Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Help mij van mijn trojan af (Win32:TratBHO [Trj]) aub?!

Glennekind
10 antwoorden
  • Hallo allen, hierbij mijn eerste post op dit forum.

    2 dagen geleden was ik op zoek naar lyrics van een bepaalde artiest. Toen ik via Google op een lyricsite belandde, bleek dit een malefide kwestie. Mijn virusscanner (Avast) gaf aan dat ie overal traces vond van Win32:TratBHO [Trj]. Tegelijkertijd popte er overal vragen op of ik allerlei software wou installeren. Dit heb ik uiteraard geweigerd.
    Wat overbleef waren de meldingen van mijn virusscanner. Vervolgens ben ik mijn pc gaan opschonen met een cocktail van progjes, en uiteindelijk las ik hier de FAQ.
    Tot nu toe heb ik dit gebruikt:

    Ad-aware
    CCleaner
    Spybot S&D
    CWShredder
    HijackThis
    (en een grondige scan met mijn virusscanner)

    Het ding is dus, dat al deze programma's wel telkens iets 'verkeerds' vinden, en deze dingen ook verwijderen/fixen. Echter, mijn virusscanner blijft deze meldingen geven.
    Nu heb ik dus als laatste HijackThis gebruikt. Zie hier mijn log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:14:01, on 7-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Drmupgds\Drmupgds.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.zelda4ever.com/forum
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1A0A464E-8ADE-4D8C-8BB6-91FB5D8F2569} - C:\WINDOWS\system32\pmkhi.dll (file missing)
    O2 - BHO: (no name) - {373726B3-432C-4A4D-92AE-2B318195E569} - C:\Program Files\MSN Gaming Zone\meqosagC:\WINDOWS\system32\feq9\kiffs83122.exe.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8B2BCE26-696E-4DA1-9BB3-73945D92736C} - C:\WINDOWS\system32\awvvs.dll (file missing)
    O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\efcdaya.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"

    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\The Great Glenn\Mijn documenten\msnplus\MsgPlus.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Documents and Settings\The Great Glenn\Mijn documenten\msnplus\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.apple.com
    O15 - Trusted Zone: http://www.groeneralsblauw.tk
    O15 - Trusted Zone: http://www.groenerdanblauw.tk
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {37802401-C7E2-11D7-8582-0048548470B6} (VRCLoader) - http://www.connectu.nl/download/vrcloader.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142953766796
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://amersfoortcam.vedor.nl/AxisCamControl.cab
    O16 - DPF: {98827C42-6A82-11D7-8582-0048548470B6} (VideoRaver) - http://www.connectu.nl/download/videoraver.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DC9661CB-3756-47F4-B512-AEFC15E715B0} (AudioPlugin Class) - http://www.connectu.nl/download/vrp_adio.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4529/mcfscan.cab
    O20 - Winlogon Notify: efcdaya - C:\WINDOWS\SYSTEM32\efcdaya.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


    End of file - 9326 bytes

    Kan iemand op dit forum mij ajb helpen? Ben een beetje ten einde raad :(

    mvg,

    Glenn
  • momentje ik ga kijken voor je
  • Download [b:0f01e6bfd0]Combofix[/b:0f01e6bfd0] naar je Bureaublad.
    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:0f01e6bfd0]download Combofix opnieuw[/b:0f01e6bfd0]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:0f01e6bfd0]
    Dubbelklik op [b:0f01e6bfd0]Combofix.exe[/b:0f01e6bfd0]
    Volg de instructies, aanvaard de disclaimer door [b:0f01e6bfd0]1[/b:0f01e6bfd0] (continue) te typen, gevolgd door [b:0f01e6bfd0]ENTER[/b:0f01e6bfd0].
    Tijdens het runnen van de fix, [b:0f01e6bfd0]NIET[/b:0f01e6bfd0] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:0f01e6bfd0]
    Wanneer de fix voltooid is en na herstart, zal de log [b:0f01e6bfd0]combofix.txt[/b:0f01e6bfd0] openen.
    [i:0f01e6bfd0]Plaats dit log in je volgende post samen met een nieuw HijackThis log.[/i:0f01e6bfd0]

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:0f01e6bfd0]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: (no name) - {1A0A464E-8ADE-4D8C-8BB6-91FB5D8F2569} - C:\WINDOWS\system32\pmkhi.dll (file missing)
    O2 - BHO: (no name) - {373726B3-432C-4A4D-92AE-2B318195E569} - C:\Program Files\MSN Gaming Zone\meqosagC:\WINDOWS\system32\feq9\kiffs83122.exe.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8B2BCE26-696E-4DA1-9BB3-73945D92736C} - C:\WINDOWS\system32\awvvs.dll (file missing)
    O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\efcdaya.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O20 - Winlogon Notify: efcdaya - C:\WINDOWS\SYSTEM32\efcdaya.dll
    [/b:0f01e6bfd0]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.



    Download [b:0f01e6bfd0]Java Runtime Environment (JRE) 6u4[/color:0f01e6bfd0][/b:0f01e6bfd0].
    [list:0f01e6bfd0][*:0f01e6bfd0]Scroll omlaag naar : "[i:0f01e6bfd0]Java Runtime Environment (JRE) 6u4[/i:0f01e6bfd0]".
    [*:0f01e6bfd0]Klik op de "[b:0f01e6bfd0]Download[/b:0f01e6bfd0]" knop aan de rechterkant.
    [*:0f01e6bfd0]In het uitklapmenu rechts naast [b:0f01e6bfd0]Platform[/b:0f01e6bfd0], selecteer [b:0f01e6bfd0]Windows[/b:0f01e6bfd0][/color:0f01e6bfd0]
    [*:0f01e6bfd0]Vink aan: "[b:0f01e6bfd0]I agree to the Java SE Runtime Environment 6 License Agreement[/b:0f01e6bfd0]", en klik op [b:0f01e6bfd0]Continue[/b:0f01e6bfd0].
    [*:0f01e6bfd0]De pagina zal herladen.
    [*:0f01e6bfd0]Klik op de [b:0f01e6bfd0]jre-6u4-windows-i586-p.exe[/b:0f01e6bfd0] link ONDER [b:0f01e6bfd0]Windows Offline Installation[/b:0f01e6bfd0] en bewaar het naar je Bureaublad.
    [*:0f01e6bfd0]Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    [*:0f01e6bfd0]Ga dan naar [b:0f01e6bfd0]Start[/b:0f01e6bfd0] > [b:0f01e6bfd0]Configuratiescherm[/b:0f01e6bfd0] > [b:0f01e6bfd0]Software[/b:0f01e6bfd0] en verwijder alle oudere versies van Java uit de Softwarelijst.
    [*:0f01e6bfd0]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
    [*:0f01e6bfd0]Klik dan op [b:0f01e6bfd0]Verwijderen[/b:0f01e6bfd0] of op de [b:0f01e6bfd0]Wijzig/Verwijder[/b:0f01e6bfd0] knop.
    [*:0f01e6bfd0]Herhaal dit tot alle oudere versies verdwenen zijn.
    [*:0f01e6bfd0]Na het verwijderen van alle oudere versies, [b:0f01e6bfd0]herstart[/b:0f01e6bfd0] je pc.
    [*:0f01e6bfd0]Dubbelklik vervolgens op [b:0f01e6bfd0]jre-6u4-windows-i586-p.exe[/b:0f01e6bfd0] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:0f01e6bfd0]


    succes
  • dankje :) ik ga zo je stappenplan opvolgen.
    is het trouwens heel ernstig gesteld met mijn pc?
  • alles gedaan :)

    hier mijn logjes…

    combofix:

    ComboFix 08-02.05.3 - The Great Glenn 2008-02-08 1:09:12.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.69 [GMT 1:00]Gestart vanuit: C:\Documents and Settings\The Great Glenn\Local Settings\Temporary Internet Files\Content.IE5\DKKYZ5DH\ComboFix[1].exe
    * Nieuw herstelpunt werd aangemaakt

    [b:85bd9642c5]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:85bd9642c5][/color:85bd9642c5]
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\efcdaya.dll
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\WINDOWS\b122.exe
    C:\WINDOWS\mrofinu1000106.exe
    C:\WINDOWS\mrofinu572.exe
    C:\WINDOWS\SYSTEM32\bccdd.ini
    C:\WINDOWS\SYSTEM32\bccdd.ini2
    C:\WINDOWS\system32\ddccb.dll
    C:\WINDOWS\system32\drivers\fad.sys
    C:\WINDOWS\system32\efcdaya.dll
    C:\WINDOWS\SYSTEM32\ihkmp.ini
    C:\WINDOWS\SYSTEM32\ihkmp.ini2
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\SYSTEM32\svvwa.ini
    C:\WINDOWS\SYSTEM32\svvwa.ini2
    C:\WINDOWS\system32\vtuvvuu.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))
    .

    2008-02-07 15:55 . 2008-02-07 15:58 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-07 15:52 . 2008-02-07 15:52 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-07 04:00 . 2008-02-07 20:52 <DIR> dr-h—– C:\Documents and Settings\The Great Glenn\Onlangs geopend
    2008-02-07 03:59 . 2008-02-07 03:59 <DIR> d——– C:\Program Files\CCleaner
    2008-02-07 03:47 . 2008-02-07 03:47 <DIR> d——– C:\Program Files\Trend Micro
    2008-02-06 01:51 . 2008-02-06 01:51 <DIR> d——– C:\Program Files\Drmupgds
    2008-02-06 01:48 . 2008-02-07 15:41 <DIR> d——– C:\WINDOWS\SYSTEM32\feq9
    2008-02-06 01:47 . 2008-02-06 01:47 <DIR> d——– C:\WINDOWS\SYSTEM32
    Gpxx01
    2008-02-06 01:47 . 2008-02-06 01:48 <DIR> d——– C:\WINDOWS\SYSTEM32\dp1
    2008-02-06 01:47 . 2008-02-06 01:48 <DIR> d——– C:\Temp\isgTi19
    2008-02-06 01:47 . 2008-02-08 01:10 <DIR> d——– C:\Temp
    2008-02-06 01:47 . 2008-02-06 01:47 36,864 –a—— C:\WINDOWS\mrofinu572.exe.tmp
    2008-02-02 18:17 . 2008-02-02 18:17 <DIR> d——– C:\Program Files\Power Tab Software
    2008-01-17 17:07 . 2008-01-17 17:07 1,409 –a—— C:\WINDOWS\QTFont.for
    2008-01-17 17:06 . 2008-01-17 17:06 <DIR> d——– C:\Program Files\iTunes
    2008-01-17 17:06 . 2008-01-17 17:06 <DIR> d——– C:\Program Files\iPod
    2008-01-17 17:03 . 2008-01-17 17:04 <DIR> d——– C:\Program Files\QuickTime
    2008-01-10 15:27 . 2008-01-10 15:27 90,112 –a—— C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
    2008-01-10 15:27 . 2008-01-10 15:27 57,344 –a—— C:\WINDOWS\SYSTEM32\QuickTime.qts

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-07 17:08 ——— d—–w C:\Program Files\Spybot - Search & Destroy
    2008-02-07 17:08 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-07 14:57 ——— d—–w C:\Program Files\Lavasoft
    2008-02-07 14:57 ——— d—–w C:\Documents and Settings\The Great Glenn\Application Data\Lavasoft
    2008-02-06 01:46 ——— d—–w C:\Program Files\SpywareBlaster
    2008-02-06 01:45 ——— d—–w C:\Program Files\Hitman Pro
    2008-02-05 22:36 ——— d—–w C:\Documents and Settings\The Great Glenn\Application Data\Azureus
    2008-01-25 20:21 ——— d—–w C:\Program Files\PartyGaming
    2008-01-20 20:04 ——— d—–w C:\Program Files\Azureus
    2008-01-08 00:46 ——— d—–w C:\Program Files\DivX
    2008-01-04 15:00 ——— d—–w C:\Program Files\Lacie
    2008-01-02 02:04 ——— d—–w C:\Documents and Settings\The Great Glenn\Application Data\Apple Computer
    2008-01-02 02:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-01-02 02:00 ——— d—–w C:\Program Files\Apple Software Update
    2008-01-02 01:59 ——— d—–w C:\Program Files\Common Files\Apple
    2008-01-02 01:59 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple
    2007-05-21 03:21 105,813 -c–a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_20_05_57_18_small.dmp.zip
    2006-10-01 17:33 19,807,941 -c–a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_09_28_00_22_01_full.dmp.zip
    2006-03-25 18:24 114,446 -c–a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_03_25_01_54_47_small.dmp.zip
    2005-06-08 11:52 1,136,858 -c–a-w C:\WINDOWS\Internet Logs\imsDebug.zip
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A0A464E-8ADE-4D8C-8BB6-91FB5D8F2569}]
    C:\WINDOWS\system32\pmkhi.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{373726B3-432C-4A4D-92AE-2B318195E569}]
    C:\Program Files\MSN Gaming Zone\meqosagC:\WINDOWS\system32\feq9\kiffs83122.exe.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B2BCE26-696E-4DA1-9BB3-73945D92736C}]
    C:\WINDOWS\system32\awvvs.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MessengerPlus3"="C:\Documents and Settings\The Great Glenn\Mijn documenten\msnplus\MsgPlus.exe" [ ]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
    "Drmupgds"="C:\Program Files\Drmupgds\Drmupgds.exe" [2008-02-06 01:51 61440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881]
    "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15 290816]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 19:19 57344]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 22:48 155648]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05 122939]
    "MessengerPlus3"="C:\Documents and Settings\The Great Glenn\Mijn documenten\msnplus\MsgPlus.exe" [ ]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 07:59 126976]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\SYSTEM32\BTHPROPS.CPL]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 13:42 1404928]
    "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2003-05-16 00:45 114688]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-16 00:41 163840]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

    R3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 20:16]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-02-07 13:45:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-08 01:20:04
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ———————— Other Running Processes ————————
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-02-08 1:23:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-08 00:23:52
    .
    2008-01-16 01:57:13 — E O F —


    En hier mijn hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:30:21, on 8-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Drmupgds\Drmupgds.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.zelda4ever.com/forum
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"

    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\The Great Glenn\Mijn documenten\msnplus\MsgPlus.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Documents and Settings\The Great Glenn\Mijn documenten\msnplus\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.apple.com
    O15 - Trusted Zone: http://www.groeneralsblauw.tk
    O15 - Trusted Zone: http://www.groenerdanblauw.tk
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {37802401-C7E2-11D7-8582-0048548470B6} (VRCLoader) - http://www.connectu.nl/download/vrcloader.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142953766796
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://amersfoortcam.vedor.nl/AxisCamControl.cab
    O16 - DPF: {98827C42-6A82-11D7-8582-0048548470B6} (VideoRaver) - http://www.connectu.nl/download/videoraver.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DC9661CB-3756-47F4-B512-AEFC15E715B0} (AudioPlugin Class) - http://www.connectu.nl/download/vrp_adio.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4529/mcfscan.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


    End of file - 8123 bytes

    hoe ziet het eruit? ik heb sinds combofix geen meldingen van mijn virusscanner meer gehad, dus volgens mij ben ik al redelijk op de goede weg :)

    alvast bedankt voor je tijd en moeite ;)
  • Ja hoor al een stuk beter.



