows\system32\qsws\beird.exe
O4 - HKLM\..\RunOnce: [Win32 USB32 Driver] spoolscv.exe
O4 - HKCU\..\Run: [Win32 USB32 Driver] spoolscv.exe
O4 - HKCU\..\Run: [Start aThe Roll] enotxa2.exe
O4 - HKCU\..\Run: [DATABASE MySql] c:\windows\system32\qsws\repcale.exe c:\windows\system32\qsws\beird.exe
O4 - HKCU\..\RunServices: [DATABASE MySql] c:\windows\system32\qsws\repcale.exe c:\windows\system32\qsws\beird.exe
O4 - HKCU\..\RunOnce: [Win32 USB32 Driver] spoolscv.exe
Klik om te vergroten...
Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Herstart de pc in veilige modus, zorg ervoor dat verborgen bestanden worden weergegeven.

- Verwijder:
C:\WINDOWS\system32\spoolscv.exe <- dat bestand (niet verwarren met spoolsv.exe!)
C:\WINDOWS\system32\enotxa2.exe <- dat bestand
C:\WINDOWS\system32\qsws <- die map

- Doe, nog steeds in veilige modus, schijfopruiming: Start -> Alle programma's -> Bureau-accessoires -> Systeemwerkset -> Schijfopruiming. Het 'berekenen' kan even duren. Vink alle opties aan.

- Doe, nog steeds in veilige modus, een volledige scan met AVG. Wordt er weer iets gevonden dat niet verwijderd kan worden, noteer de melding van AVG dan letterlijk en volledig en vermeld het hier in je volgende bericht.

3. Herstart de pc in 'normale modus'.

4. Maak een nieuw log en plaats dat hier.
 
Oké verwijdert en gescant zonder problemen, geen virusssen gevonden.

Hier het nieuwe log:

Logfile of HijackThis v1.98.2
Scan saved at 19:50:49, on 23-11-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\Imapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Tools\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Start aThe Roll] enotxa2.exe
O4 - HKLM\..\RunServices: [Start aThe Roll] enotxa2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\download\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Win32 USB32 Driver] spoolscv.exe
O4 - HKCU\..\Run: [Start aThe Roll] enotxa2.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\download\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
 
Buffy,

Wil je bovenstaande log nog eens controleren, voordat we met deze pc het internet weer opgaan.

Mijn dank
Rudolf
 
1. Scan met HijackThis en vink de volgende items aan:
O4 - HKLM\..\Run: [Start aThe Roll] enotxa2.exe
O4 - HKLM\..\RunServices: [Start aThe Roll] enotxa2.exe
O4 - HKCU\..\Run: [Win32 USB32 Driver] spoolscv.exe
O4 - HKCU\..\Run: [Start aThe Roll] enotxa2.exe
Klik om te vergroten...
Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Start de pc opnieuw op.

3. Maak een nieuw log en plaats dat hier.
 
Oke, ik heb het weer gedaan. En het lijkt nu allemaal goed te zijn. Ik heb internet weer geprobeerd en kon overal zonder problemen komen. Toch voor de zekerheid nog een logje meegenomen.
Alvast hartelijk dank voor de moeite.


Logfile of HijackThis v1.98.2
Scan saved at 19:27:43, on 1-12-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\Imapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\download\INCRED~1\bin\IncMail.exe /c
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\download\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
 
Ziet er prima uit nu.

Lees dit even: http://www.grisoft.com/us/us_avg6_termination.php
AVG 6 zal dus vanaf 31 december aanstaande niet meer worden ondersteund. Je zult dus moeten overstappen op AVG 7.0.

Je kunt natuurlijk ook een ander (beter) antivirusprogramma dan AVG gaan gebruiken... AVG presteert de laatste tijd abominabel.
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan