Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Virusprobleem

None
6 antwoorden
  • Hallo,

    Ik heb hier de pc van mijn zus bij, en ik vermoed dat er een (aantal) virussen opzit(ten), waaronder de trojan vundo.

    De pc is zeer traag, en de volgende 2 foutmeldingen komen op het scherm bij het opstarten:

    "Er is een fout opgetreden. Kan onderstaande module niet vinden:
    C:\WINDOWS\system32
    spimso.dll"

    en ook de volgende melding:
    "Er is een fout opgetreden. Kan onderstaande module niet vinden:
    C:\WINDOWS\system32\ekchomxy.dll"

    De pc start vervolgens op, maar blijft zeer traag. Antivir geeft constant de melding dat er een trojan gevonden is (ddcy.dll).

    Ik weet niet hoe ik deze problemen moet oplossen, misschien kan hier iemand mij helpen.

    Vundofix heeft geen geinfecteerde bestanden gevonden, en hierbij de log van hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:09:12, on 25/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Common Files\{982D6A07-0680-1043-0511-0611060020}\Update.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NetWaiting
    etWaiting.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\??stem32\r?gedit.exe
    C:\Program Files\JavaCore\JavaCore.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Hijack\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dellsearchedit.myway.com/samisc/dellsidebar.jhtml?p=DW
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=be&l=nl&s=gen
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
    O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\TrustedAntivirus\bm.exe" dm=http://trustedantivirus.com ad=http://trustedantivirus.com sd=http://ykeeper.trustedantivirus.com
    O4 - HKLM\..\Run: [ptask] C:\Program Files\TrustedAntivirus\ptask.exe
    O4 - HKLM\..\Run: [BM9b1e5934] Rundll32.exe "C:\WINDOWS\system32\ekchomxy.dll",s
    O4 - HKLM\..\Run: [982d6aa8] rundll32.exe "C:\WINDOWS\system32
    spimpso.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting
    etWaiting.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Swrm] "C:\WINDOWS\system32\STEM32~1\chkdsk.exe" -vt yazb
    O4 - HKCU\..\Run: [Keoetwbo] C:\WINDOWS\system32\??stem32\r?gedit.exe
    O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
    O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe
    O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
    O4 - HKCU\..\Policies\Explorer\Run: [{982D6A07-0680-1043-0511-0611060020}] "C:\Program Files\Common Files\{982D6A07-0680-1043-0511-0611060020}\Update.exe" mc-110-12-0001411
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office XP pro\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\OFFICE~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab
    O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us//html/activexplayer/SMALStreaming.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


    End of file - 10152 bytes


    Groeten
  • Klik op Start -> (Settings) -> Configuratiescherm -> Software en verwijder het volgende programma:
    MyWay Search Assistant

    start opnieuw op
  • Download SDFix en klik op "uitvoeren".
    Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).


    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:c075df4259]
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\TrustedAntivirus\bm.exe" dm=http://trustedantivirus.com ad=http://trustedantivirus.com sd=http://ykeeper.trustedantivirus.com
    O4 - HKLM\..\Run: [ptask] C:\Program Files\TrustedAntivirus\ptask.exe
    O4 - HKLM\..\Run: [BM9b1e5934] Rundll32.exe "C:\WINDOWS\system32\ekchomxy.dll",s
    O4 - HKLM\..\Run: [982d6aa8] rundll32.exe "C:\WINDOWS\system32
    spimpso.dll",b
    O4 - HKCU\..\Run: [Swrm] "C:\WINDOWS\system32\STEM32~1\chkdsk.exe" -vt yazb
    O4 - HKCU\..\Run: [Keoetwbo] C:\WINDOWS\system32\??stem32\r?gedit.exe
    O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
    [/b:c075df4259]
    Klik op 'Fix checked' om de items te verwijderen.



    Download [b:c075df4259]Malwarebytes' Anti-Malware[/color:c075df4259][/b:c075df4259] op je bureaublad.
    Dubbelklik [b:c075df4259]mbam-setup.exe[/b:c075df4259] en kies voor "[b:c075df4259]Next[/b:c075df4259]" om de tool te installeren.
    Als de installatie voltooid is zet je vinkjes bij "[b:c075df4259]Update MalwareBytes' Anti-Malware[/b:c075df4259]" en bij "[b:c075df4259]Launch MalwareBytes' Anti-Malware[/b:c075df4259]".
    Druk daarna op "[b:c075df4259]Finish[/b:c075df4259]".
    Kies in het hoofdscherm voor de tab "[b:c075df4259]Scanner[/b:c075df4259]" en selecteer het keuzerondje "[b:c075df4259]Perform full scan[/b:c075df4259]".
    Druk op de knop "[b:c075df4259]Scan[/b:c075df4259]" en zorg dat al je harde schijven/partities aangevinkt staan.
    Druk dan op de knop "[b:c075df4259]Start Scan[/b:c075df4259]".
    Wanneer de scan voltooid is klik je op OK, daarna op "[b:c075df4259]Show Results[/b:c075df4259]" om de resultaten te zien.
    Zorg ervoor dat alles aangevinkt is, klik daarna op "[b:c075df4259]Remove Selected[/b:c075df4259]".
    Als het programma je computer wil laten herstarten, sta je dit toe.
    Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
    Post deze log in je volgende bericht.


