Vraag & Antwoord

Beveiliging & privacy

probleem by familielid!

21 antwoorden
  • mijn nichtje heeft een probleem met haar internet zie hier haar text, hopelijk kunnen jullie haar verder helpen! Probleem, trojans en virussen op pc. Dit is gekomen tijdens het chatten met een vriendin op msn messenger. Tijdens chatten zag ik in een keer een weblink in het chatscherm, waarin ongeveer stond 'kijk hier onder bestand foto 13 sta je op internet'. Daar heb ik ingeklikt, ervan uitgaande dat zij die weblink had gestuurd. Toen kreeg ik melding van avast-programma dat er een trojan is gesignaleerd en een virus. Avast herkent deze wel, maar krijgt geen toegang om die bestanden te verwijderen. Handmatig de geinfecteerde bestanden verwijderen, op een aantal bestanden na, is ook niet gelukt. En sindsdien als ik op internet zit te surfen krijg ik continue pop-ups van drivecleaners, broadcast, hollywood en als ik ze wegklik, dan verdwijnen alle openstaande internetpagina's. Tevens krijg ik elke keer wanneer ik pc opstart meldingen van geinfecteerde bestanden door trojans en virussen. Mijn vraag is dus hoe kan ik dit probleem oplossen? hier haar logje: Logfile of HijackThis v1.99.1 Scan saved at 12:40:32, on 25-3-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\WINDOWS\explorer.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\efcddca.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {5D117BD6-D384-455D-817C-CDBC595A0C0e} - C:\WINDOWS\system32\ggdffjgs.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {E7C79532-B748-40A4-A54C-6A14569541B7} - C:\WINDOWS\system32\ddcawwx.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Toepassingen\Adobe Photoshop\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\gsylvnip.dll",setvm O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: ddcawwx - C:\WINDOWS\SYSTEM32\ddcawwx.dll O20 - Winlogon Notify: ddcddda - C:\WINDOWS\SYSTEM32\ddcddda.dll O20 - Winlogon Notify: efcddca - C:\WINDOWS\SYSTEM32\efcddca.dll O20 - Winlogon Notify: khffccc - C:\WINDOWS\SYSTEM32\khffccc.dll O20 - Winlogon Notify: rqoon - C:\WINDOWS\system32\rqoon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe Hopelijk vinden jullie wat..succes
  • even kijken.
  • Download [b:674870ba5d][url=http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe]VirtumundoBegone[/url][/b:674870ba5d], sla dit op op je bureaublad. Dubbelklik op [b:674870ba5d]VirtumundoBeGone.exe[/b:674870ba5d] en volg de aanwijzingen. Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal. Als de fix klaar is, start je de pc opnieuw op. Plaats de inhoud van het logbestand [b:674870ba5d]VBG.TXT[/b:674870ba5d], dat nu op je bureaublad staat, hier in je volgende bericht samen met een nieuw HJT logje.
  • [quote:e11634c3be="juisterr"]Download [b:e11634c3be][url=http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe]VirtumundoBegone[/url][/b:e11634c3be], sla dit op op je bureaublad. Dubbelklik op [b:e11634c3be]VirtumundoBeGone.exe[/b:e11634c3be] en volg de aanwijzingen. Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal. Als de fix klaar is, start je de pc opnieuw op. Plaats de inhoud van het logbestand [b:e11634c3be]VBG.TXT[/b:e11634c3be], dat nu op je bureaublad staat, hier in je volgende bericht samen met een nieuw HJT logje.[/quote:e11634c3be] hier het vbg en logje: [03/25/2007, 14:36:31] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrator\Bureaublad\VirtumundoBeGone.exe" ) [03/25/2007, 14:36:54] - Detected System Information: [03/25/2007, 14:36:54] - Windows Version: 5.1.2600, Service Pack 2 [03/25/2007, 14:36:54] - Current Username: Administrator (Admin) [03/25/2007, 14:36:54] - Windows is in NORMAL mode. [03/25/2007, 14:36:54] - Searching for Browser Helper Objects: [03/25/2007, 14:36:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/25/2007, 14:36:54] - BHO 2: {14377994-E6A9-40A1-A7C7-608C374B2024} () [03/25/2007, 14:36:54] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:36:54] - Checking for HKLM\...\Winlogon\Notify\opppq [03/25/2007, 14:36:54] - Found: HKLM\...\Winlogon\Notify\opppq - This is probably Virtumundo. [03/25/2007, 14:36:54] - Assigning {14377994-E6A9-40A1-A7C7-608C374B2024} MSEvents Object [03/25/2007, 14:36:54] - BHO list has been changed! Starting over... [03/25/2007, 14:36:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/25/2007, 14:36:54] - BHO 2: {14377994-E6A9-40A1-A7C7-608C374B2024} (MSEvents Object) [03/25/2007, 14:36:54] - ALERT: Found MSEvents Object! [03/25/2007, 14:36:54] - BHO 3: {182B90A3-F372-438A-800C-6814B4DE417B} () [03/25/2007, 14:36:54] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:36:54] - Checking for HKLM\...\Winlogon\Notify\efcddca [03/25/2007, 14:36:54] - Found: HKLM\...\Winlogon\Notify\efcddca - This is probably Virtumundo. [03/25/2007, 14:36:54] - Assigning {182B90A3-F372-438A-800C-6814B4DE417B} MSEvents Object [03/25/2007, 14:36:55] - BHO list has been changed! Starting over... [03/25/2007, 14:36:55] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/25/2007, 14:36:55] - BHO 2: {14377994-E6A9-40A1-A7C7-608C374B2024} (MSEvents Object) [03/25/2007, 14:36:55] - ALERT: Found MSEvents Object! [03/25/2007, 14:36:55] - BHO 3: {182B90A3-F372-438A-800C-6814B4DE417B} (MSEvents Object) [03/25/2007, 14:36:55] - ALERT: Found MSEvents Object! [03/25/2007, 14:36:55] - BHO 4: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class) [03/25/2007, 14:36:55] - BHO 5: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) [03/25/2007, 14:36:55] - BHO 6: {5D117BD6-D384-455D-817C-CDBC595A0C0e} () [03/25/2007, 14:36:55] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:36:55] - Checking for HKLM\...\Winlogon\Notify\ggdffjgs [03/25/2007, 14:36:55] - Key not found: HKLM\...\Winlogon\Notify\ggdffjgs, continuing. [03/25/2007, 14:36:56] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [03/25/2007, 14:36:56] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [03/25/2007, 14:36:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:36:56] - No filename found. Continuing. [03/25/2007, 14:36:56] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [03/25/2007, 14:36:56] - BHO 10: {E7C79532-B748-40A4-A54C-6A14569541B7} () [03/25/2007, 14:36:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:36:56] - Checking for HKLM\...\Winlogon\Notify\ddcawwx [03/25/2007, 14:36:56] - Found: HKLM\...\Winlogon\Notify\ddcawwx - This is probably Virtumundo. [03/25/2007, 14:36:56] - Assigning {E7C79532-B748-40A4-A54C-6A14569541B7} MSEvents Object [03/25/2007, 14:36:56] - BHO list has been changed! Starting over... [03/25/2007, 14:36:56] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/25/2007, 14:36:56] - BHO 2: {14377994-E6A9-40A1-A7C7-608C374B2024} (MSEvents Object) [03/25/2007, 14:36:56] - ALERT: Found MSEvents Object! [03/25/2007, 14:36:56] - BHO 3: {182B90A3-F372-438A-800C-6814B4DE417B} (MSEvents Object) [03/25/2007, 14:36:56] - ALERT: Found MSEvents Object! [03/25/2007, 14:36:56] - BHO 4: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class) [03/25/2007, 14:36:56] - BHO 5: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) [03/25/2007, 14:36:56] - BHO 6: {5D117BD6-D384-455D-817C-CDBC595A0C0e} () [03/25/2007, 14:36:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:36:56] - Checking for HKLM\...\Winlogon\Notify\ggdffjgs [03/25/2007, 14:36:56] - Key not found: HKLM\...\Winlogon\Notify\ggdffjgs, continuing. [03/25/2007, 14:36:56] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [03/25/2007, 14:36:56] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [03/25/2007, 14:36:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:36:57] - No filename found. Continuing. [03/25/2007, 14:36:57] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [03/25/2007, 14:36:57] - BHO 10: {E7C79532-B748-40A4-A54C-6A14569541B7} (MSEvents Object) [03/25/2007, 14:36:57] - ALERT: Found MSEvents Object! [03/25/2007, 14:36:57] - Finished Searching Browser Helper Objects [03/25/2007, 14:36:57] - *** Detected MSEvents Object [03/25/2007, 14:36:57] - Trying to remove MSEvents Object... [03/25/2007, 14:36:58] - Terminating Process: IEXPLORE.EXE [03/25/2007, 14:36:58] - Terminating Process: RUNDLL32.EXE [03/25/2007, 14:36:58] - Disabling Automatic Shell Restart [03/25/2007, 14:36:58] - Terminating Process: EXPLORER.EXE [03/25/2007, 14:36:59] - Suspending the NT Session Manager System Service [03/25/2007, 14:36:59] - Terminating Windows NT Logon/Logoff Manager [03/25/2007, 14:36:59] - Re-enabling Automatic Shell Restart [03/25/2007, 14:36:59] - File to disable: C:\WINDOWS\system32\opppq.dll [03/25/2007, 14:36:59] - Renaming C:\WINDOWS\system32\opppq.dll -> C:\WINDOWS\system32\opppq.dll.vir [03/25/2007, 14:36:59] - File successfully renamed! [03/25/2007, 14:37:00] - Removing HKLM\...\Browser Helper Objects\{14377994-E6A9-40A1-A7C7-608C374B2024} [03/25/2007, 14:37:00] - Removing HKCR\CLSID\{14377994-E6A9-40A1-A7C7-608C374B2024} [03/25/2007, 14:37:00] - Adding Kill Bit for ActiveX for GUID: {14377994-E6A9-40A1-A7C7-608C374B2024} [03/25/2007, 14:37:00] - Deleting ATLEvents/MSEvents Registry entries [03/25/2007, 14:37:00] - Removing HKLM\...\Winlogon\Notify\opppq [03/25/2007, 14:37:00] - Searching for Browser Helper Objects: [03/25/2007, 14:37:00] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/25/2007, 14:37:00] - BHO 2: {182B90A3-F372-438A-800C-6814B4DE417B} (MSEvents Object) [03/25/2007, 14:37:00] - ALERT: Found MSEvents Object! [03/25/2007, 14:37:00] - BHO 3: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class) [03/25/2007, 14:37:00] - BHO 4: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) [03/25/2007, 14:37:00] - BHO 5: {5D117BD6-D384-455D-817C-CDBC595A0C0e} () [03/25/2007, 14:37:00] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:37:00] - Checking for HKLM\...\Winlogon\Notify\ggdffjgs [03/25/2007, 14:37:00] - Key not found: HKLM\...\Winlogon\Notify\ggdffjgs, continuing. [03/25/2007, 14:37:00] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [03/25/2007, 14:37:00] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [03/25/2007, 14:37:00] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:37:00] - No filename found. Continuing. [03/25/2007, 14:37:00] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [03/25/2007, 14:37:00] - BHO 9: {E7C79532-B748-40A4-A54C-6A14569541B7} (MSEvents Object) [03/25/2007, 14:37:00] - ALERT: Found MSEvents Object! [03/25/2007, 14:37:00] - Finished Searching Browser Helper Objects [03/25/2007, 14:37:00] - *** Detected MSEvents Object [03/25/2007, 14:37:00] - Trying to remove MSEvents Object... [03/25/2007, 14:37:01] - Terminating Process: IEXPLORE.EXE [03/25/2007, 14:37:01] - Terminating Process: RUNDLL32.EXE [03/25/2007, 14:37:01] - Disabling Automatic Shell Restart [03/25/2007, 14:37:01] - Terminating Process: EXPLORER.EXE [03/25/2007, 14:37:01] - Suspending the NT Session Manager System Service [03/25/2007, 14:37:02] - Terminating Windows NT Logon/Logoff Manager [03/25/2007, 14:37:02] - Re-enabling Automatic Shell Restart [03/25/2007, 14:37:02] - File to disable: C:\WINDOWS\system32\efcddca.dll [03/25/2007, 14:37:02] - Renaming C:\WINDOWS\system32\efcddca.dll -> C:\WINDOWS\system32\efcddca.dll.vir [03/25/2007, 14:37:02] - File successfully renamed! [03/25/2007, 14:37:02] - Removing HKLM\...