Vraag & Antwoord

Beveiliging & privacy

probleem by familielid!

Anoniem
None
21 antwoorden
  • mijn nichtje heeft een probleem met haar internet zie hier haar text, hopelijk kunnen jullie haar verder helpen!

    Probleem, trojans en virussen op pc. Dit is gekomen tijdens het chatten
    met een vriendin op msn messenger. Tijdens chatten zag ik in een keer een
    weblink in het chatscherm, waarin ongeveer stond 'kijk hier onder bestand
    foto 13 sta je op internet'. Daar heb ik ingeklikt, ervan uitgaande dat
    zij die weblink had gestuurd. Toen kreeg ik melding van avast-programma
    dat er een trojan is gesignaleerd en een virus. Avast herkent deze wel,
    maar krijgt geen toegang om die bestanden te verwijderen. Handmatig de
    geinfecteerde bestanden verwijderen, op een aantal bestanden na, is ook
    niet gelukt. En sindsdien als ik op internet zit te surfen krijg ik
    continue pop-ups van drivecleaners, broadcast, hollywood en als ik ze
    wegklik, dan verdwijnen alle openstaande internetpagina's. Tevens krijg ik
    elke keer wanneer ik pc opstart meldingen van geinfecteerde bestanden door
    trojans en virussen. Mijn vraag is dus hoe kan ik dit probleem oplossen?

    hier haar logje:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:40:32, on 25-3-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\WINDOWS\explorer.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\efcddca.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: (no name) - {5D117BD6-D384-455D-817C-CDBC595A0C0e} - C:\WINDOWS\system32\ggdffjgs.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {E7C79532-B748-40A4-A54C-6A14569541B7} - C:\WINDOWS\system32\ddcawwx.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Toepassingen\Adobe Photoshop\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\gsylvnip.dll",setvm
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: ddcawwx - C:\WINDOWS\SYSTEM32\ddcawwx.dll
    O20 - Winlogon Notify: ddcddda - C:\WINDOWS\SYSTEM32\ddcddda.dll
    O20 - Winlogon Notify: efcddca - C:\WINDOWS\SYSTEM32\efcddca.dll
    O20 - Winlogon Notify: khffccc - C:\WINDOWS\SYSTEM32\khffccc.dll
    O20 - Winlogon Notify: rqoon - C:\WINDOWS\system32\rqoon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe


    Hopelijk vinden jullie wat..succes
  • even kijken.
  • Download [b:674870ba5d]VirtumundoBegone[/b:674870ba5d], sla dit op op je bureaublad.
    Dubbelklik op [b:674870ba5d]VirtumundoBeGone.exe[/b:674870ba5d] en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.

    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand [b:674870ba5d]VBG.TXT[/b:674870ba5d], dat nu op je bureaublad staat, hier in je volgende bericht samen met een nieuw HJT logje.
  • [quote:e11634c3be="juisterr"]Download [b:e11634c3be]VirtumundoBegone[/b:e11634c3be], sla dit op op je bureaublad.
    Dubbelklik op [b:e11634c3be]VirtumundoBeGone.exe[/b:e11634c3be] en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.

    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand [b:e11634c3be]VBG.TXT[/b:e11634c3be], dat nu op je bureaublad staat, hier in je volgende bericht samen met een nieuw HJT logje.[/quote:e11634c3be]

    hier het vbg en logje:

    [03/25/2007, 14:36:31] - VirtumundoBeGone v1.5 ( "C:\Documents and
    Settings\Administrator\Bureaublad\VirtumundoBeGone.exe" )
    [03/25/2007, 14:36:54] - Detected System Information:
    [03/25/2007, 14:36:54] - Windows Version: 5.1.2600, Service Pack 2
    [03/25/2007, 14:36:54] - Current Username: Administrator (Admin)
    [03/25/2007, 14:36:54] - Windows is in NORMAL mode.
    [03/25/2007, 14:36:54] - Searching for Browser Helper Objects:
    [03/25/2007, 14:36:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (Adobe PDF Reader Link Helper)
    [03/25/2007, 14:36:54] - BHO 2: {14377994-E6A9-40A1-A7C7-608C374B2024} ()
    [03/25/2007, 14:36:54] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:36:54] - Checking for HKLM\…\Winlogon\Notify\opppq
    [03/25/2007, 14:36:54] - Found: HKLM\…\Winlogon\Notify\opppq - This is
    probably Virtumundo.
    [03/25/2007, 14:36:54] - Assigning {14377994-E6A9-40A1-A7C7-608C374B2024}
    MSEvents Object
    [03/25/2007, 14:36:54] - BHO list has been changed! Starting over…
    [03/25/2007, 14:36:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (Adobe PDF Reader Link Helper)
    [03/25/2007, 14:36:54] - BHO 2: {14377994-E6A9-40A1-A7C7-608C374B2024}
    (MSEvents Object)
    [03/25/2007, 14:36:54] - ALERT: Found MSEvents Object!
    [03/25/2007, 14:36:54] - BHO 3: {182B90A3-F372-438A-800C-6814B4DE417B} ()
    [03/25/2007, 14:36:54] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:36:54] - Checking for HKLM\…\Winlogon\Notify\efcddca
    [03/25/2007, 14:36:54] - Found: HKLM\…\Winlogon\Notify\efcddca - This is
    probably Virtumundo.
    [03/25/2007, 14:36:54] - Assigning {182B90A3-F372-438A-800C-6814B4DE417B}
    MSEvents Object
    [03/25/2007, 14:36:55] - BHO list has been changed! Starting over…
    [03/25/2007, 14:36:55] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (Adobe PDF Reader Link Helper)
    [03/25/2007, 14:36:55] - BHO 2: {14377994-E6A9-40A1-A7C7-608C374B2024}
    (MSEvents Object)
    [03/25/2007, 14:36:55] - ALERT: Found MSEvents Object!
    [03/25/2007, 14:36:55] - BHO 3: {182B90A3-F372-438A-800C-6814B4DE417B}
    (MSEvents Object)
    [03/25/2007, 14:36:55] - ALERT: Found MSEvents Object!
    [03/25/2007, 14:36:55] - BHO 4: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
    (SWEETIE Class)
    [03/25/2007, 14:36:55] - BHO 5: {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
    (Skype add-on (mastermind))
    [03/25/2007, 14:36:55] - BHO 6: {5D117BD6-D384-455D-817C-CDBC595A0C0e} ()
    [03/25/2007, 14:36:55] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:36:55] - Checking for HKLM\…\Winlogon\Notify\ggdffjgs
    [03/25/2007, 14:36:55] - Key not found: HKLM\…\Winlogon\Notify\ggdffjgs,
    continuing.
    [03/25/2007, 14:36:56] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (SSVHelper Class)
    [03/25/2007, 14:36:56] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [03/25/2007, 14:36:56] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:36:56] - No filename found. Continuing.
    [03/25/2007, 14:36:56] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (Google Toolbar Helper)
    [03/25/2007, 14:36:56] - BHO 10: {E7C79532-B748-40A4-A54C-6A14569541B7} ()
    [03/25/2007, 14:36:56] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:36:56] - Checking for HKLM\…\Winlogon\Notify\ddcawwx
    [03/25/2007, 14:36:56] - Found: HKLM\…\Winlogon\Notify\ddcawwx - This is
    probably Virtumundo.
    [03/25/2007, 14:36:56] - Assigning {E7C79532-B748-40A4-A54C-6A14569541B7}
    MSEvents Object
    [03/25/2007, 14:36:56] - BHO list has been changed! Starting over…
    [03/25/2007, 14:36:56] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (Adobe PDF Reader Link Helper)
    [03/25/2007, 14:36:56] - BHO 2: {14377994-E6A9-40A1-A7C7-608C374B2024}
    (MSEvents Object)
    [03/25/2007, 14:36:56] - ALERT: Found MSEvents Object!
    [03/25/2007, 14:36:56] - BHO 3: {182B90A3-F372-438A-800C-6814B4DE417B}
    (MSEvents Object)
    [03/25/2007, 14:36:56] - ALERT: Found MSEvents Object!
    [03/25/2007, 14:36:56] - BHO 4: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
    (SWEETIE Class)
    [03/25/2007, 14:36:56] - BHO 5: {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
    (Skype add-on (mastermind))
    [03/25/2007, 14:36:56] - BHO 6: {5D117BD6-D384-455D-817C-CDBC595A0C0e} ()
    [03/25/2007, 14:36:56] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:36:56] - Checking for HKLM\…\Winlogon\Notify\ggdffjgs
    [03/25/2007, 14:36:56] - Key not found: HKLM\…\Winlogon\Notify\ggdffjgs,
    continuing.
    [03/25/2007, 14:36:56] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (SSVHelper Class)
    [03/25/2007, 14:36:56] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [03/25/2007, 14:36:56] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:36:57] - No filename found. Continuing.
    [03/25/2007, 14:36:57] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (Google Toolbar Helper)
    [03/25/2007, 14:36:57] - BHO 10: {E7C79532-B748-40A4-A54C-6A14569541B7}
    (MSEvents Object)
    [03/25/2007, 14:36:57] - ALERT: Found MSEvents Object!
    [03/25/2007, 14:36:57] - Finished Searching Browser Helper Objects
    [03/25/2007, 14:36:57] - *** Detected MSEvents Object
    [03/25/2007, 14:36:57] - Trying to remove MSEvents Object…
    [03/25/2007, 14:36:58] - Terminating Process: IEXPLORE.EXE
    [03/25/2007, 14:36:58] - Terminating Process: RUNDLL32.EXE
    [03/25/2007, 14:36:58] - Disabling Automatic Shell Restart
    [03/25/2007, 14:36:58] - Terminating Process: EXPLORER.EXE
    [03/25/2007, 14:36:59] - Suspending the NT Session Manager System Service
    [03/25/2007, 14:36:59] - Terminating Windows NT Logon/Logoff Manager
    [03/25/2007, 14:36:59] - Re-enabling Automatic Shell Restart
    [03/25/2007, 14:36:59] - File to disable: C:\WINDOWS\system32\opppq.dll
    [03/25/2007, 14:36:59] - Renaming C:\WINDOWS\system32\opppq.dll ->
    C:\WINDOWS\system32\opppq.dll.vir
    [03/25/2007, 14:36:59] - File successfully renamed!
    [03/25/2007, 14:37:00] - Removing HKLM\…\Browser Helper
    Objects\{14377994-E6A9-40A1-A7C7-608C374B2024}
    [03/25/2007, 14:37:00] - Removing
    HKCR\CLSID\{14377994-E6A9-40A1-A7C7-608C374B2024}
    [03/25/2007, 14:37:00] - Adding Kill Bit for ActiveX for GUID:
    {14377994-E6A9-40A1-A7C7-608C374B2024}
    [03/25/2007, 14:37:00] - Deleting ATLEvents/MSEvents Registry entries
    [03/25/2007, 14:37:00] - Removing HKLM\…\Winlogon\Notify\opppq
    [03/25/2007, 14:37:00] - Searching for Browser Helper Objects:
    [03/25/2007, 14:37:00] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (Adobe PDF Reader Link Helper)
    [03/25/2007, 14:37:00] - BHO 2: {182B90A3-F372-438A-800C-6814B4DE417B}
    (MSEvents Object)
    [03/25/2007, 14:37:00] - ALERT: Found MSEvents Object!
    [03/25/2007, 14:37:00] - BHO 3: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
    (SWEETIE Class)
    [03/25/2007, 14:37:00] - BHO 4: {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
    (Skype add-on (mastermind))
    [03/25/2007, 14:37:00] - BHO 5: {5D117BD6-D384-455D-817C-CDBC595A0C0e} ()
    [03/25/2007, 14:37:00] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:37:00] - Checking for HKLM\…\Winlogon\Notify\ggdffjgs
    [03/25/2007, 14:37:00] - Key not found: HKLM\…\Winlogon\Notify\ggdffjgs,
    continuing.
    [03/25/2007, 14:37:00] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (SSVHelper Class)
    [03/25/2007, 14:37:00] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [03/25/2007, 14:37:00] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:37:00] - No filename found. Continuing.
    [03/25/2007, 14:37:00] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (Google Toolbar Helper)
    [03/25/2007, 14:37:00] - BHO 9: {E7C79532-B748-40A4-A54C-6A14569541B7}
    (MSEvents Object)
    [03/25/2007, 14:37:00] - ALERT: Found MSEvents Object!
    [03/25/2007, 14:37:00] - Finished Searching Browser Helper Objects
    [03/25/2007, 14:37:00] - *** Detected MSEvents Object
    [03/25/2007, 14:37:00] - Trying to remove MSEvents Object…
    [03/25/2007, 14:37:01] - Terminating Process: IEXPLORE.EXE
    [03/25/2007, 14:37:01] - Terminating Process: RUNDLL32.EXE
    [03/25/2007, 14:37:01] - Disabling Automatic Shell Restart
    [03/25/2007, 14:37:01] - Terminating Process: EXPLORER.EXE
    [03/25/2007, 14:37:01] - Suspending the NT Session Manager System Service
    [03/25/2007, 14:37:02] - Terminating Windows NT Logon/Logoff Manager
    [03/25/2007, 14:37:02] - Re-enabling Automatic Shell Restart
    [03/25/2007, 14:37:02] - File to disable: C:\WINDOWS\system32\efcddca.dll
    [03/25/2007, 14:37:02] - Renaming C:\WINDOWS\system32\efcddca.dll ->
    C:\WINDOWS\system32\efcddca.dll.vir
    [03/25/2007, 14:37:02] - File successfully renamed!
    [03/25/2007, 14:37:02] - Removing HKLM\…\Browser Helper
    Objects\{182B90A3-F372-438A-800C-6814B4DE417B}
    [03/25/2007, 14:37:02] - Removing
    HKCR\CLSID\{182B90A3-F372-438A-800C-6814B4DE417B}
    [03/25/2007, 14:37:02] - Adding Kill Bit for ActiveX for GUID:
    {182B90A3-F372-438A-800C-6814B4DE417B}
    [03/25/2007, 14:37:02] - Deleting ATLEvents/MSEvents Registry entries
    [03/25/2007, 14:37:02] - Removing HKLM\…\Winlogon\Notify\efcddca
    [03/25/2007, 14:37:02] - Searching for Browser Helper Objects:
    [03/25/2007, 14:37:02] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (Adobe PDF Reader Link Helper)
    [03/25/2007, 14:37:02] - BHO 2: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
    (SWEETIE Class)
    [03/25/2007, 14:37:02] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
    (Skype add-on (mastermind))
    [03/25/2007, 14:37:02] - BHO 4: {5D117BD6-D384-455D-817C-CDBC595A0C0e} ()
    [03/25/2007, 14:37:02] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:37:02] - Checking for HKLM\…\Winlogon\Notify\ggdffjgs
    [03/25/2007, 14:37:02] - Key not found: HKLM\…\Winlogon\Notify\ggdffjgs,
    continuing.
    [03/25/2007, 14:37:02] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (SSVHelper Class)
    [03/25/2007, 14:37:02] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [03/25/2007, 14:37:02] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:37:02] - No filename found. Continuing.
    [03/25/2007, 14:37:02] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (Google Toolbar Helper)
    [03/25/2007, 14:37:02] - BHO 8: {E7C79532-B748-40A4-A54C-6A14569541B7}
    (MSEvents Object)
    [03/25/2007, 14:37:02] - ALERT: Found MSEvents Object!
    [03/25/2007, 14:37:02] - Finished Searching Browser Helper Objects
    [03/25/2007, 14:37:03] - *** Detected MSEvents Object
    [03/25/2007, 14:37:03] - Trying to remove MSEvents Object…
    [03/25/2007, 14:37:04] - Terminating Process: IEXPLORE.EXE
    [03/25/2007, 14:37:04] - Terminating Process: RUNDLL32.EXE
    [03/25/2007, 14:37:04] - Disabling Automatic Shell Restart
    [03/25/2007, 14:37:04] - Terminating Process: EXPLORER.EXE
    [03/25/2007, 14:37:04] - Suspending the NT Session Manager System Service
    [03/25/2007, 14:37:04] - Terminating Windows NT Logon/Logoff Manager
    [03/25/2007, 14:37:04] - Re-enabling Automatic Shell Restart
    [03/25/2007, 14:37:04] - File to disable: C:\WINDOWS\system32\ddcawwx.dll
    [03/25/2007, 14:37:04] - Renaming C:\WINDOWS\system32\ddcawwx.dll ->
    C:\WINDOWS\system32\ddcawwx.dll.vir
    [03/25/2007, 14:37:04] - File successfully renamed!
    [03/25/2007, 14:37:04] - Removing HKLM\…\Browser Helper
    Objects\{E7C79532-B748-40A4-A54C-6A14569541B7}
    [03/25/2007, 14:37:04] - Removing
    HKCR\CLSID\{E7C79532-B748-40A4-A54C-6A14569541B7}
    [03/25/2007, 14:37:04] - Adding Kill Bit for ActiveX for GUID:
    {E7C79532-B748-40A4-A54C-6A14569541B7}
    [03/25/2007, 14:37:04] - Deleting ATLEvents/MSEvents Registry entries
    [03/25/2007, 14:37:04] - Removing HKLM\…\Winlogon\Notify\ddcawwx
    [03/25/2007, 14:37:04] - Searching for Browser Helper Objects:
    [03/25/2007, 14:37:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (Adobe PDF Reader Link Helper)
    [03/25/2007, 14:37:04] - BHO 2: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
    (SWEETIE Class)
    [03/25/2007, 14:37:04] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
    (Skype add-on (mastermind))
    [03/25/2007, 14:37:04] - BHO 4: {5D117BD6-D384-455D-817C-CDBC595A0C0e} ()
    [03/25/2007, 14:37:04] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:37:05] - Checking for HKLM\…\Winlogon\Notify\ggdffjgs
    [03/25/2007, 14:37:05] - Key not found: HKLM\…\Winlogon\Notify\ggdffjgs,
    continuing.
    [03/25/2007, 14:37:05] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (SSVHelper Class)
    [03/25/2007, 14:37:05] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [03/25/2007, 14:37:05] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:37:05] - No filename found. Continuing.
    [03/25/2007, 14:37:05] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (Google Toolbar Helper)
    [03/25/2007, 14:37:05] - Finished Searching Browser Helper Objects
    [03/25/2007, 14:37:05] - Finishing up…
    [03/25/2007, 14:37:05] - A restart is needed.
    [03/25/2007, 14:37:25] - Attempting to Restart via STOP error (Blue Screen!)

    Logfile of HijackThis v1.99.1
    Scan saved at 15:47:06, on 25-3-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program
    Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tijdelijke map 1 voor
    hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.startpagina.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    Koppelingen
    R3 - URLSearchHook: SweetIM For Internet Explorer -
    {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program
    Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: SweetIM For Internet Explorer -
    {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program
    Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Toepassingen\Adobe
    Photoshop\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
    Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [SoundService] rundll32.exe
    "C:\WINDOWS\system32\gsylvnip.dll",setvm
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google
    Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe"
    /background
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [swg] C:\Program
    Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel -
    res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
    C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
    http://ax.emsisoft.com/asquared.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
    C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
    C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
    C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
    Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software -
    C:\Program Files\Ahead\InCD\InCDsrv.exe


    hopelijk is het onschadelijk gemaakt en vanuit deze kant thanx….. :( :) :D
  • Kun je eens volgende bestand :

    C:\WINDOWS\system32\[b:9744f9e9cc]gsylvnip.dll[/b:9744f9e9cc]
    uploaden naar :


    http://www.bleepingcomputer.com/submit-malware.php?channel=16
    of naar,
    http://www.bleepingcomputer.com/submit-malware.php?channel=8


    plaats in het eerste vak de link naar dit topic
    http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1192641#1192641

    plaats in het tweede vak het pad naar dit bestand op je pc.
    C:\WINDOWS\system32\[b:9744f9e9cc]gsylvnip.dll[/b:9744f9e9cc]
    Klik daarna op [b:9744f9e9cc]send file.[/b:9744f9e9cc]

    Als dat gebeurt is,

    Ga naar configuratiescherm >> software en verwijder uit de lijst,
    [b:9744f9e9cc] SweetIM[/b:9744f9e9cc]

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:9744f9e9cc]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: SweetIM For Internet Explorer -
    {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program
    Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: SweetIM For Internet Explorer -
    {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program
    Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [SoundService] rundll32.exe
    "C:\WINDOWS\system32\gsylvnip.dll",setvm
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    [/b:9744f9e9cc]

    Klik op 'Fix checked' om de items te verwijderen.

    Start op in veilige modus en verwijder onderstaand bestand.Dikgedrukte deel.
    Lees hier hoe je moet opstarten in VM
    http://users.telenet.be/marcvn/spyware/1378056.htm


    C:\WINDOWS\system32\[b:9744f9e9cc]gsylvnip[/b:9744f9e9cc]

    En dan weer,
    Dubbelklik op [b:9744f9e9cc]VirtumundoBeGone.exe[/b:9744f9e9cc] en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.

    Als de fix klaar is, start je de pc opnieuw op. (in normale modus)
    Plaats de inhoud van het logbestand [b:9744f9e9cc]VBG.TXT[/b:9744f9e9cc], dat nu op je bureaublad staat, hier in je volgende bericht samen met een nieuw HJT logje.


    succes

    Juisterr
  • [quote:41c4bc3905="juisterr"]Kun je eens volgende bestand :

    C:\WINDOWS\system32\[b:41c4bc3905]gsylvnip.dll[/b:41c4bc3905]
    uploaden naar :


    http://www.bleepingcomputer.com/submit-malware.php?channel=16
    of naar,
    http://www.bleepingcomputer.com/submit-malware.php?channel=8


    plaats in het eerste vak de link naar dit topic
    http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1192641#1192641

    plaats in het tweede vak het pad naar dit bestand op je pc.
    C:\WINDOWS\system32\[b:41c4bc3905]gsylvnip.dll[/b:41c4bc3905]
    Klik daarna op [b:41c4bc3905]send file.[/b:41c4bc3905]

    Als dat gebeurt is,

    Ga naar configuratiescherm >> software en verwijder uit de lijst,
    [b:41c4bc3905] SweetIM[/b:41c4bc3905]

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:41c4bc3905]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: SweetIM For Internet Explorer -
    {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program
    Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: SweetIM For Internet Explorer -
    {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program
    Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [SoundService] rundll32.exe
    "C:\WINDOWS\system32\gsylvnip.dll",setvm
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    [/b:41c4bc3905]

    Klik op 'Fix checked' om de items te verwijderen.

    Start op in veilige modus en verwijder onderstaand bestand.Dikgedrukte deel.
    Lees hier hoe je moet opstarten in VM
    http://users.telenet.be/marcvn/spyware/1378056.htm


    C:\WINDOWS\system32\[b:41c4bc3905]gsylvnip[/b:41c4bc3905]

    En dan weer,
    Dubbelklik op [b:41c4bc3905]VirtumundoBeGone.exe[/b:41c4bc3905] en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.

    Als de fix klaar is, start je de pc opnieuw op. (in normale modus)
    Plaats de inhoud van het logbestand [b:41c4bc3905]VBG.TXT[/b:41c4bc3905], dat nu op je bureaublad staat, hier in je volgende bericht samen met een nieuw HJT logje.


    succes

    Juisterr[/quote:41c4bc3905]

    Hoi,


    Nog even een opmerking;
    Bij het verwijderen van de items dmv hijackthis en 'do a system scan only'
    zoals degene zei, stonden deze twee onderstaande items er niet in.

    R3 - URLSearchHook: SweetIM For Internet Explorer -
    {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program
    Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: SweetIM For Internet Explorer -
    {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program
    Files\Macrogaming\SweetIMBarForIE\toolbar.dll


    hier vbg logje:

    [03/25/2007, 14:36:31] - VirtumundoBeGone v1.5 ( "C:\Documents and
    Settings\Administrator\Bureaublad\VirtumundoBeGone.exe" )
    [03/25/2007, 14:36:54] - Detected System Information:
    [03/25/2007, 14:36:54] - Windows Version: 5.1.2600, Service Pack 2
    [03/25/2007, 14:36:54] - Current Username: Administrator (Admin)
    [03/25/2007, 14:36:54] - Windows is in NORMAL mode.
    [03/25/2007, 14:36:54] - Searching for Browser Helper Objects:
    [03/25/2007, 14:36:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (Adobe PDF Reader Link Helper)
    [03/25/2007, 14:36:54] - BHO 2: {14377994-E6A9-40A1-A7C7-608C374B2024} ()
    [03/25/2007, 14:36:54] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:36:54] - Checking for HKLM\…\Winlogon\Notify\opppq
    [03/25/2007, 14:36:54] - Found: HKLM\…\Winlogon\Notify\opppq - This is
    probably Virtumundo.
    [03/25/2007, 14:36:54] - Assigning {14377994-E6A9-40A1-A7C7-608C374B2024}
    MSEvents Object
    [03/25/2007, 14:36:54] - BHO list has been changed! Starting over…
    [03/25/2007, 14:36:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (Adobe PDF Reader Link Helper)
    [03/25/2007, 14:36:54] - BHO 2: {14377994-E6A9-40A1-A7C7-608C374B2024}
    (MSEvents Object)
    [03/25/2007, 14:36:54] - ALERT: Found MSEvents Object!
    [03/25/2007, 14:36:54] - BHO 3: {182B90A3-F372-438A-800C-6814B4DE417B} ()
    [03/25/2007, 14:36:54] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:36:54] - Checking for HKLM\…\Winlogon\Notify\efcddca
    [03/25/2007, 14:36:54] - Found: HKLM\…\Winlogon\Notify\efcddca - This is
    probably Virtumundo.
    [03/25/2007, 14:36:54] - Assigning {182B90A3-F372-438A-800C-6814B4DE417B}
    MSEvents Object
    [03/25/2007, 14:36:55] - BHO list has been changed! Starting over…
    [03/25/2007, 14:36:55] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (Adobe PDF Reader Link Helper)
    [03/25/2007, 14:36:55] - BHO 2: {14377994-E6A9-40A1-A7C7-608C374B2024}
    (MSEvents Object)
    [03/25/2007, 14:36:55] - ALERT: Found MSEvents Object!
    [03/25/2007, 14:36:55] - BHO 3: {182B90A3-F372-438A-800C-6814B4DE417B}
    (MSEvents Object)
    [03/25/2007, 14:36:55] - ALERT: Found MSEvents Object!
    [03/25/2007, 14:36:55] - BHO 4: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
    (SWEETIE Class)
    [03/25/2007, 14:36:55] - BHO 5: {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
    (Skype add-on (mastermind))
    [03/25/2007, 14:36:55] - BHO 6: {5D117BD6-D384-455D-817C-CDBC595A0C0e} ()
    [03/25/2007, 14:36:55] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:36:55] - Checking for HKLM\…\Winlogon\Notify\ggdffjgs
    [03/25/2007, 14:36:55] - Key not found: HKLM\…\Winlogon\Notify\ggdffjgs,
    continuing.
    [03/25/2007, 14:36:56] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (SSVHelper Class)
    [03/25/2007, 14:36:56] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [03/25/2007, 14:36:56] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:36:56] - No filename found. Continuing.
    [03/25/2007, 14:36:56] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (Google Toolbar Helper)
    [03/25/2007, 14:36:56] - BHO 10: {E7C79532-B748-40A4-A54C-6A14569541B7} ()
    [03/25/2007, 14:36:56] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:36:56] - Checking for HKLM\…\Winlogon\Notify\ddcawwx
    [03/25/2007, 14:36:56] - Found: HKLM\…\Winlogon\Notify\ddcawwx - This is
    probably Virtumundo.
    [03/25/2007, 14:36:56] - Assigning {E7C79532-B748-40A4-A54C-6A14569541B7}
    MSEvents Object
    [03/25/2007, 14:36:56] - BHO list has been changed! Starting over…
    [03/25/2007, 14:36:56] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (Adobe PDF Reader Link Helper)
    [03/25/2007, 14:36:56] - BHO 2: {14377994-E6A9-40A1-A7C7-608C374B2024}
    (MSEvents Object)
    [03/25/2007, 14:36:56] - ALERT: Found MSEvents Object!
    [03/25/2007, 14:36:56] - BHO 3: {182B90A3-F372-438A-800C-6814B4DE417B}
    (MSEvents Object)
    [03/25/2007, 14:36:56] - ALERT: Found MSEvents Object!
    [03/25/2007, 14:36:56] - BHO 4: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
    (SWEETIE Class)
    [03/25/2007, 14:36:56] - BHO 5: {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
    (Skype add-on (mastermind))
    [03/25/2007, 14:36:56] - BHO 6: {5D117BD6-D384-455D-817C-CDBC595A0C0e} ()
    [03/25/2007, 14:36:56] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:36:56] - Checking for HKLM\…\Winlogon\Notify\ggdffjgs
    [03/25/2007, 14:36:56] - Key not found: HKLM\…\Winlogon\Notify\ggdffjgs,
    continuing.
    [03/25/2007, 14:36:56] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (SSVHelper Class)
    [03/25/2007, 14:36:56] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [03/25/2007, 14:36:56] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:36:57] - No filename found. Continuing.
    [03/25/2007, 14:36:57] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (Google Toolbar Helper)
    [03/25/2007, 14:36:57] - BHO 10: {E7C79532-B748-40A4-A54C-6A14569541B7}
    (MSEvents Object)
    [03/25/2007, 14:36:57] - ALERT: Found MSEvents Object!
    [03/25/2007, 14:36:57] - Finished Searching Browser Helper Objects
    [03/25/2007, 14:36:57] - *** Detected MSEvents Object
    [03/25/2007, 14:36:57] - Trying to remove MSEvents Object…
    [03/25/2007, 14:36:58] - Terminating Process: IEXPLORE.EXE
    [03/25/2007, 14:36:58] - Terminating Process: RUNDLL32.EXE
    [03/25/2007, 14:36:58] - Disabling Automatic Shell Restart
    [03/25/2007, 14:36:58] - Terminating Process: EXPLORER.EXE
    [03/25/2007, 14:36:59] - Suspending the NT Session Manager System Service
    [03/25/2007, 14:36:59] - Terminating Windows NT Logon/Logoff Manager
    [03/25/2007, 14:36:59] - Re-enabling Automatic Shell Restart
    [03/25/2007, 14:36:59] - File to disable: C:\WINDOWS\system32\opppq.dll
    [03/25/2007, 14:36:59] - Renaming C:\WINDOWS\system32\opppq.dll ->
    C:\WINDOWS\system32\opppq.dll.vir
    [03/25/2007, 14:36:59] - File successfully renamed!
    [03/25/2007, 14:37:00] - Removing HKLM\…\Browser Helper
    Objects\{14377994-E6A9-40A1-A7C7-608C374B2024}
    [03/25/2007, 14:37:00] - Removing
    HKCR\CLSID\{14377994-E6A9-40A1-A7C7-608C374B2024}
    [03/25/2007, 14:37:00] - Adding Kill Bit for ActiveX for GUID:
    {14377994-E6A9-40A1-A7C7-608C374B2024}
    [03/25/2007, 14:37:00] - Deleting ATLEvents/MSEvents Registry entries
    [03/25/2007, 14:37:00] - Removing HKLM\…\Winlogon\Notify\opppq
    [03/25/2007, 14:37:00] - Searching for Browser Helper Objects:
    [03/25/2007, 14:37:00] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (Adobe PDF Reader Link Helper)
    [03/25/2007, 14:37:00] - BHO 2: {182B90A3-F372-438A-800C-6814B4DE417B}
    (MSEvents Object)
    [03/25/2007, 14:37:00] - ALERT: Found MSEvents Object!
    [03/25/2007, 14:37:00] - BHO 3: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
    (SWEETIE Class)
    [03/25/2007, 14:37:00] - BHO 4: {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
    (Skype add-on (mastermind))
    [03/25/2007, 14:37:00] - BHO 5: {5D117BD6-D384-455D-817C-CDBC595A0C0e} ()
    [03/25/2007, 14:37:00] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:37:00] - Checking for HKLM\…\Winlogon\Notify\ggdffjgs
    [03/25/2007, 14:37:00] - Key not found: HKLM\…\Winlogon\Notify\ggdffjgs,
    continuing.
    [03/25/2007, 14:37:00] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (SSVHelper Class)
    [03/25/2007, 14:37:00] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [03/25/2007, 14:37:00] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:37:00] - No filename found. Continuing.
    [03/25/2007, 14:37:00] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (Google Toolbar Helper)
    [03/25/2007, 14:37:00] - BHO 9: {E7C79532-B748-40A4-A54C-6A14569541B7}
    (MSEvents Object)
    [03/25/2007, 14:37:00] - ALERT: Found MSEvents Object!
    [03/25/2007, 14:37:00] - Finished Searching Browser Helper Objects
    [03/25/2007, 14:37:00] - *** Detected MSEvents Object
    [03/25/2007, 14:37:00] - Trying to remove MSEvents Object…
    [03/25/2007, 14:37:01] - Terminating Process: IEXPLORE.EXE
    [03/25/2007, 14:37:01] - Terminating Process: RUNDLL32.EXE
    [03/25/2007, 14:37:01] - Disabling Automatic Shell Restart
    [03/25/2007, 14:37:01] - Terminating Process: EXPLORER.EXE
    [03/25/2007, 14:37:01] - Suspending the NT Session Manager System Service
    [03/25/2007, 14:37:02] - Terminating Windows NT Logon/Logoff Manager
    [03/25/2007, 14:37:02] - Re-enabling Automatic Shell Restart
    [03/25/2007, 14:37:02] - File to disable: C:\WINDOWS\system32\efcddca.dll
    [03/25/2007, 14:37:02] - Renaming C:\WINDOWS\system32\efcddca.dll ->
    C:\WINDOWS\system32\efcddca.dll.vir
    [03/25/2007, 14:37:02] - File successfully renamed!
    [03/25/2007, 14:37:02] - Removing HKLM\…\Browser Helper
    Objects\{182B90A3-F372-438A-800C-6814B4DE417B}
    [03/25/2007, 14:37:02] - Removing
    HKCR\CLSID\{182B90A3-F372-438A-800C-6814B4DE417B}
    [03/25/2007, 14:37:02] - Adding Kill Bit for ActiveX for GUID:
    {182B90A3-F372-438A-800C-6814B4DE417B}
    [03/25/2007, 14:37:02] - Deleting ATLEvents/MSEvents Registry entries
    [03/25/2007, 14:37:02] - Removing HKLM\…\Winlogon\Notify\efcddca
    [03/25/2007, 14:37:02] - Searching for Browser Helper Objects:
    [03/25/2007, 14:37:02] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (Adobe PDF Reader Link Helper)
    [03/25/2007, 14:37:02] - BHO 2: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
    (SWEETIE Class)
    [03/25/2007, 14:37:02] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
    (Skype add-on (mastermind))
    [03/25/2007, 14:37:02] - BHO 4: {5D117BD6-D384-455D-817C-CDBC595A0C0e} ()
    [03/25/2007, 14:37:02] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:37:02] - Checking for HKLM\…\Winlogon\Notify\ggdffjgs
    [03/25/2007, 14:37:02] - Key not found: HKLM\…\Winlogon\Notify\ggdffjgs,
    continuing.
    [03/25/2007, 14:37:02] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (SSVHelper Class)
    [03/25/2007, 14:37:02] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [03/25/2007, 14:37:02] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:37:02] - No filename found. Continuing.
    [03/25/2007, 14:37:02] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (Google Toolbar Helper)
    [03/25/2007, 14:37:02] - BHO 8: {E7C79532-B748-40A4-A54C-6A14569541B7}
    (MSEvents Object)
    [03/25/2007, 14:37:02] - ALERT: Found MSEvents Object!
    [03/25/2007, 14:37:02] - Finished Searching Browser Helper Objects
    [03/25/2007, 14:37:03] - *** Detected MSEvents Object
    [03/25/2007, 14:37:03] - Trying to remove MSEvents Object…
    [03/25/2007, 14:37:04] - Terminating Process: IEXPLORE.EXE
    [03/25/2007, 14:37:04] - Terminating Process: RUNDLL32.EXE
    [03/25/2007, 14:37:04] - Disabling Automatic Shell Restart
    [03/25/2007, 14:37:04] - Terminating Process: EXPLORER.EXE
    [03/25/2007, 14:37:04] - Suspending the NT Session Manager System Service
    [03/25/2007, 14:37:04] - Terminating Windows NT Logon/Logoff Manager
    [03/25/2007, 14:37:04] - Re-enabling Automatic Shell Restart
    [03/25/2007, 14:37:04] - File to disable: C:\WINDOWS\system32\ddcawwx.dll
    [03/25/2007, 14:37:04] - Renaming C:\WINDOWS\system32\ddcawwx.dll ->
    C:\WINDOWS\system32\ddcawwx.dll.vir
    [03/25/2007, 14:37:04] - File successfully renamed!
    [03/25/2007, 14:37:04] - Removing HKLM\…\Browser Helper
    Objects\{E7C79532-B748-40A4-A54C-6A14569541B7}
    [03/25/2007, 14:37:04] - Removing
    HKCR\CLSID\{E7C79532-B748-40A4-A54C-6A14569541B7}
    [03/25/2007, 14:37:04] - Adding Kill Bit for ActiveX for GUID:
    {E7C79532-B748-40A4-A54C-6A14569541B7}
    [03/25/2007, 14:37:04] - Deleting ATLEvents/MSEvents Registry entries
    [03/25/2007, 14:37:04] - Removing HKLM\…\Winlogon\Notify\ddcawwx
    [03/25/2007, 14:37:04] - Searching for Browser Helper Objects:
    [03/25/2007, 14:37:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (Adobe PDF Reader Link Helper)
    [03/25/2007, 14:37:04] - BHO 2: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
    (SWEETIE Class)
    [03/25/2007, 14:37:04] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
    (Skype add-on (mastermind))
    [03/25/2007, 14:37:04] - BHO 4: {5D117BD6-D384-455D-817C-CDBC595A0C0e} ()
    [03/25/2007, 14:37:04] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:37:05] - Checking for HKLM\…\Winlogon\Notify\ggdffjgs
    [03/25/2007, 14:37:05] - Key not found: HKLM\…\Winlogon\Notify\ggdffjgs,
    continuing.
    [03/25/2007, 14:37:05] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (SSVHelper Class)
    [03/25/2007, 14:37:05] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [03/25/2007, 14:37:05] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 14:37:05] - No filename found. Continuing.
    [03/25/2007, 14:37:05] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (Google Toolbar Helper)
    [03/25/2007, 14:37:05] - Finished Searching Browser Helper Objects
    [03/25/2007, 14:37:05] - Finishing up…
    [03/25/2007, 14:37:05] - A restart is needed.
    [03/25/2007, 14:37:25] - Attempting to Restart via STOP error (Blue Screen!)

    [03/25/2007, 22:47:21] - VirtumundoBeGone v1.5 ( "C:\Documents and
    Settings\Administrator\Bureaublad\VirtumundoBeGone.exe" )
    [03/25/2007, 22:47:32] - Detected System Information:
    [03/25/2007, 22:47:32] - Windows Version: 5.1.2600, Service Pack 2
    [03/25/2007, 22:47:32] - Current Username: Administrator (Admin)
    [03/25/2007, 22:47:32] - Windows is in SAFE mode with Networking.
    [03/25/2007, 22:47:32] - Searching for Browser Helper Objects:
    [03/25/2007, 22:47:32] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (Adobe PDF Reader Link Helper)
    [03/25/2007, 22:47:32] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
    (Skype add-on (mastermind))
    [03/25/2007, 22:47:32] - BHO 3: {27C88612-0F61-416A-A4C0-EB4C4A8AE3E6} ()
    [03/25/2007, 22:47:32] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 22:47:32] - Checking for HKLM\…\Winlogon\Notify\rqoon
    [03/25/2007, 22:47:32] - Found: HKLM\…\Winlogon\Notify\rqoon - This is
    probably Virtumundo.
    [03/25/2007, 22:47:32] - Assigning {27C88612-0F61-416A-A4C0-EB4C4A8AE3E6}
    MSEvents Object
    [03/25/2007, 22:47:32] - BHO list has been changed! Starting over…
    [03/25/2007, 22:47:32] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (Adobe PDF Reader Link Helper)
    [03/25/2007, 22:47:32] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
    (Skype add-on (mastermind))
    [03/25/2007, 22:47:32] - BHO 3: {27C88612-0F61-416A-A4C0-EB4C4A8AE3E6}
    (MSEvents Object)
    [03/25/2007, 22:47:33] - ALERT: Found MSEvents Object!
    [03/25/2007, 22:47:33] - BHO 4: {5D117BD6-D384-455D-817C-CDBC595A0C0e} ()
    [03/25/2007, 22:47:33] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 22:47:33] - Checking for HKLM\…\Winlogon\Notify\ggdffjgs
    [03/25/2007, 22:47:33] - Key not found: HKLM\…\Winlogon\Notify\ggdffjgs,
    continuing.
    [03/25/2007, 22:47:33] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (SSVHelper Class)
    [03/25/2007, 22:47:33] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [03/25/2007, 22:47:33] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 22:47:33] - No filename found. Continuing.
    [03/25/2007, 22:47:33] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (Google Toolbar Helper)
    [03/25/2007, 22:47:33] - BHO 8: {D38439EC-4A7F-42b4-90C2-D810D7778FDD} ()
    [03/25/2007, 22:47:33] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 22:47:33] - Checking for HKLM\…\Winlogon\Notify\wmtpurdl
    [03/25/2007, 22:47:33] - Key not found: HKLM\…\Winlogon\Notify\wmtpurdl,
    continuing.
    [03/25/2007, 22:47:33] - BHO 9: {E7C79532-B748-40A4-A54C-6A14569541B7} ()
    [03/25/2007, 22:47:33] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 22:47:33] - Checking for HKLM\…\Winlogon\Notify\ddcddda
    [03/25/2007, 22:47:33] - Found: HKLM\…\Winlogon\Notify\ddcddda - This is
    probably Virtumundo.
    [03/25/2007, 22:47:33] - Assigning {E7C79532-B748-40A4-A54C-6A14569541B7}
    MSEvents Object
    [03/25/2007, 22:47:33] - BHO list has been changed! Starting over…
    [03/25/2007, 22:47:33] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (Adobe PDF Reader Link Helper)
    [03/25/2007, 22:47:33] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
    (Skype add-on (mastermind))
    [03/25/2007, 22:47:33] - BHO 3: {27C88612-0F61-416A-A4C0-EB4C4A8AE3E6}
    (MSEvents Object)
    [03/25/2007, 22:47:33] - ALERT: Found MSEvents Object!
    [03/25/2007, 22:47:33] - BHO 4: {5D117BD6-D384-455D-817C-CDBC595A0C0e} ()
    [03/25/2007, 22:47:33] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 22:47:33] - Checking for HKLM\…\Winlogon\Notify\ggdffjgs
    [03/25/2007, 22:47:33] - Key not found: HKLM\…\Winlogon\Notify\ggdffjgs,
    continuing.
    [03/25/2007, 22:47:33] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (SSVHelper Class)
    [03/25/2007, 22:47:33] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [03/25/2007, 22:47:33] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 22:47:33] - No filename found. Continuing.
    [03/25/2007, 22:47:33] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (Google Toolbar Helper)
    [03/25/2007, 22:47:33] - BHO 8: {D38439EC-4A7F-42b4-90C2-D810D7778FDD} ()
    [03/25/2007, 22:47:33] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 22:47:33] - Checking for HKLM\…\Winlogon\Notify\wmtpurdl
    [03/25/2007, 22:47:33] - Key not found: HKLM\…\Winlogon\Notify\wmtpurdl,
    continuing.
    [03/25/2007, 22:47:33] - BHO 9: {E7C79532-B748-40A4-A54C-6A14569541B7}
    (MSEvents Object)
    [03/25/2007, 22:47:33] - ALERT: Found MSEvents Object!
    [03/25/2007, 22:47:33] - Finished Searching Browser Helper Objects
    [03/25/2007, 22:47:33] - *** Detected MSEvents Object
    [03/25/2007, 22:47:33] - Trying to remove MSEvents Object…
    [03/25/2007, 22:47:34] - Terminating Process: IEXPLORE.EXE
    [03/25/2007, 22:47:35] - Terminating Process: RUNDLL32.EXE
    [03/25/2007, 22:47:35] - Disabling Automatic Shell Restart
    [03/25/2007, 22:47:35] - Terminating Process: EXPLORER.EXE
    [03/25/2007, 22:47:35] - Suspending the NT Session Manager System Service
    [03/25/2007, 22:47:35] - Terminating Windows NT Logon/Logoff Manager
    [03/25/2007, 22:47:35] - Re-enabling Automatic Shell Restart
    [03/25/2007, 22:47:35] - File to disable: C:\WINDOWS\system32\rqoon.dll
    [03/25/2007, 22:47:35] - Renaming C:\WINDOWS\system32\rqoon.dll ->
    C:\WINDOWS\system32\rqoon.dll.vir
    [03/25/2007, 22:47:36] - File successfully renamed!
    [03/25/2007, 22:47:36] - Removing HKLM\…\Browser Helper
    Objects\{27C88612-0F61-416A-A4C0-EB4C4A8AE3E6}
    [03/25/2007, 22:47:36] - Removing
    HKCR\CLSID\{27C88612-0F61-416A-A4C0-EB4C4A8AE3E6}
    [03/25/2007, 22:47:36] - Adding Kill Bit for ActiveX for GUID:
    {27C88612-0F61-416A-A4C0-EB4C4A8AE3E6}
    [03/25/2007, 22:47:36] - Deleting ATLEvents/MSEvents Registry entries
    [03/25/2007, 22:47:36] - Removing HKLM\…\Winlogon\Notify\rqoon
    [03/25/2007, 22:47:36] - Searching for Browser Helper Objects:
    [03/25/2007, 22:47:36] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (Adobe PDF Reader Link Helper)
    [03/25/2007, 22:47:36] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
    (Skype add-on (mastermind))
    [03/25/2007, 22:47:36] - BHO 3: {5D117BD6-D384-455D-817C-CDBC595A0C0e} ()
    [03/25/2007, 22:47:36] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 22:47:36] - Checking for HKLM\…\Winlogon\Notify\ggdffjgs
    [03/25/2007, 22:47:36] - Key not found: HKLM\…\Winlogon\Notify\ggdffjgs,
    continuing.
    [03/25/2007, 22:47:36] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (SSVHelper Class)
    [03/25/2007, 22:47:36] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [03/25/2007, 22:47:36] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 22:47:36] - No filename found. Continuing.
    [03/25/2007, 22:47:36] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (Google Toolbar Helper)
    [03/25/2007, 22:47:36] - BHO 7: {D38439EC-4A7F-42b4-90C2-D810D7778FDD} ()
    [03/25/2007, 22:47:36] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 22:47:36] - Checking for HKLM\…\Winlogon\Notify\wmtpurdl
    [03/25/2007, 22:47:36] - Key not found: HKLM\…\Winlogon\Notify\wmtpurdl,
    continuing.
    [03/25/2007, 22:47:36] - BHO 8: {E7C79532-B748-40A4-A54C-6A14569541B7}
    (MSEvents Object)
    [03/25/2007, 22:47:36] - ALERT: Found MSEvents Object!
    [03/25/2007, 22:47:36] - Finished Searching Browser Helper Objects
    [03/25/2007, 22:47:36] - *** Detected MSEvents Object
    [03/25/2007, 22:47:36] - Trying to remove MSEvents Object…
    [03/25/2007, 22:47:37] - Terminating Process: IEXPLORE.EXE
    [03/25/2007, 22:47:37] - Terminating Process: RUNDLL32.EXE
    [03/25/2007, 22:47:37] - Disabling Automatic Shell Restart
    [03/25/2007, 22:47:37] - Terminating Process: EXPLORER.EXE
    [03/25/2007, 22:47:37] - Suspending the NT Session Manager System Service
    [03/25/2007, 22:47:37] - Terminating Windows NT Logon/Logoff Manager
    [03/25/2007, 22:47:37] - Re-enabling Automatic Shell Restart
    [03/25/2007, 22:47:37] - File to disable: C:\WINDOWS\system32\ddcddda.dll
    [03/25/2007, 22:47:37] - Renaming C:\WINDOWS\system32\ddcddda.dll ->
    C:\WINDOWS\system32\ddcddda.dll.vir
    [03/25/2007, 22:47:37] - File successfully renamed!
    [03/25/2007, 22:47:37] - Removing HKLM\…\Browser Helper
    Objects\{E7C79532-B748-40A4-A54C-6A14569541B7}
    [03/25/2007, 22:47:37] - Removing
    HKCR\CLSID\{E7C79532-B748-40A4-A54C-6A14569541B7}
    [03/25/2007, 22:47:37] - Adding Kill Bit for ActiveX for GUID:
    {E7C79532-B748-40A4-A54C-6A14569541B7}
    [03/25/2007, 22:47:37] - Deleting ATLEvents/MSEvents Registry entries
    [03/25/2007, 22:47:37] - Removing HKLM\…\Winlogon\Notify\ddcddda
    [03/25/2007, 22:47:37] - Searching for Browser Helper Objects:
    [03/25/2007, 22:47:37] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (Adobe PDF Reader Link Helper)
    [03/25/2007, 22:47:37] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
    (Skype add-on (mastermind))
    [03/25/2007, 22:47:38] - BHO 3: {5D117BD6-D384-455D-817C-CDBC595A0C0e} ()
    [03/25/2007, 22:47:38] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 22:47:38] - Checking for HKLM\…\Winlogon\Notify\ggdffjgs
    [03/25/2007, 22:47:38] - Key not found: HKLM\…\Winlogon\Notify\ggdffjgs,
    continuing.
    [03/25/2007, 22:47:38] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (SSVHelper Class)
    [03/25/2007, 22:47:38] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [03/25/2007, 22:47:38] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 22:47:38] - No filename found. Continuing.
    [03/25/2007, 22:47:38] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (Google Toolbar Helper)
    [03/25/2007, 22:47:38] - BHO 7: {D38439EC-4A7F-42b4-90C2-D810D7778FDD} ()
    [03/25/2007, 22:47:38] - WARNING: BHO has no default name. Checking for
    Winlogon reference.
    [03/25/2007, 22:47:38] - Checking for HKLM\…\Winlogon\Notify\wmtpurdl
    [03/25/2007, 22:47:38] - Key not found: HKLM\…\Winlogon\Notify\wmtpurdl,
    continuing.
    [03/25/2007, 22:47:38] - Finished Searching Browser Helper Objects
    [03/25/2007, 22:47:38] - Finishing up…
    [03/25/2007, 22:47:38] - A restart is needed.
    [03/25/2007, 22:48:24] - Attempting to Restart via STOP error (Blue Screen!)