    [b:c075df4259]Herstart de pc in de veilige modus. [/b:c075df4259]Safe mode for Windows XP
    Herstart de computer
    Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
    Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
    Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter

    Dubbelklik de map [b:c075df4259]SDFix [/b:c075df4259]en dubbelklik op RunThis.bat om het script te starten.
    Typ Y en klik enter om het schoonmaakproces te starten.
    Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
    De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
    De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te be?indigen en je bureaubladiconen weer te laden.
    Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
    Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw [b:c075df4259]HijackThis log[/b:c075df4259]
  • In ieder geval zeer fel bedankt voor de hulp!! Ik denk dat de meeste problemen van de baan zijn. Hierbij de logfiles:

    Malwarebytes' Anti-Malware 1.09
    Database versie: 507

    Scan type: Volledige Scan (C:\|E:\|)
    Objecten gescand: 78514
    Verstreken tijd: 42 minute(s), 47 second(s)

    Geheugenprocessen geïnfecteerd: 1
    Geheugenmodulen geïnfecteerd: 3
    Registersleutels geïnfecteerd: 32
    Registerwaarden geïnfecteerd: 7
    Registerdata bestanden geïnfecteerd: 2
    Mappen geïnfecteerd: 15
    Bestanden geïnfecteerd: 55

    Geheugenprocessen geïnfecteerd:
    c:\program files\JavaCore\JavaCore.exe (Trojan.Insider) -> Unloaded process successfully.

    Geheugenmodulen geïnfecteerd:
    C:\WINDOWS\system32\ddcya.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\Program Files\tewy89104.dll (Adware.TTC) -> Unloaded module successfully.
    C:\WINDOWS\system32\vtutuvv.dll (Trojan.Vundo) -> Unloaded module successfully.

    Registersleutels geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d7e2ab48-4a35-4241-b5ec-b2d27595ef8a} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{d7e2ab48-4a35-4241-b5ec-b2d27595ef8a} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\malwarealarm.webinstall (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\malwarealarm.webinstall.1 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{7543fbd5-2279-4d03-8f29-eb21531fa2fe} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{4a3d609a-43b8-4406-b793-84f244246325} (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4b65c290-277b-0cf9-0015-2e00b6c7dbc0} (Adware.ClickSpring) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4b65c290-277b-0cf9-0015-2e00b6c7dbc0} (Adware.ClickSpring) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\NoDNS (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\webinst.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{91223de9-f8e6-4ffd-8889-be6784c18696} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91223de9-f8e6-4ffd-8889-be6784c18696} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtutuvv (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JavaCore (Trojan.Insider) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update loader (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.SpyGuardPro) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{91223de9-f8e6-4ffd-8889-be6784c18696} (Trojan.Vundo) -> Delete on reboot.

    Registerdata bestanden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcya.dll -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcya.dll -> Delete on reboot.

    Mappen geïnfecteerd:
    C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
    C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.
    C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.
    C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedAntivirus (Rogue.TrustedAntivirus) -> Quarantined and deleted successfully.
    C:\TrustedAntivirus (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\TrustedAntivirus\AVQuar (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\NoDNS (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marlies Ballegeer\Local Settings\Temp\NI.UGA6PM_0001_N122M1402 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marlies Ballegeer\Local Settings\Temp\NI.UGA6P_0001_N122M2802 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marlies Ballegeer\Application Data\TrustedAntivirus (Rogue.TrustedAntivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marlies Ballegeer\Application Data\TrustedAntivirus\Logs (Rogue.TrustedAntivirus) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:
    c:\program files\JavaCore\JavaCore.exe (Trojan.Insider) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ddcya.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\aycdd.ini (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\aycdd.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marlies Ballegeer\Local Settings\Temp\outerinfo.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marlies Ballegeer\Local Settings\Temp\winvsnet.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\Program Files\tewy89104.dll (Adware.TTC) -> Quarantined and deleted successfully.
    C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP370\A0060533.exe (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP370\A0060534.exe (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP370\A0060535.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP370\A0060536.exe (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP370\A0060542.exe (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP370\A0060548.old (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP370\A0060549.old (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP370\A0060550.old (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP370\A0060551.old (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP372\A0061756.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP372\A0061757.exe (Trojan.Matcash) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP372\A0061759.exe (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP372\A0061762.exe (Adware.TTC) -> Quarantined and deleted successfully.
    C:\WINDOWS\b152.exe (Trojan.Insider) -> Quarantined and deleted successfully.
    C:\WINDOWS\b153.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\eokpz.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
    C:\Program Files\Outerinfo\Terms.rtf (Adware.Outerinfo) -> Quarantined and deleted successfully.
    C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully.
    C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully.
    C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareAlarm\MalwareAlarm.exe (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareAlarm\Uninstall.exe (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedAntivirus\history.db (Rogue.TrustedAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedAntivirus\main.log (Rogue.TrustedAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedAntivirus\ResErrors.log (Rogue.TrustedAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\JavaCore\UnInstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\NoDNS\UnInstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marlies Ballegeer\Local Settings\Temp\NI.UGA6PM_0001_N122M1402\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marlies Ballegeer\Local Settings\Temp\NI.UGA6P_0001_N122M2802\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marlies Ballegeer\Local Settings\Temp\NI.UGA6P_0001_N122M2802\setup.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marlies Ballegeer\Local Settings\Temp\NI.UGA6P_0001_N122M2802\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marlies Ballegeer\Application Data\TrustedAntivirus\Logs\threats.log (Rogue.TrustedAntivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marlies Ballegeer\Application Data\TrustedAntivirus\Logs\update.log (Rogue.TrustedAntivirus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vtutuvv.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\cbxvsts.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ddcdeed.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\efcaxvs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hgghiff.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jkkkjgg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmnnoli.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qomkkjj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\khfcbay.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\urqonkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\urqoomm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\b155.exe (Heuristic.Downloader) -> Quarantined and deleted successfully.