\Browser Helper Objects\{182B90A3-F372-438A-800C-6814B4DE417B} [03/25/2007, 14:37:02] - Removing HKCR\CLSID\{182B90A3-F372-438A-800C-6814B4DE417B} [03/25/2007, 14:37:02] - Adding Kill Bit for ActiveX for GUID: {182B90A3-F372-438A-800C-6814B4DE417B} [03/25/2007, 14:37:02] - Deleting ATLEvents/MSEvents Registry entries [03/25/2007, 14:37:02] - Removing HKLM\...\Winlogon\Notify\efcddca [03/25/2007, 14:37:02] - Searching for Browser Helper Objects: [03/25/2007, 14:37:02] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/25/2007, 14:37:02] - BHO 2: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class) [03/25/2007, 14:37:02] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) [03/25/2007, 14:37:02] - BHO 4: {5D117BD6-D384-455D-817C-CDBC595A0C0e} () [03/25/2007, 14:37:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:37:02] - Checking for HKLM\...\Winlogon\Notify\ggdffjgs [03/25/2007, 14:37:02] - Key not found: HKLM\...\Winlogon\Notify\ggdffjgs, continuing. [03/25/2007, 14:37:02] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [03/25/2007, 14:37:02] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [03/25/2007, 14:37:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:37:02] - No filename found. Continuing. [03/25/2007, 14:37:02] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [03/25/2007, 14:37:02] - BHO 8: {E7C79532-B748-40A4-A54C-6A14569541B7} (MSEvents Object) [03/25/2007, 14:37:02] - ALERT: Found MSEvents Object! [03/25/2007, 14:37:02] - Finished Searching Browser Helper Objects [03/25/2007, 14:37:03] - *** Detected MSEvents Object [03/25/2007, 14:37:03] - Trying to remove MSEvents Object... [03/25/2007, 14:37:04] - Terminating Process: IEXPLORE.EXE [03/25/2007, 14:37:04] - Terminating Process: RUNDLL32.EXE [03/25/2007, 14:37:04] - Disabling Automatic Shell Restart [03/25/2007, 14:37:04] - Terminating Process: EXPLORER.EXE [03/25/2007, 14:37:04] - Suspending the NT Session Manager System Service [03/25/2007, 14:37:04] - Terminating Windows NT Logon/Logoff Manager [03/25/2007, 14:37:04] - Re-enabling Automatic Shell Restart [03/25/2007, 14:37:04] - File to disable: C:\WINDOWS\system32\ddcawwx.dll [03/25/2007, 14:37:04] - Renaming C:\WINDOWS\system32\ddcawwx.dll -> C:\WINDOWS\system32\ddcawwx.dll.vir [03/25/2007, 14:37:04] - File successfully renamed! [03/25/2007, 14:37:04] - Removing HKLM\...\Browser Helper Objects\{E7C79532-B748-40A4-A54C-6A14569541B7} [03/25/2007, 14:37:04] - Removing HKCR\CLSID\{E7C79532-B748-40A4-A54C-6A14569541B7} [03/25/2007, 14:37:04] - Adding Kill Bit for ActiveX for GUID: {E7C79532-B748-40A4-A54C-6A14569541B7} [03/25/2007, 14:37:04] - Deleting ATLEvents/MSEvents Registry entries [03/25/2007, 14:37:04] - Removing HKLM\...\Winlogon\Notify\ddcawwx [03/25/2007, 14:37:04] - Searching for Browser Helper Objects: [03/25/2007, 14:37:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/25/2007, 14:37:04] - BHO 2: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class) [03/25/2007, 14:37:04] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) [03/25/2007, 14:37:04] - BHO 4: {5D117BD6-D384-455D-817C-CDBC595A0C0e} () [03/25/2007, 14:37:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:37:05] - Checking for HKLM\...\Winlogon\Notify\ggdffjgs [03/25/2007, 14:37:05] - Key not found: HKLM\...\Winlogon\Notify\ggdffjgs, continuing. [03/25/2007, 14:37:05] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [03/25/2007, 14:37:05] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [03/25/2007, 14:37:05] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:37:05] - No filename found. Continuing. [03/25/2007, 14:37:05] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [03/25/2007, 14:37:05] - Finished Searching Browser Helper Objects [03/25/2007, 14:37:05] - Finishing up... [03/25/2007, 14:37:05] - A restart is needed. [03/25/2007, 14:37:25] - Attempting to Restart via STOP error (Blue Screen!) Logfile of HijackThis v1.99.1 Scan saved at 15:47:06, on 25-3-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Toepassingen\Adobe Photoshop\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\gsylvnip.dll",setvm O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe hopelijk is het onschadelijk gemaakt en vanuit deze kant thanx..... :( :) :D
  • Kun je eens volgende bestand : C:\WINDOWS\system32\[b:9744f9e9cc]gsylvnip.dll[/b:9744f9e9cc] uploaden naar : http://www.bleepingcomputer.com/submit-malware.php?channel=16 of naar, http://www.bleepingcomputer.com/submit-malware.php?channel=8 plaats in het eerste vak de link naar dit topic http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1192641#1192641 plaats in het tweede vak het pad naar dit bestand op je pc. C:\WINDOWS\system32\[b:9744f9e9cc]gsylvnip.dll[/b:9744f9e9cc] Klik daarna op [b:9744f9e9cc]send file.[/b:9744f9e9cc] Als dat gebeurt is, Ga naar configuratiescherm >> software en verwijder uit de lijst, [b:9744f9e9cc] SweetIM[/b:9744f9e9cc] Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:9744f9e9cc]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\gsylvnip.dll",setvm O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [/b:9744f9e9cc] Klik op 'Fix checked' om de items te verwijderen. Start op in veilige modus en verwijder onderstaand bestand.Dikgedrukte deel. Lees hier hoe je moet opstarten in VM http://users.telenet.be/marcvn/spyware/1378056.htm C:\WINDOWS\system32\[b:9744f9e9cc]gsylvnip[/b:9744f9e9cc] En dan weer, Dubbelklik op [b:9744f9e9cc]VirtumundoBeGone.exe[/b:9744f9e9cc] en volg de aanwijzingen. Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal. Als de fix klaar is, start je de pc opnieuw op. (in normale modus) Plaats de inhoud van het logbestand [b:9744f9e9cc]VBG.TXT[/b:9744f9e9cc], dat nu op je bureaublad staat, hier in je volgende bericht samen met een nieuw HJT logje. succes Juisterr
  • [quote:41c4bc3905="juisterr"]Kun je eens volgende bestand : C:\WINDOWS\system32\[b:41c4bc3905]gsylvnip.dll[/b:41c4bc3905] uploaden naar : http://www.bleepingcomputer.com/submit-malware.php?channel=16 of naar, http://www.bleepingcomputer.com/submit-malware.php?channel=8 plaats in het eerste vak de link naar dit topic http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1192641#1192641 plaats in het tweede vak het pad naar dit bestand op je pc. C:\WINDOWS\system32\[b:41c4bc3905]gsylvnip.dll[/b:41c4bc3905] Klik daarna op [b:41c4bc3905]send file.[/b:41c4bc3905] Als dat gebeurt is, Ga naar configuratiescherm >> software en verwijder uit de lijst, [b:41c4bc3905] SweetIM[/b:41c4bc3905] Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:41c4bc3905]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\gsylvnip.dll",setvm O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [/b:41c4bc3905] Klik op 'Fix checked' om de items te verwijderen. Start op in veilige modus en verwijder onderstaand bestand.Dikgedrukte deel. Lees hier hoe je moet opstarten in VM http://users.telenet.be/marcvn/spyware/1378056.htm C:\WINDOWS\system32\[b:41c4bc3905]gsylvnip[/b:41c4bc3905] En dan weer, Dubbelklik op [b:41c4bc3905]VirtumundoBeGone.exe[/b:41c4bc3905] en volg de aanwijzingen. Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal. Als de fix klaar is, start je de pc opnieuw op. (in normale modus) Plaats de inhoud van het logbestand [b:41c4bc3905]VBG.TXT[/b:41c4bc3905], dat nu op je bureaublad staat, hier in je volgende bericht samen met een nieuw HJT logje. succes Juisterr[/quote:41c4bc3905] Hoi, Nog even een opmerking; Bij het verwijderen van de items dmv hijackthis en 'do a system scan only' zoals degene zei, stonden deze twee onderstaande items er niet in. R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll hier vbg logje: [03/25/2007, 14:36:31] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrator\Bureaublad\VirtumundoBeGone.exe" ) [03/25/2007, 14:36:54] - Detected System Information: [03/25/2007, 14:36:54] - Windows Version: 5.1.2600, Service Pack 2 [03/25/2007, 14:36:54] - Current Username: Administrator (Admin) [03/25/2007, 14:36:54] - Windows is in NORMAL mode. [03/25/2007, 14:36:54] - Searching for Browser Helper Objects: [03/25/2007, 14:36:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/25/2007, 14:36:54] - BHO 2: {14377994-E6A9-40A1-A7C7-608C374B2024} () [03/25/2007, 14:36:54] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:36:54] - Checking for HKLM\...\Winlogon\Notify\opppq [03/25/2007, 14:36:54] - Found: HKLM\...\Winlogon\Notify\opppq - This is probably Virtumundo. [03/25/2007, 14:36:54] - Assigning {14377994-E6A9-40A1-A7C7-608C374B2024} MSEvents Object [03/25/2007, 14:36:54] - BHO list has been changed! Starting over... [03/25/2007, 14:36:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/25/2007, 14:36:54] - BHO 2: {14377994-E6A9-40A1-A7C7-608C374B2024} (MSEvents Object) [03/25/2007, 14:36:54] - ALERT: Found MSEvents Object! [03/25/2007, 14:36:54] - BHO 3: {182B90A3-F372-438A-800C-6814B4DE417B} () [03/25/2007, 14:36:54] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:36:54] - Checking for HKLM\...\Winlogon\Notify\efcddca [03/25/2007, 14:36:54] - Found: HKLM\...\Winlogon\Notify\efcddca - This is probably Virtumundo. [03/25/2007, 14:36:54] - Assigning {182B90A3-F372-438A-800C-6814B4DE417B} MSEvents Object [03/25/2007, 14:36:55] - BHO list has been changed! Starting over... [03/25/2007, 14:36:55] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/25/2007, 14:36:55] - BHO 2: {14377994-E6A9-40A1-A7C7-608C374B2024} (MSEvents Object) [03/25/2007, 14:36:55] - ALERT: Found MSEvents Object! [03/25/2007, 14:36:55] - BHO 3: {182B90A3-F372-438A-800C-6814B4DE417B} (MSEvents Object) [03/25/2007, 14:36:55] - ALERT: Found MSEvents Object! [03/25/2007, 14:36:55] - BHO 4: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class) [03/25/2007, 14:36:55] - BHO 5: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) [03/25/2007, 14:36:55] - BHO 6: {5D117BD6-D384-455D-817C-CDBC595A0C0e} () [03/25/2007, 14:36:55] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:36:55] - Checking for HKLM\...\Winlogon\Notify\ggdffjgs [03/25/2007, 14:36:55] - Key not found: HKLM\...\Winlogon\Notify\ggdffjgs, continuing. [03/25/2007, 14:36:56] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [03/25/2007, 14:36:56] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [03/25/2007, 14:36:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:36:56] - No filename found. Continuing. [03/25/2007, 14:36:56] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [03/25/2007, 14:36:56] - BHO 10: {E7C79532-B748-40A4-A54C-6A14569541B7} () [03/25/2007, 14:36:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:36:56] - Checking for HKLM\...\Winlogon\Notify\ddcawwx [03/25/2007, 14:36:56] - Found: HKLM\...