    Download [b:516a862e94]Java Runtime Environment (JRE) 6u4[/color:516a862e94][/b:516a862e94].
    [list:516a862e94][*:516a862e94]Scroll omlaag naar : "[i:516a862e94]Java Runtime Environment (JRE) 6u4[/i:516a862e94]".
    [*:516a862e94]Klik op de "[b:516a862e94]Download[/b:516a862e94]" knop aan de rechterkant.
    [*:516a862e94]In het uitklapmenu rechts naast [b:516a862e94]Platform[/b:516a862e94], selecteer [b:516a862e94]Windows[/b:516a862e94][/color:516a862e94]
    [*:516a862e94]Vink aan: "[b:516a862e94]I agree to the Java SE Runtime Environment 6 License Agreement[/b:516a862e94]", en klik op [b:516a862e94]Continue[/b:516a862e94].
    [*:516a862e94]De pagina zal herladen.
    [*:516a862e94]Klik op de [b:516a862e94]jre-6u4-windows-i586-p.exe[/b:516a862e94] link ONDER [b:516a862e94]Windows Offline Installation[/b:516a862e94] en bewaar het naar je Bureaublad.
    [*:516a862e94]Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    [*:516a862e94]Ga dan naar [b:516a862e94]Start[/b:516a862e94] > [b:516a862e94]Configuratiescherm[/b:516a862e94] > [b:516a862e94]Software[/b:516a862e94] en verwijder alle oudere versies van Java uit de Softwarelijst.
    [*:516a862e94]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
    [*:516a862e94]Klik dan op [b:516a862e94]Verwijderen[/b:516a862e94] of op de [b:516a862e94]Wijzig/Verwijder[/b:516a862e94] knop.
    [*:516a862e94]Herhaal dit tot alle oudere versies verdwenen zijn.
    [*:516a862e94]Na het verwijderen van alle oudere versies, [b:516a862e94]herstart[/b:516a862e94] je pc.
    [*:516a862e94]Dubbelklik vervolgens op [b:516a862e94]jre-6u4-windows-i586-p.exe[/b:516a862e94] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:516a862e94]


    Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:516a862e94][b:516a862e94]
    File::


    C:\WINDOWS\system32\pmkhi.dll

    C:\WINDOWS\system32\awvvs.dll


    Registry::

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A0A464E-8ADE-4D8C-8BB6-91FB5D8F2569}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B2BCE26-696E-4DA1-9BB3-73945D92736C}]


    [/color:516a862e94][/b:516a862e94]

    [/list:u:516a862e94]Sla dit op op je Bureaublad als [b:516a862e94]CFScript.txt[/b:516a862e94].

    Sleep [b:516a862e94]CFScript.txt[/b:516a862e94] in [b:516a862e94]ComboFix.exe[/b:516a862e94] zoals getoond in onderstaand voorbeeld :

    [img:516a862e94]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img:516a862e94]

    Dit zal [b:516a862e94]ComboFix[/b:516a862e94] doen herstarten.

    Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van [b:516a862e94]Combofix.txt[/b:516a862e94] in je volgende antwoord.
  • ok dan :) hier mijn 2e log van combofix…

    NOTE: bij mijn eerste poging om het txt bestand in combofix te slepen kreeg ik een foutmelding. er zou een bepaalde toepassing niet gevonden kunnen worden. toen ik het nog een keer probeerde lukte het wel. toen combofix klaar was, kreeg ik meerdere malen de foutmelding dat regedit.exe (??) niet ge-initialiseerd kon worden. deze melding verdween na zo'n 10 keer, en toen kon ik mijn pc rebooten. maargoed; hier dus de log:

    ComboFix 08-02.05.3 - The Great Glenn 2008-02-09 17:56:13.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.116 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\The Great Glenn\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\The Great Glenn\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    [b:9d6a3c596c]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:9d6a3c596c][/color:9d6a3c596c]

    FILE
    C:\WINDOWS\system32\awvvs.dll
    C:\WINDOWS\system32\pmkhi.dll
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2008-01-09 to 2008-02-09 ))))))))))))))))))))))))))))))
    .