    hier hijackthis logje:

    Logfile of HijackThis v1.99.1
    Scan saved at 22:54:51, on 25-3-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program
    Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tijdelijke map 2 voor
    hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.startpagina.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper -
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
    7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
    - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: (no name) - {5D117BD6-D384-455D-817C-CDBC595A0C0e} -
    C:\WINDOWS\system32\ggdffjgs.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
    C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {E7C79532-B748-40A4-A54C-6A14569541B7} -
    C:\WINDOWS\system32\khffccc.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Toepassingen\Adobe
    Photoshop\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
    Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundService] rundll32.exe
    "C:\WINDOWS\system32\qswxpdjm.dll",setvm
    O4 - HKLM\..\Run: [MSConfig]
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google
    Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe"
    /background
    O4 - HKCU\..\Run: [swg] C:\Program
    Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel -
    res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
    C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
    http://ax.emsisoft.com/asquared.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
    C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
    C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
    C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: khffccc - C:\WINDOWS\SYSTEM32\khffccc.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
    Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software -
    C:\Program Files\Ahead\InCD\InCDsrv.exe


    hartelijk dank vanuit deze kant. :D :D :D :D :D
  • Beter maar nog niet goed, zit zo te zien nog een infectie in.

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:c5da7fcc93]
    O2 - BHO: (no name) - {5D117BD6-D384-455D-817C-CDBC595A0C0e} -C:\WINDOWS\system32\ggdffjgs.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {E7C79532-B748-40A4-A54C-6A14569541B7} -C:\WINDOWS\system32\khffccc.dll
    O4 - HKLM\..\Run: [SoundService] rundll32.exe"C:\WINDOWS\system32\qswxpdjm.dll",setvm
    O20 - Winlogon Notify: khffccc - C:\WINDOWS\SYSTEM32\khffccc.dll
    [/b:c5da7fcc93]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.



    Download:
    Sla het bestand op je bureaublad op, daarna dubbelklikken.
    Mogelijk start de uninstaller van een rogue scanner op, sluit deze niet af maar laat deze zijn werk doen.

    Daarna de [b:c5da7fcc93]PC herstarten[/b:c5da7fcc93] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken.
    Post daarna het logje C:\[b:c5da7fcc93]RVAXO-results.log[/b:c5da7fcc93] in je volgende bericht tesamen met een nieuw logje van HijackThis.

    Succes
  • [quote:2b165f1489="juisterr"]Beter maar nog niet goed, zit zo te zien nog een infectie in.

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:2b165f1489]
    O2 - BHO: (no name) - {5D117BD6-D384-455D-817C-CDBC595A0C0e} -C:\WINDOWS\system32\ggdffjgs.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {E7C79532-B748-40A4-A54C-6A14569541B7} -C:\WINDOWS\system32\khffccc.dll
    O4 - HKLM\..\Run: [SoundService] rundll32.exe"C:\WINDOWS\system32\qswxpdjm.dll",setvm
    O20 - Winlogon Notify: khffccc - C:\WINDOWS\SYSTEM32\khffccc.dll
    [/b:2b165f1489]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.



    Download:
    Sla het bestand op je bureaublad op, daarna dubbelklikken.
    Mogelijk start de uninstaller van een rogue scanner op, sluit deze niet af maar laat deze zijn werk doen.

    Daarna de [b:2b165f1489]PC herstarten[/b:2b165f1489] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken.
    Post daarna het logje C:\[b:2b165f1489]RVAXO-results.log[/b:2b165f1489] in je volgende bericht tesamen met een nieuw logje van HijackThis.

    Succes[/quote:2b165f1489]
    Hoi,

    Opmerking: Bij het uitvoeren van de 'system scan only' via hijackthis heb ik
    de volgende items niet kunnen vinden en dus ook niet kunnen verwijderen.


    O2 - BHO: (no name) - {5D117BD6-D384-455D-817C-CDBC595A0C0e}
    -C:\WINDOWS\system32\ggdffjgs.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {E7C79532-B748-40A4-A54C-6A14569541B7}
    -C:\WINDOWS\system32\khffccc.dll
    O20 - Winlogon Notify: khffccc - C:\WINDOWS\SYSTEM32\khffccc.dll

    —————-RemoveVideoActiveXObject.exe first run————-

    Files found:


    Uninstallers Rogue scanners:


    Folders Found:


    ————–RemoveVideoActiveXObject.exe last run—————

    Files found:


    Uninstallers Rogue scanners:


    Folders Found:

    Logfile of HijackThis v1.99.1
    Scan saved at 8:26:11, on 26-3-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program
    Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tijdelijke map 1 voor
    hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.startpagina.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    Koppelingen
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Toepassingen\Adobe
    Photoshop\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
    Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundService] rundll32.exe
    "C:\WINDOWS\system32\llvxnjjx.dll",setvm
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google
    Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe"
    /background
    O4 - HKCU\..\Run: [swg] C:\Program
    Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel -
    res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
    C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
    http://ax.emsisoft.com/asquared.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
    C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
    C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
    C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
    Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software -
    C:\Program Files\Ahead\InCD\InCDsrv.exe


    hopelijk dat dit duidelijk is….thanx ook van mijn nichtje.. :wink: :x :lol: :) :D
  • Ja hoor, duidelijk.

    Download [b:21892118c6]Combofix[/b:21892118c6] naar je Bureaublad.


    Ga naar Start - Uitvoeren en geef hier met behulp van kopiëren en plakken het volgende commando in:

    [b:21892118c6]"%userprofile%\Bureaublad\Combofix.exe" /v ggdffjgs khffccc[/b:21892118c6]

    Bevestig dit met OK.

    Combofix zal starten en je PC zal rebooten, na de herstart opent het logje van Combofix, post dit in je volgende antwoord tesamen met een nieuw logje van HijackThis.
  • [quote:0612699849="juisterr"]Ja hoor, duidelijk.

    Download [b:0612699849]Combofix[/b:0612699849] naar je Bureaublad.


    Ga naar Start - Uitvoeren en geef hier met behulp van kopiëren en plakken het volgende commando in:

    [b:0612699849]"%userprofile%\Bureaublad\Combofix.exe" /v ggdffjgs khffccc[/b:0612699849]

    Bevestig dit met OK.

    Combofix zal starten en je PC zal rebooten, na de herstart opent het logje van Combofix, post dit in je volgende antwoord tesamen met een nieuw logje van HijackThis.[/quote:0612699849]

    Hoi,


    Heb weer een opmerking;
    Er stond Ga naar Strat - uitvoeren en geef mbv van kopieren en plakken het
    volgende commando in:

    %userprofile%\Bureaublad\Combofix.exe/v ggdffjgs khffccc en bevestig dit met
    OK.

    Dit bestandje heb ik niet kunnen vinden.
    Ik heb wel de combofix uitgevoerd en daar is wel logje van gemaakt.