\Winlogon\Notify\ddcawwx - This is probably Virtumundo. [03/25/2007, 14:36:56] - Assigning {E7C79532-B748-40A4-A54C-6A14569541B7} MSEvents Object [03/25/2007, 14:36:56] - BHO list has been changed! Starting over... [03/25/2007, 14:36:56] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/25/2007, 14:36:56] - BHO 2: {14377994-E6A9-40A1-A7C7-608C374B2024} (MSEvents Object) [03/25/2007, 14:36:56] - ALERT: Found MSEvents Object! [03/25/2007, 14:36:56] - BHO 3: {182B90A3-F372-438A-800C-6814B4DE417B} (MSEvents Object) [03/25/2007, 14:36:56] - ALERT: Found MSEvents Object! [03/25/2007, 14:36:56] - BHO 4: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class) [03/25/2007, 14:36:56] - BHO 5: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) [03/25/2007, 14:36:56] - BHO 6: {5D117BD6-D384-455D-817C-CDBC595A0C0e} () [03/25/2007, 14:36:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:36:56] - Checking for HKLM\...\Winlogon\Notify\ggdffjgs [03/25/2007, 14:36:56] - Key not found: HKLM\...\Winlogon\Notify\ggdffjgs, continuing. [03/25/2007, 14:36:56] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [03/25/2007, 14:36:56] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [03/25/2007, 14:36:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:36:57] - No filename found. Continuing. [03/25/2007, 14:36:57] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [03/25/2007, 14:36:57] - BHO 10: {E7C79532-B748-40A4-A54C-6A14569541B7} (MSEvents Object) [03/25/2007, 14:36:57] - ALERT: Found MSEvents Object! [03/25/2007, 14:36:57] - Finished Searching Browser Helper Objects [03/25/2007, 14:36:57] - *** Detected MSEvents Object [03/25/2007, 14:36:57] - Trying to remove MSEvents Object... [03/25/2007, 14:36:58] - Terminating Process: IEXPLORE.EXE [03/25/2007, 14:36:58] - Terminating Process: RUNDLL32.EXE [03/25/2007, 14:36:58] - Disabling Automatic Shell Restart [03/25/2007, 14:36:58] - Terminating Process: EXPLORER.EXE [03/25/2007, 14:36:59] - Suspending the NT Session Manager System Service [03/25/2007, 14:36:59] - Terminating Windows NT Logon/Logoff Manager [03/25/2007, 14:36:59] - Re-enabling Automatic Shell Restart [03/25/2007, 14:36:59] - File to disable: C:\WINDOWS\system32\opppq.dll [03/25/2007, 14:36:59] - Renaming C:\WINDOWS\system32\opppq.dll -> C:\WINDOWS\system32\opppq.dll.vir [03/25/2007, 14:36:59] - File successfully renamed! [03/25/2007, 14:37:00] - Removing HKLM\...\Browser Helper Objects\{14377994-E6A9-40A1-A7C7-608C374B2024} [03/25/2007, 14:37:00] - Removing HKCR\CLSID\{14377994-E6A9-40A1-A7C7-608C374B2024} [03/25/2007, 14:37:00] - Adding Kill Bit for ActiveX for GUID: {14377994-E6A9-40A1-A7C7-608C374B2024} [03/25/2007, 14:37:00] - Deleting ATLEvents/MSEvents Registry entries [03/25/2007, 14:37:00] - Removing HKLM\...\Winlogon\Notify\opppq [03/25/2007, 14:37:00] - Searching for Browser Helper Objects: [03/25/2007, 14:37:00] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/25/2007, 14:37:00] - BHO 2: {182B90A3-F372-438A-800C-6814B4DE417B} (MSEvents Object) [03/25/2007, 14:37:00] - ALERT: Found MSEvents Object! [03/25/2007, 14:37:00] - BHO 3: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class) [03/25/2007, 14:37:00] - BHO 4: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) [03/25/2007, 14:37:00] - BHO 5: {5D117BD6-D384-455D-817C-CDBC595A0C0e} () [03/25/2007, 14:37:00] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:37:00] - Checking for HKLM\...\Winlogon\Notify\ggdffjgs [03/25/2007, 14:37:00] - Key not found: HKLM\...\Winlogon\Notify\ggdffjgs, continuing. [03/25/2007, 14:37:00] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [03/25/2007, 14:37:00] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [03/25/2007, 14:37:00] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:37:00] - No filename found. Continuing. [03/25/2007, 14:37:00] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [03/25/2007, 14:37:00] - BHO 9: {E7C79532-B748-40A4-A54C-6A14569541B7} (MSEvents Object) [03/25/2007, 14:37:00] - ALERT: Found MSEvents Object! [03/25/2007, 14:37:00] - Finished Searching Browser Helper Objects [03/25/2007, 14:37:00] - *** Detected MSEvents Object [03/25/2007, 14:37:00] - Trying to remove MSEvents Object... [03/25/2007, 14:37:01] - Terminating Process: IEXPLORE.EXE [03/25/2007, 14:37:01] - Terminating Process: RUNDLL32.EXE [03/25/2007, 14:37:01] - Disabling Automatic Shell Restart [03/25/2007, 14:37:01] - Terminating Process: EXPLORER.EXE [03/25/2007, 14:37:01] - Suspending the NT Session Manager System Service [03/25/2007, 14:37:02] - Terminating Windows NT Logon/Logoff Manager [03/25/2007, 14:37:02] - Re-enabling Automatic Shell Restart [03/25/2007, 14:37:02] - File to disable: C:\WINDOWS\system32\efcddca.dll [03/25/2007, 14:37:02] - Renaming C:\WINDOWS\system32\efcddca.dll -> C:\WINDOWS\system32\efcddca.dll.vir [03/25/2007, 14:37:02] - File successfully renamed! [03/25/2007, 14:37:02] - Removing HKLM\...\Browser Helper Objects\{182B90A3-F372-438A-800C-6814B4DE417B} [03/25/2007, 14:37:02] - Removing HKCR\CLSID\{182B90A3-F372-438A-800C-6814B4DE417B} [03/25/2007, 14:37:02] - Adding Kill Bit for ActiveX for GUID: {182B90A3-F372-438A-800C-6814B4DE417B} [03/25/2007, 14:37:02] - Deleting ATLEvents/MSEvents Registry entries [03/25/2007, 14:37:02] - Removing HKLM\...\Winlogon\Notify\efcddca [03/25/2007, 14:37:02] - Searching for Browser Helper Objects: [03/25/2007, 14:37:02] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/25/2007, 14:37:02] - BHO 2: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class) [03/25/2007, 14:37:02] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) [03/25/2007, 14:37:02] - BHO 4: {5D117BD6-D384-455D-817C-CDBC595A0C0e} () [03/25/2007, 14:37:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:37:02] - Checking for HKLM\...\Winlogon\Notify\ggdffjgs [03/25/2007, 14:37:02] - Key not found: HKLM\...\Winlogon\Notify\ggdffjgs, continuing. [03/25/2007, 14:37:02] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [03/25/2007, 14:37:02] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [03/25/2007, 14:37:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:37:02] - No filename found. Continuing. [03/25/2007, 14:37:02] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [03/25/2007, 14:37:02] - BHO 8: {E7C79532-B748-40A4-A54C-6A14569541B7} (MSEvents Object) [03/25/2007, 14:37:02] - ALERT: Found MSEvents Object! [03/25/2007, 14:37:02] - Finished Searching Browser Helper Objects [03/25/2007, 14:37:03] - *** Detected MSEvents Object [03/25/2007, 14:37:03] - Trying to remove MSEvents Object... [03/25/2007, 14:37:04] - Terminating Process: IEXPLORE.EXE [03/25/2007, 14:37:04] - Terminating Process: RUNDLL32.EXE [03/25/2007, 14:37:04] - Disabling Automatic Shell Restart [03/25/2007, 14:37:04] - Terminating Process: EXPLORER.EXE [03/25/2007, 14:37:04] - Suspending the NT Session Manager System Service [03/25/2007, 14:37:04] - Terminating Windows NT Logon/Logoff Manager [03/25/2007, 14:37:04] - Re-enabling Automatic Shell Restart [03/25/2007, 14:37:04] - File to disable: C:\WINDOWS\system32\ddcawwx.dll [03/25/2007, 14:37:04] - Renaming C:\WINDOWS\system32\ddcawwx.dll -> C:\WINDOWS\system32\ddcawwx.dll.vir [03/25/2007, 14:37:04] - File successfully renamed! [03/25/2007, 14:37:04] - Removing HKLM\...\Browser Helper Objects\{E7C79532-B748-40A4-A54C-6A14569541B7} [03/25/2007, 14:37:04] - Removing HKCR\CLSID\{E7C79532-B748-40A4-A54C-6A14569541B7} [03/25/2007, 14:37:04] - Adding Kill Bit for ActiveX for GUID: {E7C79532-B748-40A4-A54C-6A14569541B7} [03/25/2007, 14:37:04] - Deleting ATLEvents/MSEvents Registry entries [03/25/2007, 14:37:04] - Removing HKLM\...\Winlogon\Notify\ddcawwx [03/25/2007, 14:37:04] - Searching for Browser Helper Objects: [03/25/2007, 14:37:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/25/2007, 14:37:04] - BHO 2: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class) [03/25/2007, 14:37:04] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) [03/25/2007, 14:37:04] - BHO 4: {5D117BD6-D384-455D-817C-CDBC595A0C0e} () [03/25/2007, 14:37:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:37:05] - Checking for HKLM\...\Winlogon\Notify\ggdffjgs [03/25/2007, 14:37:05] - Key not found: HKLM\...\Winlogon\Notify\ggdffjgs, continuing. [03/25/2007, 14:37:05] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [03/25/2007, 14:37:05] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [03/25/2007, 14:37:05] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 14:37:05] - No filename found. Continuing. [03/25/2007, 14:37:05] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [03/25/2007, 14:37:05] - Finished Searching Browser Helper Objects [03/25/2007, 14:37:05] - Finishing up... [03/25/2007, 14:37:05] - A restart is needed. [03/25/2007, 14:37:25] - Attempting to Restart via STOP error (Blue Screen!) [03/25/2007, 22:47:21] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrator\Bureaublad\VirtumundoBeGone.exe" ) [03/25/2007, 22:47:32] - Detected System Information: [03/25/2007, 22:47:32] - Windows Version: 5.1.2600, Service Pack 2 [03/25/2007, 22:47:32] - Current Username: Administrator (Admin) [03/25/2007, 22:47:32] - Windows is in SAFE mode with Networking. [03/25/2007, 22:47:32] - Searching for Browser Helper Objects: [03/25/2007, 22:47:32] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/25/2007, 22:47:32] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) [03/25/2007, 22:47:32] - BHO 3: {27C88612-0F61-416A-A4C0-EB4C4A8AE3E6} () [03/25/2007, 22:47:32] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 22:47:32] - Checking for HKLM\...\Winlogon\Notify\rqoon [03/25/2007, 22:47:32] - Found: HKLM\...\Winlogon\Notify\rqoon - This is probably Virtumundo. [03/25/2007, 22:47:32] - Assigning {27C88612-0F61-416A-A4C0-EB4C4A8AE3E6} MSEvents Object [03/25/2007, 22:47:32] - BHO list has been changed! Starting over... [03/25/2007, 22:47:32] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/25/2007, 22:47:32] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) [03/25/2007, 22:47:32] - BHO 3: {27C88612-0F61-416A-A4C0-EB4C4A8AE3E6} (MSEvents Object) [03/25/2007, 22:47:33] - ALERT: Found MSEvents Object! [03/25/2007, 22:47:33] - BHO 4: {5D117BD6-D384-455D-817C-CDBC595A0C0e} () [03/25/2007, 22:47:33] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 22:47:33] - Checking for HKLM\...\Winlogon\Notify\ggdffjgs [03/25/2007, 22:47:33] - Key not found: HKLM\...\Winlogon\Notify\ggdffjgs, continuing. [03/25/2007, 22:47:33] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [03/25/2007, 22:47:33] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [03/25/2007, 22:47:33] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 22:47:33] - No filename found. Continuing. [03/25/2007, 22:47:33] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [03/25/2007, 22:47:33] - BHO 8: {D38439EC-4A7F-42b4-90C2-D810D7778FDD} () [03/25/2007, 22:47:33] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 22:47:33] - Checking for HKLM\...\Winlogon\Notify\wmtpurdl [03/25/2007, 22:47:33] - Key not found: HKLM\...\Winlogon\Notify\wmtpurdl, continuing. [03/25/2007, 22:47:33] - BHO 9: {E7C79532-B748-40A4-A54C-6A14569541B7} () [03/25/2007, 22:47:33] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 22:47:33] - Checking for HKLM\...\Winlogon\Notify\ddcddda [03/25/2007, 22:47:33] - Found: HKLM\...