    2008-02-08 01:44 . 2007-12-14 01:59 69,632 –a—— C:\WINDOWS\SYSTEM32\javacpl.cpl
    2008-02-08 01:43 . 2008-02-08 01:43 <DIR> d——– C:\Program Files\Common Files\Java
    2008-02-07 15:55 . 2008-02-07 15:58 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-07 15:52 . 2008-02-07 15:52 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-07 04:00 . 2008-02-09 17:53 <DIR> dr-h—– C:\Documents and Settings\The Great Glenn\Onlangs geopend
    2008-02-07 03:59 . 2008-02-07 03:59 <DIR> d——– C:\Program Files\CCleaner
    2008-02-07 03:47 . 2008-02-07 03:47 <DIR> d——– C:\Program Files\Trend Micro
    2008-02-06 01:51 . 2008-02-06 01:51 <DIR> d——– C:\Program Files\Drmupgds
    2008-02-06 01:48 . 2008-02-07 15:41 <DIR> d——– C:\WINDOWS\SYSTEM32\feq9
    2008-02-06 01:47 . 2008-02-06 01:47 <DIR> d——– C:\WINDOWS\SYSTEM32
    Gpxx01
    2008-02-06 01:47 . 2008-02-06 01:48 <DIR> d——– C:\WINDOWS\SYSTEM32\dp1
    2008-02-06 01:47 . 2008-02-06 01:48 <DIR> d——– C:\Temp\isgTi19
    2008-02-06 01:47 . 2008-02-08 01:10 <DIR> d——– C:\Temp
    2008-02-06 01:47 . 2008-02-06 01:47 36,864 –a—— C:\WINDOWS\mrofinu572.exe.tmp
    2008-02-02 18:17 . 2008-02-02 18:17 <DIR> d——– C:\Program Files\Power Tab Software
    2008-01-17 17:07 . 2008-01-17 17:07 1,409 –a—— C:\WINDOWS\QTFont.for
    2008-01-17 17:06 . 2008-01-17 17:06 <DIR> d——– C:\Program Files\iTunes
    2008-01-17 17:06 . 2008-01-17 17:06 <DIR> d——– C:\Program Files\iPod
    2008-01-17 17:03 . 2008-01-17 17:04 <DIR> d——– C:\Program Files\QuickTime
    2008-01-10 15:27 . 2008-01-10 15:27 90,112 –a—— C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
    2008-01-10 15:27 . 2008-01-10 15:27 57,344 –a—— C:\WINDOWS\SYSTEM32\QuickTime.qts