    "Administrator" - 07-03-28 17:23:32 Service Pack 2
    ComboFix 07-03-27.4 - Running from: "C:\Documents and
    Settings\Administrator\Bureaublad"


    ((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to
    2007-03-28 ))))))))))))))))))))))))))))))))))


    2007-03-28 17:16 <DIR> dr-h—– C:\DOCUME~1\ADMINI~1\Onlangs geopend
    2007-03-28 10:28 132,116 –a—— C:\WINDOWS\system32\euoricin.dll
    2007-03-28 09:25 26,730 –a—— C:\WINDOWS\system32\iiffefc.dll
    2007-03-27 10:27 48,708 –a—— C:\WINDOWS\system32\sswfwkww.dll
    2007-03-26
    08:22 21,193 –a—— C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
    2007-03-26 08:18 69,632 –a—— C:\WINDOWS\system32\remove.exe
    2007-03-26 08:15 123,972 –a—— C:\WINDOWS\system32\llvxnjjx.dll
    2007-03-26 08:11 619,555 —hs—- C:\WINDOWS\system32\oonmp.bak2
    2007-03-25 23:00 452,758 —hs—- C:\WINDOWS\system32\oonmp.bak1
    2007-03-25 23:00 132,116 –a—— C:\WINDOWS\system32\wjvkkfcn.dll
    2007-03-25 22:59 280,676 —hs—- C:\WINDOWS\system32\pmnoo.dll
    2007-03-25 22:38 <DIR> d——– C:\WINDOWS\pss
    2007-03-25 12:45 451,903 —hs—- C:\WINDOWS\system32\qpppo.bak1
    2007-03-25 12:45 280,676 –ahs—- C:\WINDOWS\system32\opppq.dll.vir
    2007-03-25 11:38 280,676 —hs—- C:\WINDOWS\system32\rqopq.dll
    2007-03-24 22:56 132,116 –a—— C:\WINDOWS\system32\ggdffjgs.dll
    2007-03-24 22:09 132,116 –a—— C:\WINDOWS\system32\ksjaxxfm.dll
    2007-03-24 17:50 48,660 –a—— C:\WINDOWS\system32\tuyiwkyh.dll
    2007-03-24 02:29 26,730 –a—— C:\WINDOWS\system32\efcddca.dll.vir
    2007-03-23 23:25 461,755 —hs—- C:\WINDOWS\system32\nooqr.ini2
    2007-03-23 23:07 <DIR> d——– C:\Program Files\Common Files\PC Tools
    2007-03-23 23:06 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-03-22 15:03 <DIR> d——– C:\WINDOWS\SxsCaPendDel
    2007-03-22 13:55 26,685 —hs—- C:\WINDOWS\system32\rqrsroo.dll
    2007-03-22 13:10 26,685 —hs—- C:\WINDOWS\system32\rqrsrro.dll
    2007-03-22 13:07 26,685 —hs—- C:\WINDOWS\system32\khffccc.dll
    2007-03-22 10:34 26,685 —hs—- C:\WINDOWS\system32\khfgedb.dll
    2007-03-22 02:41 26,685 —hs—- C:\WINDOWS\system32\xxyxutq.dll
    2007-03-22 01:48 461,375 —hs—- C:\WINDOWS\system32\nooqr.bak2
    2007-03-22 01:04 26,685 —hs—- C:\WINDOWS\system32\qomnmnk.dll
    2007-03-22 00:55 280,676 —hs—- C:\WINDOWS\system32\efecd.dll
    2007-03-22 00:50 26,685 –ahs—- C:\WINDOWS\system32\ddcddda.dll.vir
    2007-03-22 00:40 26,685 —hs—- C:\WINDOWS\system32\urqqnoo.dll
    2007-03-22 00:20 26,685 —hs—- C:\WINDOWS\system32\ddcyawt.dll
    2007-03-22 00:19 26,685 —hs—- C:\WINDOWS\system32\rqrrpmj.dll
    2007-03-21 23:42 26,685 —hs—- C:\WINDOWS\system32\vtuuutu.dll
    2007-03-21 22:25 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot -
    Search & Destroy
    2007-03-21 22:19 443,870 —hs—- C:\WINDOWS\system32\nooqr.bak1
    2007-03-21 22:18 280,676 –ahs—- C:\WINDOWS\system32\rqoon.dll.vir
    2007-03-21 22:18 280,676 —hs—- C:\WINDOWS\system32\vtusq.dll
    2007-03-21 22:13 26,685 —hs—- C:\WINDOWS\system32\fccbcca.dll
    2007-03-21 22:12 26,685 –ahs—- C:\WINDOWS\system32\ddcawwx.dll.vir
    2007-03-21 22:11 <DIR> d-a—— C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-03-05
    09:56 67,976 –a—— C:\DOCUME~1\ADMINI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
    2007-03-04 15:11 <DIR> d——– C:\Program Files\Last.fm
    2007-03-04 15:02 <DIR> d——– C:\DOCUME~1\ADMINI~1\Incomplete
    2007-03-04 15:02 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\LimeWire
    2007-03-04 15:01 <DIR> d——– C:\Program Files\LimeWire
    2007-03-01 19:29 <DIR> d——– C:\Program Files\vso


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report
    )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-03-25 22:13 ——– d——– C:\Program Files\macrogaming
    2007-03-25 12:36 ——– d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\skype
    2007-03-25 11:41 54262 –a—— C:\WINDOWS\system32\perfc013.dat
    2007-03-25 11:41 367234 –a—— C:\WINDOWS\system32\perfh013.dat
    2007-03-22 18:09 ——– d——– C:\Program Files\msn messenger
    2007-03-20 15:47 ——– d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\azureus
    2007-03-03 11:33 ——– d——– C:\Program Files\java
    2007-03-02 10:36 ——– d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\vso
    2007-03-01 19:30 87608 –a—— C:\DOCUME~1\ADMINI~1\APPLIC~1\ezpinst.exe
    2007-03-01 19:30 7824 –a—— C:\DOCUME~1\ADMINI~1\APPLIC~1\pcouffin.cat
    2007-03-01 19:30 47360 –a—— C:\WINDOWS\system32\drivers\pcouffin.sys
    2007-03-01 19:30 47360 –a—— C:\DOCUME~1\ADMINI~1\APPLIC~1\pcouffin.sys
    2007-03-01 19:30 34 –a—— C:\DOCUME~1\ADMINI~1\APPLIC~1\pcouffin.log
    2007-03-01 19:30 1144 –a—— C:\DOCUME~1\ADMINI~1\APPLIC~1\pcouffin.inf
    2007-02-23 11:35 ——– d——– C:\Program Files\windows media connect 2
    2007-02-18 22:18 ——– d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\dvdcss
    2007-02-17 16:20 ——– d——– C:\Program Files\avisynth 2.5
    2007-02-17 16:20 ——– d——– C:\Program Files\avi2dvd
    2007-02-15 03:54 ——– d——– C:\Program Files\google
    2007-02-06 18:22 646392 –a—— C:\WINDOWS\system32\drivers\sptd.sys
    2007-02-05 22:09 ——– d——– C:\Program Files\microsoft activesync
    2007-01-31 00:33 ——– d——– C:\Program Files\skype
    2007-01-31 00:33 ——– d——– C:\Program Files\Common Files\skype
    2007-01-19 20:03 4608 –a—— C:\WINDOWS\system32\w95inf32.dll
    2007-01-19 20:03 2272 –a—— C:\WINDOWS\system32\w95inf16.dll
    2007-01-19 13:53 51056 –a—— C:\WINDOWS\system32\sirenacm.dll
    2007-01-19 13:09 6 –a—— C:\DOCUME~1\ADMINI~1\APPLIC~1\dm.ini
    2007-01-19 13:09 1217 –a—— C:\DOCUME~1\ADMINI~1\APPLIC~1\adobedlm.log
    2007-01-15 19:32 689280 –a—— C:\WINDOWS\system32\aswboot.exe
    2007-01-15 19:23 90112 –a—— C:\WINDOWS\system32\avastss.scr


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points
    ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop
    Search\\GoogleDesktop.exe\" /startup"
    "MsnMsgr"="~\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "swg"="C:\\Program
    Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "Adobe Photo Downloader"="\"G:\\Toepassingen\\Adobe
    Photoshop\\3.0\\Apps\\apdproxy.exe\""
    "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
    "SunJavaUpdateSched"="\"C:\\Program
    Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
    "SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\llvxnjjx.dll\",setvm"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
    33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{182B90A3-F372-438A-800C-6814B4DE417B}"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"=dword:00000001

    HKEY_LOCAL_MACHINE\software\microsoft\windows
    nt\currentversion\winlogon\notify\iiffefc
    HKEY_LOCAL_MACHINE\software\microsoft\windows
    nt\currentversion\winlogon\notify\pmnoo

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ
    Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October
    2006
    http://www.gmer.net

    scanning hidden processes …

    scanning hidden services …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-03-28 17:28:01

    Logfile of HijackThis v1.99.1
    Scan saved at 17:38:22, on 28-3-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program
    Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tijdelijke map 1 voor
    hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.startpagina.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    Koppelingen
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Toepassingen\Adobe
    Photoshop\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
    Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundService] rundll32.exe
    "C:\WINDOWS\system32\llvxnjjx.dll",setvm
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google
    Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe"
    /background
    O4 - HKCU\..\Run: [swg] C:\Program
    Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel -
    res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
    C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
    http://ax.emsisoft.com/asquared.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
    C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
    C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
    C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
    Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software -
    C:\Program Files\Ahead\InCD\InCDsrv.exe


    hopelijk dat het verder helpt grtjes en many thanx…. :( :) :D :lol:
  • Hardnekkig he,

    Combofix heb je nog op je bureaublad? Ik ga er even van uit, download het anders even opnieuw.

    Volg onderstaande stappen aub.

    Ga naar Start - Uitvoeren en geef hier met behulp van kopiëren en plakken het volgende commando in:

    [b:a6f58a53c9]"%userprofile%\Bureaublad\Combofix.exe" /v iiffefc pmnoo[/b:a6f58a53c9]
    Bevestig dit met OK.

    Combofix zal starten en je PC zal rebooten, na de herstart opent het logje van Combofix, post dit in je volgende antwoord tesamen met een nieuw logje van HijackThis.
  • [quote:c104c82e40="juisterr"]Hardnekkig he,

    Combofix heb je nog op je bureaublad? Ik ga er even van uit, download het anders even opnieuw.

    Volg onderstaande stappen aub.

    Ga naar Start - Uitvoeren en geef hier met behulp van kopiëren en plakken het volgende commando in:

    [b:c104c82e40]"%userprofile%\Bureaublad\Combofix.exe" /v iiffefc pmnoo[/b:c104c82e40]
    Bevestig dit met OK.