\Winlogon\Notify\ddcddda - This is probably Virtumundo. [03/25/2007, 22:47:33] - Assigning {E7C79532-B748-40A4-A54C-6A14569541B7} MSEvents Object [03/25/2007, 22:47:33] - BHO list has been changed! Starting over... [03/25/2007, 22:47:33] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/25/2007, 22:47:33] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) [03/25/2007, 22:47:33] - BHO 3: {27C88612-0F61-416A-A4C0-EB4C4A8AE3E6} (MSEvents Object) [03/25/2007, 22:47:33] - ALERT: Found MSEvents Object! [03/25/2007, 22:47:33] - BHO 4: {5D117BD6-D384-455D-817C-CDBC595A0C0e} () [03/25/2007, 22:47:33] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 22:47:33] - Checking for HKLM\...\Winlogon\Notify\ggdffjgs [03/25/2007, 22:47:33] - Key not found: HKLM\...\Winlogon\Notify\ggdffjgs, continuing. [03/25/2007, 22:47:33] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [03/25/2007, 22:47:33] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [03/25/2007, 22:47:33] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 22:47:33] - No filename found. Continuing. [03/25/2007, 22:47:33] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [03/25/2007, 22:47:33] - BHO 8: {D38439EC-4A7F-42b4-90C2-D810D7778FDD} () [03/25/2007, 22:47:33] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 22:47:33] - Checking for HKLM\...\Winlogon\Notify\wmtpurdl [03/25/2007, 22:47:33] - Key not found: HKLM\...\Winlogon\Notify\wmtpurdl, continuing. [03/25/2007, 22:47:33] - BHO 9: {E7C79532-B748-40A4-A54C-6A14569541B7} (MSEvents Object) [03/25/2007, 22:47:33] - ALERT: Found MSEvents Object! [03/25/2007, 22:47:33] - Finished Searching Browser Helper Objects [03/25/2007, 22:47:33] - *** Detected MSEvents Object [03/25/2007, 22:47:33] - Trying to remove MSEvents Object... [03/25/2007, 22:47:34] - Terminating Process: IEXPLORE.EXE [03/25/2007, 22:47:35] - Terminating Process: RUNDLL32.EXE [03/25/2007, 22:47:35] - Disabling Automatic Shell Restart [03/25/2007, 22:47:35] - Terminating Process: EXPLORER.EXE [03/25/2007, 22:47:35] - Suspending the NT Session Manager System Service [03/25/2007, 22:47:35] - Terminating Windows NT Logon/Logoff Manager [03/25/2007, 22:47:35] - Re-enabling Automatic Shell Restart [03/25/2007, 22:47:35] - File to disable: C:\WINDOWS\system32\rqoon.dll [03/25/2007, 22:47:35] - Renaming C:\WINDOWS\system32\rqoon.dll -> C:\WINDOWS\system32\rqoon.dll.vir [03/25/2007, 22:47:36] - File successfully renamed! [03/25/2007, 22:47:36] - Removing HKLM\...\Browser Helper Objects\{27C88612-0F61-416A-A4C0-EB4C4A8AE3E6} [03/25/2007, 22:47:36] - Removing HKCR\CLSID\{27C88612-0F61-416A-A4C0-EB4C4A8AE3E6} [03/25/2007, 22:47:36] - Adding Kill Bit for ActiveX for GUID: {27C88612-0F61-416A-A4C0-EB4C4A8AE3E6} [03/25/2007, 22:47:36] - Deleting ATLEvents/MSEvents Registry entries [03/25/2007, 22:47:36] - Removing HKLM\...\Winlogon\Notify\rqoon [03/25/2007, 22:47:36] - Searching for Browser Helper Objects: [03/25/2007, 22:47:36] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/25/2007, 22:47:36] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) [03/25/2007, 22:47:36] - BHO 3: {5D117BD6-D384-455D-817C-CDBC595A0C0e} () [03/25/2007, 22:47:36] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 22:47:36] - Checking for HKLM\...\Winlogon\Notify\ggdffjgs [03/25/2007, 22:47:36] - Key not found: HKLM\...\Winlogon\Notify\ggdffjgs, continuing. [03/25/2007, 22:47:36] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [03/25/2007, 22:47:36] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [03/25/2007, 22:47:36] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 22:47:36] - No filename found. Continuing. [03/25/2007, 22:47:36] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [03/25/2007, 22:47:36] - BHO 7: {D38439EC-4A7F-42b4-90C2-D810D7778FDD} () [03/25/2007, 22:47:36] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 22:47:36] - Checking for HKLM\...\Winlogon\Notify\wmtpurdl [03/25/2007, 22:47:36] - Key not found: HKLM\...\Winlogon\Notify\wmtpurdl, continuing. [03/25/2007, 22:47:36] - BHO 8: {E7C79532-B748-40A4-A54C-6A14569541B7} (MSEvents Object) [03/25/2007, 22:47:36] - ALERT: Found MSEvents Object! [03/25/2007, 22:47:36] - Finished Searching Browser Helper Objects [03/25/2007, 22:47:36] - *** Detected MSEvents Object [03/25/2007, 22:47:36] - Trying to remove MSEvents Object... [03/25/2007, 22:47:37] - Terminating Process: IEXPLORE.EXE [03/25/2007, 22:47:37] - Terminating Process: RUNDLL32.EXE [03/25/2007, 22:47:37] - Disabling Automatic Shell Restart [03/25/2007, 22:47:37] - Terminating Process: EXPLORER.EXE [03/25/2007, 22:47:37] - Suspending the NT Session Manager System Service [03/25/2007, 22:47:37] - Terminating Windows NT Logon/Logoff Manager [03/25/2007, 22:47:37] - Re-enabling Automatic Shell Restart [03/25/2007, 22:47:37] - File to disable: C:\WINDOWS\system32\ddcddda.dll [03/25/2007, 22:47:37] - Renaming C:\WINDOWS\system32\ddcddda.dll -> C:\WINDOWS\system32\ddcddda.dll.vir [03/25/2007, 22:47:37] - File successfully renamed! [03/25/2007, 22:47:37] - Removing HKLM\...\Browser Helper Objects\{E7C79532-B748-40A4-A54C-6A14569541B7} [03/25/2007, 22:47:37] - Removing HKCR\CLSID\{E7C79532-B748-40A4-A54C-6A14569541B7} [03/25/2007, 22:47:37] - Adding Kill Bit for ActiveX for GUID: {E7C79532-B748-40A4-A54C-6A14569541B7} [03/25/2007, 22:47:37] - Deleting ATLEvents/MSEvents Registry entries [03/25/2007, 22:47:37] - Removing HKLM\...\Winlogon\Notify\ddcddda [03/25/2007, 22:47:37] - Searching for Browser Helper Objects: [03/25/2007, 22:47:37] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/25/2007, 22:47:37] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) [03/25/2007, 22:47:38] - BHO 3: {5D117BD6-D384-455D-817C-CDBC595A0C0e} () [03/25/2007, 22:47:38] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 22:47:38] - Checking for HKLM\...\Winlogon\Notify\ggdffjgs [03/25/2007, 22:47:38] - Key not found: HKLM\...\Winlogon\Notify\ggdffjgs, continuing. [03/25/2007, 22:47:38] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [03/25/2007, 22:47:38] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [03/25/2007, 22:47:38] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 22:47:38] - No filename found. Continuing. [03/25/2007, 22:47:38] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [03/25/2007, 22:47:38] - BHO 7: {D38439EC-4A7F-42b4-90C2-D810D7778FDD} () [03/25/2007, 22:47:38] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/25/2007, 22:47:38] - Checking for HKLM\...\Winlogon\Notify\wmtpurdl [03/25/2007, 22:47:38] - Key not found: HKLM\...\Winlogon\Notify\wmtpurdl, continuing. [03/25/2007, 22:47:38] - Finished Searching Browser Helper Objects [03/25/2007, 22:47:38] - Finishing up... [03/25/2007, 22:47:38] - A restart is needed. [03/25/2007, 22:48:24] - Attempting to Restart via STOP error (Blue Screen!) hier hijackthis logje: Logfile of HijackThis v1.99.1 Scan saved at 22:54:51, on 25-3-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {5D117BD6-D384-455D-817C-CDBC595A0C0e} - C:\WINDOWS\system32\ggdffjgs.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {E7C79532-B748-40A4-A54C-6A14569541B7} - C:\WINDOWS\system32\khffccc.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Toepassingen\Adobe Photoshop\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\qswxpdjm.dll",setvm O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: khffccc - C:\WINDOWS\SYSTEM32\khffccc.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe hartelijk dank vanuit deze kant. :D :D :D :D :D
  • Beter maar nog niet goed, zit zo te zien nog een infectie in. Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:c5da7fcc93] O2 - BHO: (no name) - {5D117BD6-D384-455D-817C-CDBC595A0C0e} -C:\WINDOWS\system32\ggdffjgs.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {E7C79532-B748-40A4-A54C-6A14569541B7} -C:\WINDOWS\system32\khffccc.dll O4 - HKLM\..\Run: [SoundService] rundll32.exe"C:\WINDOWS\system32\qswxpdjm.dll",setvm O20 - Winlogon Notify: khffccc - C:\WINDOWS\SYSTEM32\khffccc.dll [/b:c5da7fcc93] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Download: [url=http://home.hetnet.nl/~stefsmeenk/RemoveVideoActiveXObject.exe][color=red:c5da7fcc93][b:c5da7fcc93]RemoveVideoActiveXObject.exe[/b:c5da7fcc93][/color:c5da7fcc93][/url] Sla het bestand op je bureaublad op, daarna dubbelklikken. Mogelijk start de uninstaller van een rogue scanner op, sluit deze niet af maar laat deze zijn werk doen. Daarna de [b:c5da7fcc93]PC herstarten[/b:c5da7fcc93] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken. Post daarna het logje C:\[b:c5da7fcc93]RVAXO-results.log[/b:c5da7fcc93] in je volgende bericht tesamen met een nieuw logje van HijackThis. Succes
  • [quote:2b165f1489="juisterr"]Beter maar nog niet goed, zit zo te zien nog een infectie in. Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:2b165f1489] O2 - BHO: (no name) - {5D117BD6-D384-455D-817C-CDBC595A0C0e} -C:\WINDOWS\system32\ggdffjgs.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {E7C79532-B748-40A4-A54C-6A14569541B7} -C:\WINDOWS\system32\khffccc.dll O4 - HKLM\..\Run: [SoundService] rundll32.exe"C:\WINDOWS\system32\qswxpdjm.dll",setvm O20 - Winlogon Notify: khffccc - C:\WINDOWS\SYSTEM32\khffccc.dll [/b:2b165f1489] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Download: [url=http://home.hetnet.nl/~stefsmeenk/RemoveVideoActiveXObject.exe][color=red:2b165f1489][b:2b165f1489]RemoveVideoActiveXObject.exe[/b:2b165f1489][/color:2b165f1489][/url] Sla het bestand op je bureaublad op, daarna dubbelklikken. Mogelijk start de uninstaller van een rogue scanner op, sluit deze niet af maar laat deze zijn werk doen. Daarna de [b:2b165f1489]PC herstarten[/b:2b165f1489] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken. Post daarna het logje C:\[b:2b165f1489]RVAXO-results.log[/b:2b165f1489] in je volgende bericht tesamen met een nieuw logje van HijackThis. Succes[/quote:2b165f1489] Hoi, Opmerking: Bij het uitvoeren van de 'system scan only' via hijackthis heb ik de volgende items niet kunnen vinden en dus ook niet kunnen verwijderen. O2 - BHO: (no name) - {5D117BD6-D384-455D-817C-CDBC595A0C0e} -C:\WINDOWS\system32\ggdffjgs.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {E7C79532-B748-40A4-A54C-6A14569541B7} -C:\WINDOWS\system32\khffccc.dll O20 - Winlogon Notify: khffccc - C:\WINDOWS\SYSTEM32\khffccc.dll ----------------RemoveVideoActiveXObject.exe first run------------- Files found: Uninstallers Rogue scanners: Folders Found: --------------RemoveVideoActiveXObject.exe last run--------------- Files found: Uninstallers Rogue scanners: Folders Found: Logfile of HijackThis v1.99.1 Scan saved at 8:26:11, on 26-3-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Toepassingen\Adobe Photoshop\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\llvxnjjx.dll",setvm O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe hopelijk dat dit duidelijk is....thanx ook van mijn nichtje.. :wink: :x :lol: :) :D
  • Ja hoor, duidelijk. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:21892118c6]Combofix[/b:21892118c6][/url] naar je Bureaublad. Ga naar Start - Uitvoeren en geef hier met behulp van kopiëren en plakken het volgende commando in: [b:21892118c6]"%userprofile%\Bureaublad\Combofix.exe" /v ggdffjgs khffccc[/b:21892118c6] Bevestig dit met OK. Combofix zal starten en je PC zal rebooten, na de herstart opent het logje van Combofix, post dit in je volgende antwoord tesamen met een nieuw logje van HijackThis.