    SDFix: Version 1.162

    Run by Marlies Ballegeer on wo 26/03/2008 at 23:42

    Microsoft Windows XP [versie 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\PROGRA~1\MSNGAM~1\LAVU - Deleted
    C:\PROGRA~1\MSNGAM~1\LAVU120 - Deleted
    C:\Temp\1cb\syscheck.log - Deleted
    C:\WINDOWS\system32\aqVreo01\aqVreo011065.exe - Deleted
    C:\WINDOWS\Downloaded Program Files\UGA6PM_0001_N122M1402NetInstaller.exe - Deleted
    C:\WINDOWS\TinyBHO.dll - Deleted



    Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed
    Folder C:\Temp\1cb - Removed
    Folder C:\WINDOWS\system32\aqVreo01 - Removed


    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-26 23:47:40
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden services & system hive …

    scanning hidden registry entries …

    scanning hidden files …


    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 5


    Remaining Services :



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Disabled:DC++"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Sun 14 May 2006 8 A.SHR — "C:\i386\21286E4F36.sys"
    Sun 14 May 2006 2,828 A.SH. — "C:\i386\KGyGaAvL.sys"
    Tue 4 Mar 2008 88 ..SHR — "C:\WINDOWS\system32\21286E4F36.sys"
    Mon 27 Aug 2007 56 ..SHR — "C:\WINDOWS\system32\364F6E2821.sys"
    Tue 4 Mar 2008 6,580 A.SH. — "C:\WINDOWS\system32\KGyGaAvL.sys"
    Sun 25 Jun 2006 4,348 A.SH. — "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Mon 28 Jan 2008 230,400 ..SHR — "C:\WINDOWS\system32\??stem32\r?gedit.exe"
    Thu 24 May 2007 0 A.SH. — "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Thu 15 Nov 2007 0 A..H. — "C:\WINDOWS\SoftwareDistribution\Download\b8d5769ed022fab7a177db7759e6a27b\BITE.tmp"
    Tue 25 Mar 2008 86,528 …H. — "C:\Documents and Settings\Marlies Ballegeer\Mijn documenten\unief\2e Bach\Immunology\~WRL2360.tmp"

    Finished!



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:52:06, on 26/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\mcafee.com\agent\McAgent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NetWaiting
    etWaiting.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=be&l=nl&s=gen
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV7.dll
    O2 - BHO: (no name) - {35BFFCDC-43FB-4C74-8779-484E7D80548B} - C:\Program Files\.\tewy89104.dll (file missing)
    O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: 0 - {8627CF19-B862-459D-8CA3-B323C01F3925} - C:\Program Files\MSN Gaming Zone\lavu120.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: {c163a628-4587-953a-62c4-030da4539e7f} - {f7e9354a-d030-4c26-a359-7854826a361c} - C:\WINDOWS\system32\aepywnmf.dll (file missing)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting
    etWaiting.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office XP pro\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\OFFICE~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us//html/activexplayer/SMALStreaming.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


    End of file - 9517 bytes
  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:45d90d40ea]
    O2 - BHO: (no name) - {35BFFCDC-43FB-4C74-8779-484E7D80548B} - C:\Program Files\.\tewy89104.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: 0 - {8627CF19-B862-459D-8CA3-B323C01F3925} - C:\Program Files\MSN Gaming Zone\lavu120.dll (file missing)
    O2 - BHO: {c163a628-4587-953a-62c4-030da4539e7f} - {f7e9354a-d030-4c26-a359-7854826a361c} - C:\WINDOWS\system32\aepywnmf.dll (file missing)
    [/b:45d90d40ea]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    zo te zien ook 2 actieve av scanners? AVG en McAfee , zet er 1 uit of verwijder er 1.

    vertel even hoe het nu gaat, je snapt wel dat de pc flink besmet was, kon je nog wel computeren met dat ding ?
  • De pc was idd serieus besmet, waardoor computeren inderdaad quasi onmogelijk was.

    Ik heb alle raad opgevolgd, en nu lijkt het terug in orde; alles werkt weer, op een normale snelheid!

    Heel fel bedankt voor de moeite en de hulp!!

    Stefaan

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.