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-09 12:59 ——— d—–w C:\Documents and Settings\The Great Glenn\Application Data\Azureus
    2008-02-08 00:44 ——— d—–w C:\Program Files\Java
    2008-02-07 17:08 ——— d—–w C:\Program Files\Spybot - Search & Destroy
    2008-02-07 17:08 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-07 14:57 ——— d—–w C:\Program Files\Lavasoft
    2008-02-07 14:57 ——— d—–w C:\Documents and Settings\The Great Glenn\Application Data\Lavasoft
    2008-02-06 01:46 ——— d—–w C:\Program Files\SpywareBlaster
    2008-02-06 01:45 ——— d—–w C:\Program Files\Hitman Pro
    2008-01-25 20:21 ——— d—–w C:\Program Files\PartyGaming
    2008-01-20 20:04 ——— d—–w C:\Program Files\Azureus
    2008-01-08 00:46 ——— d—–w C:\Program Files\DivX
    2008-01-04 15:00 ——— d—–w C:\Program Files\Lacie
    2008-01-02 02:04 ——— d—–w C:\Documents and Settings\The Great Glenn\Application Data\Apple Computer
    2008-01-02 02:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-01-02 02:00 ——— d—–w C:\Program Files\Apple Software Update
    2008-01-02 01:59 ——— d—–w C:\Program Files\Common Files\Apple
    2008-01-02 01:59 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple
    2007-12-14 10:32 12,632 —-a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
    2007-12-04 13:04 837,496 —-a-w C:\WINDOWS\SYSTEM32\aswBoot.exe
    2007-12-04 12:54 95,608 -c–a-w C:\WINDOWS\SYSTEM32\AvastSS.scr
    2007-11-29 22:30 200,704 —-a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
    2007-11-29 22:30 1,044,480 —-a-w C:\WINDOWS\SYSTEM32\libdivx.dll
    2007-05-21 03:21 105,813 -c–a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_20_05_57_18_small.dmp.zip
    2006-10-01 17:33 19,807,941 -c–a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_09_28_00_22_01_full.dmp.zip
    2006-03-25 18:24 114,446 -c–a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_03_25_01_54_47_small.dmp.zip
    2005-06-08 11:52 1,136,858 -c–a-w C:\WINDOWS\Internet Logs\imsDebug.zip
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MessengerPlus3"="C:\Documents and Settings\The Great Glenn\Mijn documenten\msnplus\MsgPlus.exe" [ ]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
    "Drmupgds"="C:\Program Files\Drmupgds\Drmupgds.exe" [2008-02-06 01:51 61440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15 290816]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 19:19 57344]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 22:48 155648]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05 122939]
    "MessengerPlus3"="C:\Documents and Settings\The Great Glenn\Mijn documenten\msnplus\MsgPlus.exe" [ ]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 07:59 126976]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\SYSTEM32\BTHPROPS.CPL]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 13:42 1404928]
    "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2003-05-16 00:45 114688]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-16 00:41 163840]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

    R3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 20:16]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-02-07 13:45:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-09 17:59:35
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-02-09 18:00:50
    ComboFix-quarantined-files.txt 2008-02-09 17:00:18
    ComboFix2.txt 2008-02-08 00:23:59
    .
    2008-01-16 01:57:13 — E O F —
  • Mag ik ook een nieuw HJT logje aub
  • bij dezen:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:12:01, on 9-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Drmupgds\Drmupgds.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.zelda4ever.com/forum
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"

    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\The Great Glenn\Mijn documenten\msnplus\MsgPlus.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Documents and Settings\The Great Glenn\Mijn documenten\msnplus\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.apple.com
    O15 - Trusted Zone: http://www.groeneralsblauw.tk
    O15 - Trusted Zone: http://www.groenerdanblauw.tk
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {37802401-C7E2-11D7-8582-0048548470B6} (VRCLoader) - http://www.connectu.nl/download/vrcloader.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142953766796
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://amersfoortcam.vedor.nl/AxisCamControl.cab
    O16 - DPF: {98827C42-6A82-11D7-8582-0048548470B6} (VideoRaver) - http://www.connectu.nl/download/videoraver.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DC9661CB-3756-47F4-B512-AEFC15E715B0} (AudioPlugin Class) - http://www.connectu.nl/download/vrp_adio.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4529/mcfscan.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


    End of file - 8544 bytes
  • Download SDFix en klik op "uitvoeren".
    Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

    Herstart de pc in de veilige modus.
    Safe mode for Windows XP
    Herstart de computer
    Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
    Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
    Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter

    Dubbelklik de map SDFix en dubbelklik op RunThis.bat om het script te starten.
    Typ Y en klik enter om het schoonmaakproces te starten.
    Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
    De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
    De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te be?indigen en je bureaubladiconen weer te laden.
    Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
    Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw HijackThis log

    succes

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.