  • [quote:0612699849="juisterr"]Ja hoor, duidelijk. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:0612699849]Combofix[/b:0612699849][/url] naar je Bureaublad. Ga naar Start - Uitvoeren en geef hier met behulp van kopiëren en plakken het volgende commando in: [b:0612699849]"%userprofile%\Bureaublad\Combofix.exe" /v ggdffjgs khffccc[/b:0612699849] Bevestig dit met OK. Combofix zal starten en je PC zal rebooten, na de herstart opent het logje van Combofix, post dit in je volgende antwoord tesamen met een nieuw logje van HijackThis.[/quote:0612699849] Hoi, Heb weer een opmerking; Er stond Ga naar Strat - uitvoeren en geef mbv van kopieren en plakken het volgende commando in: %userprofile%\Bureaublad\Combofix.exe/v ggdffjgs khffccc en bevestig dit met OK. Dit bestandje heb ik niet kunnen vinden. Ik heb wel de combofix uitgevoerd en daar is wel logje van gemaakt. "Administrator" - 07-03-28 17:23:32 Service Pack 2 ComboFix 07-03-27.4 - Running from: "C:\Documents and Settings\Administrator\Bureaublad" ((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-28 )))))))))))))))))))))))))))))))))) 2007-03-28 17:16 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Onlangs geopend 2007-03-28 10:28 132,116 --a------ C:\WINDOWS\system32\euoricin.dll 2007-03-28 09:25 26,730 --a------ C:\WINDOWS\system32\iiffefc.dll 2007-03-27 10:27 48,708 --a------ C:\WINDOWS\system32\sswfwkww.dll 2007-03-26 08:22 21,193 --a------ C:\WINDOWS\system32\RemoveVideoActiveXObject.reg 2007-03-26 08:18 69,632 --a------ C:\WINDOWS\system32\remove.exe 2007-03-26 08:15 123,972 --a------ C:\WINDOWS\system32\llvxnjjx.dll 2007-03-26 08:11 619,555 ---hs---- C:\WINDOWS\system32\oonmp.bak2 2007-03-25 23:00 452,758 ---hs---- C:\WINDOWS\system32\oonmp.bak1 2007-03-25 23:00 132,116 --a------ C:\WINDOWS\system32\wjvkkfcn.dll 2007-03-25 22:59 280,676 ---hs---- C:\WINDOWS\system32\pmnoo.dll 2007-03-25 22:38 <DIR> d-------- C:\WINDOWS\pss 2007-03-25 12:45 451,903 ---hs---- C:\WINDOWS\system32\qpppo.bak1 2007-03-25 12:45 280,676 --ahs---- C:\WINDOWS\system32\opppq.dll.vir 2007-03-25 11:38 280,676 ---hs---- C:\WINDOWS\system32\rqopq.dll 2007-03-24 22:56 132,116 --a------ C:\WINDOWS\system32\ggdffjgs.dll 2007-03-24 22:09 132,116 --a------ C:\WINDOWS\system32\ksjaxxfm.dll 2007-03-24 17:50 48,660 --a------ C:\WINDOWS\system32\tuyiwkyh.dll 2007-03-24 02:29 26,730 --a------ C:\WINDOWS\system32\efcddca.dll.vir 2007-03-23 23:25 461,755 ---hs---- C:\WINDOWS\system32\nooqr.ini2 2007-03-23 23:07 <DIR> d-------- C:\Program Files\Common Files\PC Tools 2007-03-23 23:06 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-03-22 15:03 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2007-03-22 13:55 26,685 ---hs---- C:\WINDOWS\system32\rqrsroo.dll 2007-03-22 13:10 26,685 ---hs---- C:\WINDOWS\system32\rqrsrro.dll 2007-03-22 13:07 26,685 ---hs---- C:\WINDOWS\system32\khffccc.dll 2007-03-22 10:34 26,685 ---hs---- C:\WINDOWS\system32\khfgedb.dll 2007-03-22 02:41 26,685 ---hs---- C:\WINDOWS\system32\xxyxutq.dll 2007-03-22 01:48 461,375 ---hs---- C:\WINDOWS\system32\nooqr.bak2 2007-03-22 01:04 26,685 ---hs---- C:\WINDOWS\system32\qomnmnk.dll 2007-03-22 00:55 280,676 ---hs---- C:\WINDOWS\system32\efecd.dll 2007-03-22 00:50 26,685 --ahs---- C:\WINDOWS\system32\ddcddda.dll.vir 2007-03-22 00:40 26,685 ---hs---- C:\WINDOWS\system32\urqqnoo.dll 2007-03-22 00:20 26,685 ---hs---- C:\WINDOWS\system32\ddcyawt.dll 2007-03-22 00:19 26,685 ---hs---- C:\WINDOWS\system32\rqrrpmj.dll 2007-03-21 23:42 26,685 ---hs---- C:\WINDOWS\system32\vtuuutu.dll 2007-03-21 22:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-03-21 22:19 443,870 ---hs---- C:\WINDOWS\system32\nooqr.bak1 2007-03-21 22:18 280,676 --ahs---- C:\WINDOWS\system32\rqoon.dll.vir 2007-03-21 22:18 280,676 ---hs---- C:\WINDOWS\system32\vtusq.dll 2007-03-21 22:13 26,685 ---hs---- C:\WINDOWS\system32\fccbcca.dll 2007-03-21 22:12 26,685 --ahs---- C:\WINDOWS\system32\ddcawwx.dll.vir 2007-03-21 22:11 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-03-05 09:56 67,976 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GDIPFONTCACHEV1.DAT 2007-03-04 15:11 <DIR> d-------- C:\Program Files\Last.fm 2007-03-04 15:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Incomplete 2007-03-04 15:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\LimeWire 2007-03-04 15:01 <DIR> d-------- C:\Program Files\LimeWire 2007-03-01 19:29 <DIR> d-------- C:\Program Files\vso (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-25 22:13 -------- d-------- C:\Program Files\macrogaming 2007-03-25 12:36 -------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\skype 2007-03-25 11:41 54262 --a------ C:\WINDOWS\system32\perfc013.dat 2007-03-25 11:41 367234 --a------ C:\WINDOWS\system32\perfh013.dat 2007-03-22 18:09 -------- d-------- C:\Program Files\msn messenger 2007-03-20 15:47 -------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\azureus 2007-03-03 11:33 -------- d-------- C:\Program Files\java 2007-03-02 10:36 -------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\vso 2007-03-01 19:30 87608 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\ezpinst.exe 2007-03-01 19:30 7824 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\pcouffin.cat 2007-03-01 19:30 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-03-01 19:30 47360 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\pcouffin.sys 2007-03-01 19:30 34 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\pcouffin.log 2007-03-01 19:30 1144 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\pcouffin.inf 2007-02-23 11:35 -------- d-------- C:\Program Files\windows media connect 2 2007-02-18 22:18 -------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\dvdcss 2007-02-17 16:20 -------- d-------- C:\Program Files\avisynth 2.5 2007-02-17 16:20 -------- d-------- C:\Program Files\avi2dvd 2007-02-15 03:54 -------- d-------- C:\Program Files\google 2007-02-06 18:22 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-02-05 22:09 -------- d-------- C:\Program Files\microsoft activesync 2007-01-31 00:33 -------- d-------- C:\Program Files\skype 2007-01-31 00:33 -------- d-------- C:\Program Files\Common Files\skype 2007-01-19 20:03 4608 --a------ C:\WINDOWS\system32\w95inf32.dll 2007-01-19 20:03 2272 --a------ C:\WINDOWS\system32\w95inf16.dll 2007-01-19 13:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll 2007-01-19 13:09 6 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\dm.ini 2007-01-19 13:09 1217 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\adobedlm.log 2007-01-15 19:32 689280 --a------ C:\WINDOWS\system32\aswboot.exe 2007-01-15 19:23 90112 --a------ C:\WINDOWS\system32\avastss.scr (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "MsnMsgr"="~\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "Adobe Photo Downloader"="\"G:\\Toepassingen\\Adobe Photoshop\\3.0\\Apps\\apdproxy.exe\"" "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\llvxnjjx.dll\",setvm" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\ 33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{182B90A3-F372-438A-800C-6814B4DE417B}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"=dword:00000001 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffefc HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnoo [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-03-28 17:28:01 Logfile of HijackThis v1.99.1 Scan saved at 17:38:22, on 28-3-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Toepassingen\Adobe Photoshop\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\llvxnjjx.dll",setvm O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe hopelijk dat het verder helpt grtjes en many thanx.... :( :) :D :lol:
  • Hardnekkig he, Combofix heb je nog op je bureaublad? Ik ga er even van uit, download het anders even opnieuw. Volg onderstaande stappen aub. Ga naar Start - Uitvoeren en geef hier met behulp van kopiëren en plakken het volgende commando in: [b:a6f58a53c9]"%userprofile%\Bureaublad\Combofix.exe" /v iiffefc pmnoo[/b:a6f58a53c9] Bevestig dit met OK. Combofix zal starten en je PC zal rebooten, na de herstart opent het logje van Combofix, post dit in je volgende antwoord tesamen met een nieuw logje van HijackThis.
  • [quote:c104c82e40="juisterr"]Hardnekkig he, Combofix heb je nog op je bureaublad? Ik ga er even van uit, download het anders even opnieuw. Volg onderstaande stappen aub. Ga naar Start - Uitvoeren en geef hier met behulp van kopiëren en plakken het volgende commando in: [b:c104c82e40]"%userprofile%\Bureaublad\Combofix.exe" /v iiffefc pmnoo[/b:c104c82e40] Bevestig dit met OK. Combofix zal starten en je PC zal rebooten, na de herstart opent het logje van Combofix, post dit in je volgende antwoord tesamen met een nieuw logje van HijackThis.[/quote:c104c82e40] Hier een combofix log: "Administrator" - 07-03-29 9:48:17 Service Pack 2 ComboFix 07-03-27.4 - Running from: "C:\Documents and Settings\Administrator\Bureaublad" Command switches used :: /v iiffefc pmnoo (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\iiffefc.dll C:\WINDOWS\system32\pmnoo.dll C:\WINDOWS\system32\oonmp.bak1 C:\WINDOWS\system32\oonmp.bak2 C:\WINDOWS\system32\oonmp.ini * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-29 )))))))))))))))))))))))))))))))))) 2007-03-28 23:33 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Onlangs geopend 2007-03-28 10:28 132,116 --a------ C:\WINDOWS\system32\euoricin.dll 2007-03-27 10:27 48,708 --a------ C:\WINDOWS\system32\sswfwkww.dll 2007-03-26 08:22 21,193 --a------ C:\WINDOWS\system32\RemoveVideoActiveXObject.reg 2007-03-26 08:18 69,632 --a------ C:\WINDOWS\system32\remove.exe 2007-03-26 08:15 123,972 --a------ C:\WINDOWS\system32\llvxnjjx.dll 2007-03-25 23:00 132,116 --a------ C:\WINDOWS\system32\wjvkkfcn.dll 2007-03-25 22:38 <DIR> d-------- C:\WINDOWS\pss 2007-03-25 12:45 451,903 ---hs---- C:\WINDOWS\system32\qpppo.bak1 2007-03-25 11:38 280,676 ---hs---- C:\WINDOWS\system32\rqopq.dll 2007-03-24 22:56 132,116 --a------ C:\WINDOWS\system32\ggdffjgs.dll 2007-03-24 22:09 132,116 --a------ C:\WINDOWS\system32\ksjaxxfm.dll 2007-03-24 17:50 48,660 --a------ C:\WINDOWS\system32\tuyiwkyh.dll 2007-03-23 23:25 461,755 ---hs---- C:\WINDOWS\system32\nooqr.ini2 2007-03-23 23:07 <DIR> d-------- C:\Program Files\Common Files\PC Tools 2007-03-23 23:06 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-03-22 15:03 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2007-03-22 13:55 26,685 ---hs---- C:\WINDOWS\system32\rqrsroo.dll 2007-03-22 13:10 26,685 ---hs---- C:\WINDOWS\system32\rqrsrro.dll 2007-03-22 13:07 26,685 ---hs---- C:\WINDOWS\system32\khffccc.dll 2007-03-22 10:34 26,685 ---hs---- C:\WINDOWS\system32\khfgedb.dll 2007-03-22 02:41 26,685 ---hs---- C:\WINDOWS\system32\xxyxutq.dll 2007-03-22 01:48 461,375 ---hs---- C:\WINDOWS\system32\nooqr.bak2 2007-03-22 01:04 26,685 ---hs---- C:\WINDOWS\system32\qomnmnk.dll 2007-03-22 00:55 280,676 ---hs---- C:\WINDOWS\system32\efecd.dll 2007-03-22 00:40 26,685 ---hs---- C:\WINDOWS\system32\urqqnoo.dll 2007-03-22 00:20 26,685 ---hs---- C:\WINDOWS\system32\ddcyawt.dll 2007-03-22 00:19 26,685 ---hs---- C:\WINDOWS\system32\rqrrpmj.dll 2007-03-21 23:42 26,685 ---hs---- C:\WINDOWS\system32\vtuuutu.dll 2007-03-21 22:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-03-21 22:19 443,870 ---hs---- C:\WINDOWS\system32\nooqr.bak1 2007-03-21 22:18 280,676 ---hs---- C:\WINDOWS\system32\vtusq.dll 2007-03-21 22:13 26,685 ---hs---- C:\WINDOWS\system32\fccbcca.dll 2007-03-21 22:11 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-03-05 09:56 67,976 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GDIPFONTCACHEV1.DAT 2007-03-04 15:11 <DIR> d-------- C:\Program Files\Last.fm 2007-03-04 15:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Incomplete 2007-03-04 15:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\LimeWire 2007-03-04 15:01 <DIR> d-------- C:\Program Files\LimeWire 2007-03-01 19:29 <DIR> d-------- C:\Program Files\vso (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-25 22:13 -------- d-------- C:\Program Files\macrogaming 2007-03-25 12:36 -------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\skype 2007-03-25 11:41 54262 --a------ C:\WINDOWS\system32\perfc013.dat 2007-03-25 11:41 367234 --a------ C:\WINDOWS\system32\perfh013.dat 2007-03-22 18:09 -------- d-------- C:\Program Files\msn messenger 2007-03-20 15:47 -------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\azureus 2007-03-03 11:33 -------- d-------- C:\Program Files\java 2007-03-02 10:36 -------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\vso 2007-03-01 19:30 87608 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\ezpinst.exe 2007-03-01 19:30 7824 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\pcouffin.cat 2007-03-01 19:30 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-03-01 19:30 47360 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\pcouffin.sys 2007-03-01 19:30 34 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\pcouffin.log 2007-03-01 19:30 1144 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\pcouffin.inf 2007-02-23 11:35 -------- d-------- C:\Program Files\windows media connect 2 2007-02-18 22:18 -------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\dvdcss 2007-02-17 16:20 -------- d-------- C:\Program Files\avisynth 2.5 2007-02-17 16:20 -------- d-------- C:\Program Files\avi2dvd 2007-02-15 03:54 -------- d-------- C:\Program Files\google 2007-02-06 18:22 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-02-05 22:09 -------- d-------- C:\Program Files\microsoft activesync 2007-01-31 00:33 -------- d-------- C:\Program Files\skype 2007-01-31 00:33 -------- d-------- C:\Program Files\Common Files\skype 2007-01-19 20:03 4608 --a------ C:\WINDOWS\system32\w95inf32.dll 2007-01-19 20:03 2272 --a------ C:\WINDOWS\system32\w95inf16.dll 2007-01-19 13:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll 2007-01-19 13:09 6 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\dm.ini 2007-01-19 13:09 1217 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\adobedlm.log 2007-01-15 19:32 689280 --a------ C:\WINDOWS\system32\aswboot.exe 2007-01-15 19:23 90112 --a------ C:\WINDOWS\system32\avastss.scr (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "MsnMsgr"="~\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "Adobe Photo Downloader"="\"G:\\Toepassingen\\Adobe Photoshop\\3.0\\Apps\\apdproxy.exe\"" "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\llvxnjjx.dll\",setvm" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\ 33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-03-29 10:21:09 C:\ComboFix1.txt ... 07-03-28 17:28 Hier een hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 10:22:22, on 29-3-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\sswfwkww.dll O2 - BHO: (no name) - {5D117BD6-D384-455D-817C-CDBC595A0C0e} - C:\WINDOWS\system32\euoricin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Toepassingen\Adobe Photoshop\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\llvxnjjx.dll",setvm O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe Diegenen die voortvarend werkt werkt het langst.... :( :) :D nogmaals thanx...
  • Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:6188c31db4] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [/b:6188c31db4] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. [b:6188c31db4][color=blue:6188c31db4]Je Java software is verouderd.[/color:6188c31db4][/b:6188c31db4] oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem. [b:6188c31db4]Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:[/b:6188c31db4][list:6188c31db4] [*:6188c31db4]Download de nieuwste versie hier: [b:6188c31db4][url=http://java.sun.com/javase/downloads/index.jsp]Java Runtime Environment (JRE) 6 [/url][/b:6188c31db4]. [*:6188c31db4]Scroll naar beneden tot waar er staat: "[i:6188c31db4]Java Runtime Environment (JRE) 6 The J2SE Runtime Environment (JRE) allows end-users to run Java applications.[/i:6188c31db4]". [*:6188c31db4]Klik dan rechts op de "[b:6188c31db4]>>Download[/b:6188c31db4]" knop. [*:6188c31db4]Vink het volgende aan waar er staat: "[b:6188c31db4][i:6188c31db4]Accept[/b:6188c31db4] License Agreement[/i:6188c31db4]". [*:6188c31db4]De pagina zal herladen. [*:6188c31db4]Klik op de link: [b:6188c31db4]Windows Offline Installation, Multi-language[/b:6188c31db4]. De download zal starten, sla deze op je bureaublad op. [*:6188c31db4]Sluit alle programma's die eventueel open zijn - Zeker je web browser! [*:6188c31db4]Ga dan naar [b:6188c31db4]Start[/b:6188c31db4] > [b:6188c31db4]Configuratiescherm[/b:6188c31db4] en dubbelklik op [b:6188c31db4]software[/b:6188c31db4] en verwijder alle oudere versies van Java. [*:6188c31db4]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam. [*:6188c31db4]Klik dan op [b:6188c31db4]Verwijderen[/b:6188c31db4] of [b:6188c31db4]Wijzig/Verwijder[/b:6188c31db4] knop. [*:6188c31db4]Herhaal dit tot alle oudere versies verdwenen zijn. [*:6188c31db4]Na het verwijderen van alle oudere versies, herstart dan je pc. [*:6188c31db4]Dubbelklik dan op [b:6188c31db4]jre-6-windows-i586.exe[/b:6188c31db4] op je bureaublad om de nieuwste versie van Java te installeren. [/list:u:6188c31db4] Download [b:6188c31db4]Dr.Web CureIt[/b:6188c31db4] naar je bureaublad: [url=ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe]ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe[/url] Dubbelklik [b:6188c31db4]drweb-cureit.exe[/b:6188c31db4] en sta het toe om de express scan te starten. Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan. Eenmaal de korte scan is beeïndigd, Klik [b:6188c31db4]Options[/b:6188c31db4] > Change Settings Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse" Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen. Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen. Klik daarna de [b:6188c31db4]groene pijl[/b:6188c31db4] rechts om de scan te starten. Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren. Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:6188c31db4]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:6188c31db4] Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:6188c31db4]Move incurable[/b:6188c31db4] zoals je zal zien in volgende afbeelding: [img:6188c31db4]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:6188c31db4] Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben) Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:6188c31db4]file[/b:6188c31db4] en kies [b:6188c31db4]save report list[/b:6188c31db4]. Bewaar de log op je bureaublad. Sluit daarna Dr.Web Cureit. [b:6188c31db4]Herstart[/b:6188c31db4] je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart. Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post. Maak ook een nieuw HJT logje aub.
  • [quote:49a7c5666d="juisterr"]Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:49a7c5666d] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [/b:49a7c5666d] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. [b:49a7c5666d][color=blue:49a7c5666d]Je Java software is verouderd.[/color:49a7c5666d][/b:49a7c5666d] oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem. [b:49a7c5666d]Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:[/b:49a7c5666d][list:49a7c5666d] [*:49a7c5666d]Download de nieuwste versie hier: [b:49a7c5666d][url=http://java.sun.com/javase/downloads/index.jsp]Java Runtime Environment (JRE) 6 [/url][/b:49a7c5666d]. [*:49a7c5666d]Scroll naar beneden tot waar er staat: "[i:49a7c5666d]Java Runtime Environment (JRE) 6 The J2SE Runtime Environment (JRE) allows end-users to run Java applications.[/i:49a7c5666d]". [*:49a7c5666d]Klik dan rechts op de "[b:49a7c5666d]>>Download[/b:49a7c5666d]" knop. [*:49a7c5666d]Vink het volgende aan waar er staat: "[b:49a7c5666d][i:49a7c5666d]Accept[/b:49a7c5666d] License Agreement[/i:49a7c5666d]". [*:49a7c5666d]De pagina zal herladen. [*:49a7c5666d]Klik op de link: [b:49a7c5666d]Windows Offline Installation, Multi-language[/b:49a7c5666d]. De download zal starten, sla deze op je bureaublad op. [*:49a7c5666d]Sluit alle programma's die eventueel open zijn - Zeker je web browser! [*:49a7c5666d]Ga dan naar [b:49a7c5666d]Start[/b:49a7c5666d] > [b:49a7c5666d]Configuratiescherm[/b:49a7c5666d] en dubbelklik op [b:49a7c5666d]software[/b:49a7c5666d] en verwijder alle oudere versies van Java. [*:49a7c5666d]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam. [*:49a7c5666d]Klik dan op [b:49a7c5666d]Verwijderen[/b:49a7c5666d] of [b:49a7c5666d]Wijzig/Verwijder[/b:49a7c5666d] knop. [*:49a7c5666d]Herhaal dit tot alle oudere versies verdwenen zijn. [*:49a7c5666d]Na het verwijderen van alle oudere versies, herstart dan je pc. [*:49a7c5666d]Dubbelklik dan op [b:49a7c5666d]jre-6-windows-i586.exe[/b:49a7c5666d] op je bureaublad om de nieuwste versie van Java te installeren. [/list:u:49a7c5666d] Download [b:49a7c5666d]Dr.Web CureIt[/b:49a7c5666d] naar je bureaublad: [url=ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe]ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe[/url] Dubbelklik [b:49a7c5666d]drweb-cureit.exe[/b:49a7c5666d] en sta het toe om de express scan te starten. Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan. Eenmaal de korte scan is beeïndigd, Klik [b:49a7c5666d]Options[/b:49a7c5666d] > Change Settings Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse" Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen. Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen. Klik daarna de [b:49a7c5666d]groene pijl[/b:49a7c5666d] rechts om de scan te starten. Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren. Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:49a7c5666d]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:49a7c5666d] Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:49a7c5666d]Move incurable[/b:49a7c5666d] zoals je zal zien in volgende afbeelding: [img:49a7c5666d]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:49a7c5666d] Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben) Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:49a7c5666d]file[/b:49a7c5666d] en kies [b:49a7c5666d]save report list[/b:49a7c5666d]. Bewaar de log op je bureaublad. Sluit daarna Dr.Web Cureit. [b:49a7c5666d]Herstart[/b:49a7c5666d] je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart. Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post. Maak ook een nieuw HJT logje aub.[/quote:49a7c5666d] Hoi, Opmerking - Bij de eerste actie waar een 'do a system scan only' via hijackthis uitgevoerd is, zijn de volgende items niet in de scan voorgekomen: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = - Na het scannen van bestanden door programma Dr.Web Cureit heb ik de pc herstart. De pc start wel op, maar geeft wel een melding dat hij het opgegeven module ( C:\WINDOWS\system32\llvxnjjx.dll ) niet kan vinden. euoricin.dll;c:\windows\system32;Adware.Crew;Moved.; llvxnjjx.dll;c:\windows\system32;Trojan.Virtumod;Will be cured after reboot.; sswfwkww.dll;c:\windows\system32;Trojan.Virtumod;Deleted.; A0016901.dll;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP75;Trojan.Virtumod;Deleted.; A0017929.dll;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP75;Trojan.Virtumod;Deleted.; A0017996.exe;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP75;Trojan.Virtumod;Deleted.; A0018115.rbf;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP77;BackDoor.Funmaker;Deleted.; A0018139.dll;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP78;Trojan.Virtumod;Deleted.; A0018140.dll;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP78;Trojan.Virtumod;Deleted.; A0018449.dll;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP80;Trojan.Virtumod;Deleted.; A0019449.dll;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP80;Trojan.Virtumod;Deleted.; A0019450.dll;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP80;Trojan.Virtumod;Deleted.; A0019493.dll;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP80;Trojan.Virtumod;Deleted.; A0019494.dll;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP80;Trojan.Virtumod;Deleted.; A0020473.dll;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP81;Trojan.Virtumod;Deleted.; A0020474.dll;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP81;Trojan.Virtumod;Deleted.; A0022512.dll;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP82;Trojan.Virtumod;Deleted.; A0022518.dll;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP82;Trojan.Virtumod;Deleted.; A0022519.dll;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP82;Trojan.Virtumod;Deleted.; A0022534.dll;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP82;Trojan.Virtumod;Deleted.; A0022649.dll;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP82;Trojan.Virtumod;Deleted.; A0022650.dll;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP82;Trojan.Virtumod;Deleted.; S0022548.Acl;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP82;Modification of RPME.WByte;Moved.; A0022996.dll;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP84;Trojan.Virtumod;Deleted.; A0022997.dll;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP84;Trojan.Virtumod;Deleted.; A0024304.dll;C:\System Volume Information\_restore{D7D94866-DB6C-4840-B403-B667D8C1B80B}\RP87;Trojan.Virtumod;Deleted.; ddcyawt.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.; efecd.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.; euoricin.dll;C:\WINDOWS\system32;Adware.Crew;; fccbcca.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.; ggdffjgs.dll;C:\WINDOWS\system32;Adware.Crew;Moved.; khffccc.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.; khfgedb.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.; ksjaxxfm.dll;C:\WINDOWS\system32;Adware.Crew;Moved.; llvxnjjx.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.; qomnmnk.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.; rqopq.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.; rqrrpmj.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.; rqrsroo.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.; rqrsrro.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.; trz375.tmp;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.; tuyiwkyh.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.; urqqnoo.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.; vtusq.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.; vtuuutu.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.; wjvkkfcn.dll;C:\WINDOWS\system32;Adware.Crew;Moved.; xxyxutq.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.; Logfile of HijackThis v1.99.1 Scan saved at 17:55:18, on 29-3-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.658\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\sswfwkww.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Toepassingen\Adobe Photoshop\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\llvxnjjx.dll",setvm O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe de aanhouder wint....!!!! :D :D :D :D niet gedacht dat trojans/virussen/spam zo hardnekkig kunnen maar als er behulpzame mensen op het "NET" vrijwillig dit doen is het "sociaal" aanvaardbaar en heeft "internet" daardoor een grote toekomst....! thanx duizendmaal thanx...
  • [color=green:7242824d5f]Installeer hijackthis.exe bijv. in C:\Program Files\[b:7242824d5f]Hijackthis[/b:7242824d5f] Dit in verband met de backups die dit programma maakt.[/color:7242824d5f] Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:7242824d5f] O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} -C:\WINDOWS\system32\sswfwkww.dll (file missing) O4 - HKLM\..\Run: [SoundService] rundll32.exe"C:\WINDOWS\system32\llvxnjjx.dll",setvm [/b:7242824d5f] start je verkenner en verwijder onderstaande directory (ik heb hem even dikgedrukt) C:\WINDOWS\system32\[b:7242824d5f]llvxnjjx.dll[/b:7242824d5f] Lukt het niet in normale modus start dan op in veilige modus en probeer het dan nog eens. [b:7242824d5f][color=blue:7242824d5f]Je Java software is verouderd.[/color:7242824d5f][/b:7242824d5f] oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem. [b:7242824d5f]Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:[/b:7242824d5f][list:7242824d5f] [*:7242824d5f]Download de nieuwste versie hier: [b:7242824d5f][url=http://java.sun.com/javase/downloads/index.jsp]Java Runtime Environment (JRE) 6 [/url][/b:7242824d5f]. [*:7242824d5f]Scroll naar beneden tot waar er staat: "[i:7242824d5f]Java Runtime Environment (JRE) 6 The J2SE Runtime Environment (JRE) allows end-users to run Java applications.[/i:7242824d5f]". [*:7242824d5f]Klik dan rechts op de "[b:7242824d5f]>>Download[/b:7242824d5f]" knop. [*:7242824d5f]Vink het volgende aan waar er staat: "[b:7242824d5f][i:7242824d5f]Accept[/b:7242824d5f] License Agreement[/i:7242824d5f]". [*:7242824d5f]De pagina zal herladen. [*:7242824d5f]Klik op de link: [b:7242824d5f]Windows Offline Installation, Multi-language[/b:7242824d5f]. De download zal starten, sla deze op je bureaublad op. [*:7242824d5f]Sluit alle programma's die eventueel open zijn - Zeker je web browser! [*:7242824d5f]Ga dan naar [b:7242824d5f]Start[/b:7242824d5f] > [b:7242824d5f]Configuratiescherm[/b:7242824d5f] en dubbelklik op [b:7242824d5f]software[/b:7242824d5f] en verwijder alle oudere versies van Java. [*:7242824d5f]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam. [*:7242824d5f]Klik dan op [b:7242824d5f]Verwijderen[/b:7242824d5f] of [b:7242824d5f]Wijzig/Verwijder[/b:7242824d5f] knop. [*:7242824d5f]Herhaal dit tot alle oudere versies verdwenen zijn. [*:7242824d5f]Na het verwijderen van alle oudere versies, herstart dan je pc. [*:7242824d5f]Dubbelklik dan op [b:7242824d5f]jre-6-windows-i586.exe[/b:7242824d5f] op je bureaublad om de nieuwste versie van Java te installeren. [/list:u:7242824d5f] laat nogmaals Dr.web zijn werk eens doen. Plaats een nieuw HJT logje aub. Juisterr en bedankt voor je bedankje, het gaat zelfs nog verder er is een internationaal forum waar je je klacht (als je dat wil) kan plaatsen. http://www.malwarecomplaints.info/viewforum.php?f=16 Zoek daar je besmetting op, Vundo / Virtumondo, en plaats daar je klacht, staat de besmetting niet in de lijst zet het dan in dit topic http://www.malwarecomplaints.info/viewtopic.php?t=110 vertel erbij hoe je hem opgelopen hebt en wat het heeft gekost aan tijd en geld om het er weer af te krijgen, waar je geholpen bent enzovoorts. bvd Juisterr
  • [quote:3b44761804="juisterr"][color=green:3b44761804]Installeer hijackthis.exe bijv. in C:\Program Files\[b:3b44761804]Hijackthis[/b:3b44761804] Dit in verband met de backups die dit programma maakt.[/color:3b44761804] Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:3b44761804] O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} -C:\WINDOWS\system32\sswfwkww.dll (file missing) O4 - HKLM\..\Run: [SoundService] rundll32.exe"C:\WINDOWS\system32\llvxnjjx.dll",setvm [/b:3b44761804] start je verkenner en verwijder onderstaande directory (ik heb hem even dikgedrukt) C:\WINDOWS\system32\[b:3b44761804]llvxnjjx.dll[/b:3b44761804] Lukt het niet in normale modus start dan op in veilige modus en probeer het dan nog eens. [b:3b44761804][color=blue:3b44761804]Je Java software is verouderd.[/color:3b44761804][/b:3b44761804] oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem. [b:3b44761804]Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:[/b:3b44761804][list:3b44761804] [*:3b44761804]Download de nieuwste versie hier: [b:3b44761804][url=http://java.sun.com/javase/downloads/index.jsp]Java Runtime Environment (JRE) 6 [/url][/b:3b44761804]. [*:3b44761804]Scroll naar beneden tot waar er staat: "[i:3b44761804]Java Runtime Environment (JRE) 6 The J2SE Runtime Environment (JRE) allows end-users to run Java applications.[/i:3b44761804]". [*:3b44761804]Klik dan rechts op de "[b:3b44761804]>>Download[/b:3b44761804]" knop. [*:3b44761804]Vink het volgende aan waar er staat: "[b:3b44761804][i:3b44761804]Accept[/b:3b44761804] License Agreement[/i:3b44761804]". [*:3b44761804]De pagina zal herladen. [*:3b44761804]Klik op de link: [b:3b44761804]Windows Offline Installation, Multi-language[/b:3b44761804]. De download zal starten, sla deze op je bureaublad op. [*:3b44761804]Sluit alle programma's die eventueel open zijn - Zeker je web browser! [*:3b44761804]Ga dan naar [b:3b44761804]Start[/b:3b44761804] > [b:3b44761804]Configuratiescherm[/b:3b44761804] en dubbelklik op [b:3b44761804]software[/b:3b44761804] en verwijder alle oudere versies van Java. [*:3b44761804]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam. [*:3b44761804]Klik dan op [b:3b44761804]Verwijderen[/b:3b44761804] of [b:3b44761804]Wijzig/Verwijder[/b:3b44761804] knop. [*:3b44761804]Herhaal dit tot alle oudere versies verdwenen zijn. [*:3b44761804]Na het verwijderen van alle oudere versies, herstart dan je pc. [*:3b44761804]Dubbelklik dan op [b:3b44761804]jre-6-windows-i586.exe[/b:3b44761804] op je bureaublad om de nieuwste versie van Java te installeren. [/list:u:3b44761804] laat nogmaals Dr.web zijn werk eens doen. Plaats een nieuw HJT logje aub. Juisterr en bedankt voor je bedankje, het gaat zelfs nog verder er is een internationaal forum waar je je klacht (als je dat wil) kan plaatsen. http://www.malwarecomplaints.info/viewforum.php?f=16 Zoek daar je besmetting op, Vundo / Virtumondo, en plaats daar je klacht, staat de besmetting niet in de lijst zet het dan in dit topic http://www.malwarecomplaints.info/viewtopic.php?t=110 vertel erbij hoe je hem opgelopen hebt en wat het heeft gekost aan tijd en geld om het er weer af te krijgen, waar je geholpen bent enzovoorts. bvd Juisterr[/quote:3b44761804] hier nog een message van mijn nichtje: Hoi, Opmerkingen: 1 ) Bij het uitvoeren van 'do a system scan only' met hijackthis heb ik de volgende item niet kunnen vinden - O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} -C:\WINDOWS\system32\sswfwkww.dll (file missing) ( Er stond wel O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - (no file), maar ik heb deze niet geselecteerd, aangezien ik niet weet of zo'n item exact de zelfde omschrijving moet hebben zoals je hebt opgeschreven ) 2) Ik heb de andere item ( O4 - HKLM\..\Run: [SoundService] rundll32.exe"C:\WINDOWS\system32\llvxnjjx.dll",setvm ) wel geselecteerd, alleen ik heb geen 'fix checked' uitgevoerd zoals voorheen wel moest gebeuren, aangezien je het er niet bij vermeld hebt. Dus heb ik gewoon de volgende stap gevolgd en 'verkenner' gestart en getracht de genoemde directory ( C:\WINDOWS\system32\llvxnjjx.dll ) te verwijderen. Echter, heb ik deze directory nergens kunnen vinden. Heb dit ook al geprobeerd door in veilige modus op te starten, maar de computer kan het niet vinden. 3) De nieuwe versie van Java Runtime (JRE) 6 heb ik de vorige keer al gedownload via de site die je had genoemd en heb de oude versies tevens verwijderd. Dit was de enige toepassing die ik heb kunnen vinden jre-6u1-windows-i586.exe en heb geinstalleerd. groetjes _________________________________________________________________ Live Search, for accurate results! http://www.live.nl Logfile of HijackThis v1.99.1 Scan saved at 11:39:11, on 31-3-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Toepassingen\Adobe Photoshop\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\llvxnjjx.dll",setvm O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe zo, ff voor de drweb.csv zal ik googlen om de tekst leesbaar te maken zal ik later ff uploaden... thanx /.... :( :) :D
  • We krijgen hem wel weg hoor. Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [b:c1e7482f2f][color=blue:c1e7482f2f]REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SoundService"=- [/b:c1e7482f2f][/color:c1e7482f2f] Sla dit op, op je Bureaublad als [b:c1e7482f2f]regfix.reg[/b:c1e7482f2f], met als type 'alle bestanden' Dubbelklik op [b:c1e7482f2f]regfix.reg[/b:c1e7482f2f] en sta het toevoegen aan het register toe. Ga naar Start - Uitvoeren en geef hier met behulp van kopiëren en plakken het volgende commando in: [b:c1e7482f2f]"%userprofile%\Bureaublad\Combofix.exe" /v llvxnjjx[/b:c1e7482f2f] Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:c1e7482f2f] O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - (no file) O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\llvxnjjx.dll",setvm [/b:c1e7482f2f] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Zoek met verkenner naar dit item, die mag je verwijderen. C:\WINDOWS\system32\[b:c1e7482f2f]llvxnjjx.dll[/b:c1e7482f2f] Download [url=http://www.atribune.org/ccount/click.php?id=4][b:c1e7482f2f][color=red:c1e7482f2f]VundoFix.exe[/color:c1e7482f2f][/b:c1e7482f2f][/url] naar je bureaublad.[list:c1e7482f2f] [*:c1e7482f2f]Dubbelklik [b:c1e7482f2f]Vundofix.exe[/b:c1e7482f2f] om het te starten. [*:c1e7482f2f]Klik op [b:c1e7482f2f]scan for Vundo[/b:c1e7482f2f] [*:c1e7482f2f]Als het programma klaar is met scannen dan klik je op [b:c1e7482f2f]remove Vundo[/b:c1e7482f2f] Als er een melding komt "want to remove the files", klik dan [b:c1e7482f2f]Yes[/b:c1e7482f2f] [*:c1e7482f2f]Zodra je dat hebt gedaan wordt je bureaublad blank omdat de tool Vundo gaat verwijderen. [*:c1e7482f2f]Daarna, wordt je geadviseerd je computer af te sluiten [*:c1e7482f2f]Klik [b:c1e7482f2f]OK[/b:c1e7482f2f] [*:c1e7482f2f]Zet de computer weer aan. [*:c1e7482f2f]Post de inhoud van C:\[b:c1e7482f2f]vundofix.txt[/b:c1e7482f2f] samen met een nieuw HJT log in je volgende post.[/list:u:c1e7482f2f] Note: Het is mogelijk dat vundofix een bestand gevonden heeft dat niet kon verwijderd worden. In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf: "Klik op [b:c1e7482f2f]Scan for Vundo[/b:c1e7482f2f]." succes
  • [quote:bf6fa65116="juisterr"]We krijgen hem wel weg hoor. Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [b:bf6fa65116][color=blue:bf6fa65116]REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SoundService"=- [/b:bf6fa65116][/color:bf6fa65116] Sla dit op, op je Bureaublad als [b:bf6fa65116]regfix.reg[/b:bf6fa65116], met als type 'alle bestanden' Dubbelklik op [b:bf6fa65116]regfix.reg[/b:bf6fa65116] en sta het toevoegen aan het register toe. Ga naar Start - Uitvoeren en geef hier met behulp van kopiëren en plakken het volgende commando in: [b:bf6fa65116]"%userprofile%\Bureaublad\Combofix.exe" /v llvxnjjx[/b:bf6fa65116] Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:bf6fa65116] O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - (no file) O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\llvxnjjx.dll",setvm [/b:bf6fa65116] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Zoek met verkenner naar dit item, die mag je verwijderen. C:\WINDOWS\system32\[b:bf6fa65116]llvxnjjx.dll[/b:bf6fa65116] Download [url=http://www.atribune.org/ccount/click.php?id=4][b:bf6fa65116][color=red:bf6fa65116]VundoFix.exe[/color:bf6fa65116][/b:bf6fa65116][/url] naar je bureaublad.[list:bf6fa65116] [*:bf6fa65116]Dubbelklik [b:bf6fa65116]Vundofix.exe[/b:bf6fa65116] om het te starten. [*:bf6fa65116]Klik op [b:bf6fa65116]scan for Vundo[/b:bf6fa65116] [*:bf6fa65116]Als het programma klaar is met scannen dan klik je op [b:bf6fa65116]remove Vundo[/b:bf6fa65116] Als er een melding komt "want to remove the files", klik dan [b:bf6fa65116]Yes[/b:bf6fa65116] [*:bf6fa65116]Zodra je dat hebt gedaan wordt je bureaublad blank omdat de tool Vundo gaat verwijderen. [*:bf6fa65116]Daarna, wordt je geadviseerd je computer af te sluiten [*:bf6fa65116]Klik [b:bf6fa65116]OK[/b:bf6fa65116] [*:bf6fa65116]Zet de computer weer aan. [*:bf6fa65116]Post de inhoud van C:\[b:bf6fa65116]vundofix.txt[/b:bf6fa65116] samen met een nieuw HJT log in je volgende post.[/list:u:bf6fa65116] Note: Het is mogelijk dat vundofix een bestand gevonden heeft dat niet kon verwijderd worden. In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf: "Klik op [b:bf6fa65116]Scan for Vundo[/b:bf6fa65116]." succes[/quote:bf6fa65116] Hier het volgend berichtje: Hoi, Ik heb een aantal opmerkingen; 1) Bij 'do a system scan only' via programma hijackthis heb ik de volgende item niet kunnen vinden O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\llvxnjjx.dll",setvm 2) Na het sluiten van alle vensters behalve hijackthis en 'fix checked' ingeklikt te hebben, heb ik via verkenner naar het item C:\WINDOWS\system32\llvxnjjx.dll gezocht om het te verwijderen, maar kan deze item weer nergens vinden Telkens als ik pc opstart, krijg ik wel een melding dat de computer het opgegeven module 'llvxnjjx.dll' niet kan vinden 3) Vundofix heeft geen virussen gevonden en er is ook geen log aangemaakt, vandaar dat ik alleen het logje van hijackthis heb opgestuurd Logfile of HijackThis v1.99.1 Scan saved at 11:45:37, on 2-4-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hijackthis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Toepassingen\Adobe Photoshop\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe Hoop dat het wat duidelijk wordt, grtjes en thanx :) :D
  • Mocht je deze niet meer hebben? Download [b:33b7cb0b17]Dr.Web CureIt[/b:33b7cb0b17] naar je bureaublad: [url=ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe]ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe[/url] Dubbelklik [b:33b7cb0b17]drweb-cureit.exe[/b:33b7cb0b17] en sta het toe om de express scan te starten. Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan. Eenmaal de korte scan is beeïndigd, Klik [b:33b7cb0b17]Options[/b:33b7cb0b17] > Change Settings Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse" Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen. Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen. Klik daarna de [b:33b7cb0b17]groene pijl[/b:33b7cb0b17] rechts om de scan te starten. Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren. Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:33b7cb0b17]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:33b7cb0b17] Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:33b7cb0b17]Move incurable[/b:33b7cb0b17] zoals je zal zien in volgende afbeelding: [img:33b7cb0b17]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:33b7cb0b17] Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben) Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:33b7cb0b17]file[/b:33b7cb0b17] en kies [b:33b7cb0b17]save report list[/b:33b7cb0b17]. Bewaar de log op je bureaublad. Sluit daarna Dr.Web Cureit. [b:33b7cb0b17]Herstart[/b:33b7cb0b17] je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart. Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post. Lijkt nu toch wel gelukt te zijn hoor.
  • [quote:7fbe479bad="juisterr"]Mocht je deze niet meer hebben? Download [b:7fbe479bad]Dr.Web CureIt[/b:7fbe479bad] naar je bureaublad: [url=ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe]ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe[/url] Dubbelklik [b:7fbe479bad]drweb-cureit.exe[/b:7fbe479bad] en sta het toe om de express scan te starten. Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan. Eenmaal de korte scan is beeïndigd, Klik [b:7fbe479bad]Options[/b:7fbe479bad] > Change Settings Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse" Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen. Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen. Klik daarna de [b:7fbe479bad]groene pijl[/b:7fbe479bad] rechts om de scan te starten. Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren. Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:7fbe479bad]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:7fbe479bad] Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:7fbe479bad]Move incurable[/b:7fbe479bad] zoals je zal zien in volgende afbeelding: [img:7fbe479bad]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:7fbe479bad] Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben) Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:7fbe479bad]file[/b:7fbe479bad] en kies [b:7fbe479bad]save report list[/b:7fbe479bad]. Bewaar de log op je bureaublad. Sluit daarna Dr.Web Cureit. [b:7fbe479bad]Herstart[/b:7fbe479bad] je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart. Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post. Lijkt nu toch wel gelukt te zijn hoor.[/quote:7fbe479bad] Hier haar uiteindelijke message.....: :( :) :D Hoi, Ik heb dr.web cureit uitgevoerd en de programma heeft geen virussen enzo gevonden. Er is dus ook geen log aangemaakt. Mijn vraag is of mijn computer nu virus/trojan-vrij is? Als dit zo is, dan wil degene hartelijk bedanken voor de moeite om mijn pc weer in orde te maken. groetjes

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.