    Combofix zal starten en je PC zal rebooten, na de herstart opent het logje van Combofix, post dit in je volgende antwoord tesamen met een nieuw logje van HijackThis.[/quote:c104c82e40]

    Hier een combofix log:

    "Administrator" - 07-03-29 9:48:17 Service Pack 2
    ComboFix 07-03-27.4 - Running from: "C:\Documents and
    Settings\Administrator\Bureaublad"
    Command switches used :: /v iiffefc pmnoo


    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log
    )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\iiffefc.dll
    C:\WINDOWS\system32\pmnoo.dll
    C:\WINDOWS\system32\oonmp.bak1
    C:\WINDOWS\system32\oonmp.bak2
    C:\WINDOWS\system32\oonmp.ini


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * *
    * * * * * * * * * * *



    ((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to
    2007-03-29 ))))))))))))))))))))))))))))))))))


    2007-03-28 23:33 <DIR> dr-h—– C:\DOCUME~1\ADMINI~1\Onlangs geopend
    2007-03-28 10:28 132,116 –a—— C:\WINDOWS\system32\euoricin.dll
    2007-03-27 10:27 48,708 –a—— C:\WINDOWS\system32\sswfwkww.dll
    2007-03-26
    08:22 21,193 –a—— C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
    2007-03-26 08:18 69,632 –a—— C:\WINDOWS\system32\remove.exe
    2007-03-26 08:15 123,972 –a—— C:\WINDOWS\system32\llvxnjjx.dll
    2007-03-25 23:00 132,116 –a—— C:\WINDOWS\system32\wjvkkfcn.dll
    2007-03-25 22:38 <DIR> d——– C:\WINDOWS\pss
    2007-03-25 12:45 451,903 —hs—- C:\WINDOWS\system32\qpppo.bak1
    2007-03-25 11:38 280,676 —hs—- C:\WINDOWS\system32\rqopq.dll
    2007-03-24 22:56 132,116 –a—— C:\WINDOWS\system32\ggdffjgs.dll
    2007-03-24 22:09 132,116 –a—— C:\WINDOWS\system32\ksjaxxfm.dll
    2007-03-24 17:50 48,660 –a—— C:\WINDOWS\system32\tuyiwkyh.dll
    2007-03-23 23:25 461,755 —hs—- C:\WINDOWS\system32\nooqr.ini2
    2007-03-23 23:07 <DIR> d——– C:\Program Files\Common Files\PC Tools
    2007-03-23 23:06 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-03-22 15:03 <DIR> d——– C:\WINDOWS\SxsCaPendDel
    2007-03-22 13:55 26,685 —hs—- C:\WINDOWS\system32\rqrsroo.dll
    2007-03-22 13:10 26,685 —hs—- C:\WINDOWS\system32\rqrsrro.dll
    2007-03-22 13:07 26,685 —hs—- C:\WINDOWS\system32\khffccc.dll
    2007-03-22 10:34 26,685 —hs—- C:\WINDOWS\system32\khfgedb.dll
    2007-03-22 02:41 26,685 —hs—- C:\WINDOWS\system32\xxyxutq.dll
    2007-03-22 01:48 461,375 —hs—- C:\WINDOWS\system32\nooqr.bak2
    2007-03-22 01:04 26,685 —hs—- C:\WINDOWS\system32\qomnmnk.dll
    2007-03-22 00:55 280,676 —hs—- C:\WINDOWS\system32\efecd.dll
    2007-03-22 00:40 26,685 —hs—- C:\WINDOWS\system32\urqqnoo.dll
    2007-03-22 00:20 26,685 —hs—- C:\WINDOWS\system32\ddcyawt.dll
    2007-03-22 00:19 26,685 —hs—- C:\WINDOWS\system32\rqrrpmj.dll
    2007-03-21 23:42 26,685 —hs—- C:\WINDOWS\system32\vtuuutu.dll
    2007-03-21 22:25 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot -
    Search & Destroy
    2007-03-21 22:19 443,870 —hs—- C:\WINDOWS\system32\nooqr.bak1
    2007-03-21 22:18 280,676 —hs—- C:\WINDOWS\system32\vtusq.dll
    2007-03-21 22:13 26,685 —hs—- C:\WINDOWS\system32\fccbcca.dll
    2007-03-21 22:11 <DIR> d-a—— C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-03-05
    09:56 67,976 –a—— C:\DOCUME~1\ADMINI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
    2007-03-04 15:11 <DIR> d——– C:\Program Files\Last.fm
    2007-03-04 15:02 <DIR> d——– C:\DOCUME~1\ADMINI~1\Incomplete
    2007-03-04 15:02 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\LimeWire
    2007-03-04 15:01 <DIR> d——– C:\Program Files\LimeWire
    2007-03-01 19:29 <DIR> d——– C:\Program Files\vso


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report
    )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-03-25 22:13 ——– d——– C:\Program Files\macrogaming
    2007-03-25 12:36 ——– d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\skype
    2007-03-25 11:41 54262 –a—— C:\WINDOWS\system32\perfc013.dat
    2007-03-25 11:41 367234 –a—— C:\WINDOWS\system32\perfh013.dat
    2007-03-22 18:09 ——– d——– C:\Program Files\msn messenger
    2007-03-20 15:47 ——– d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\azureus
    2007-03-03 11:33 ——– d——– C:\Program Files\java
    2007-03-02 10:36 ——– d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\vso
    2007-03-01 19:30 87608 –a—— C:\DOCUME~1\ADMINI~1\APPLIC~1\ezpinst.exe
    2007-03-01 19:30 7824 –a—— C:\DOCUME~1\ADMINI~1\APPLIC~1\pcouffin.cat
    2007-03-01 19:30 47360 –a—— C:\WINDOWS\system32\drivers\pcouffin.sys
    2007-03-01 19:30 47360 –a—— C:\DOCUME~1\ADMINI~1\APPLIC~1\pcouffin.sys
    2007-03-01 19:30 34 –a—— C:\DOCUME~1\ADMINI~1\APPLIC~1\pcouffin.log
    2007-03-01 19:30 1144 –a—— C:\DOCUME~1\ADMINI~1\APPLIC~1\pcouffin.inf
    2007-02-23 11:35 ——– d——– C:\Program Files\windows media connect 2
    2007-02-18 22:18 ——– d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\dvdcss
    2007-02-17 16:20 ——– d——– C:\Program Files\avisynth 2.5
    2007-02-17 16:20 ——– d——– C:\Program Files\avi2dvd
    2007-02-15 03:54 ——– d——– C:\Program Files\google
    2007-02-06 18:22 646392 –a—— C:\WINDOWS\system32\drivers\sptd.sys
    2007-02-05 22:09 ——– d——– C:\Program Files\microsoft activesync
    2007-01-31 00:33 ——– d——– C:\Program Files\skype
    2007-01-31 00:33 ——– d——– C:\Program Files\Common Files\skype
    2007-01-19 20:03 4608 –a—— C:\WINDOWS\system32\w95inf32.dll
    2007-01-19 20:03 2272 –a—— C:\WINDOWS\system32\w95inf16.dll
    2007-01-19 13:53 51056 –a—— C:\WINDOWS\system32\sirenacm.dll
    2007-01-19 13:09 6 –a—— C:\DOCUME~1\ADMINI~1\APPLIC~1\dm.ini
    2007-01-19 13:09 1217 –a—— C:\DOCUME~1\ADMINI~1\APPLIC~1\adobedlm.log
    2007-01-15 19:32 689280 –a—— C:\WINDOWS\system32\aswboot.exe
    2007-01-15 19:23 90112 –a—— C:\WINDOWS\system32\avastss.scr


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points
    ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop
    Search\\GoogleDesktop.exe\" /startup"
    "MsnMsgr"="~\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "swg"="C:\\Program
    Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "Adobe Photo Downloader"="\"G:\\Toepassingen\\Adobe
    Photoshop\\3.0\\Apps\\apdproxy.exe\""
    "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
    "SunJavaUpdateSched"="\"C:\\Program
    Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
    "SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\llvxnjjx.dll\",setvm"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
    33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ
    Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October
    2006
    http://www.gmer.net

    scanning hidden processes …

    scanning hidden services …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-03-29 10:21:09
    C:\ComboFix1.txt … 07-03-28 17:28

    Hier een hijackthis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:22:22, on 29-3-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program
    Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tijdelijke map 1 voor
    hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.startpagina.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper -
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
    7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
    - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} -
    C:\WINDOWS\system32\sswfwkww.dll
    O2 - BHO: (no name) - {5D117BD6-D384-455D-817C-CDBC595A0C0e} -
    C:\WINDOWS\system32\euoricin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
    C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Toepassingen\Adobe
    Photoshop\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
    Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundService] rundll32.exe
    "C:\WINDOWS\system32\llvxnjjx.dll",setvm
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google
    Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe"
    /background
    O4 - HKCU\..\Run: [swg] C:\Program
    Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel -
    res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
    C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
    http://ax.emsisoft.com/asquared.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
    C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
    C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
    C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
    Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software -
    C:\Program Files\Ahead\InCD\InCDsrv.exe


    Diegenen die voortvarend werkt werkt het langst…. :( :) :D

    nogmaals thanx…
  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:6188c31db4]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    [/b:6188c31db4]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    [b:6188c31db4]
  • [quote:49a7c5666d="juisterr"]Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:49a7c5666d]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    [/b:49a7c5666d]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    [b:49a7c5666d]
  • [quote:3b44761804="juisterr"]
  • We krijgen hem wel weg hoor.


    Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
    [b:c1e7482f2f]
  • [quote:bf6fa65116="juisterr"]We krijgen hem wel weg hoor.


    Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
    [b:bf6fa65116]
  • Mocht je deze niet meer hebben?

    Download [b:33b7cb0b17]Dr.Web CureIt[/b:33b7cb0b17] naar je bureaublad:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    Dubbelklik [b:33b7cb0b17]drweb-cureit.exe[/b:33b7cb0b17] en sta het toe om de express scan te starten.
    Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    Eenmaal de korte scan is beeïndigd, Klik [b:33b7cb0b17]Options[/b:33b7cb0b17] > Change Settings
    Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
    Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
    Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    Klik daarna de [b:33b7cb0b17]groene pijl[/b:33b7cb0b17] rechts om de scan te starten.
    Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
    Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:33b7cb0b17]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:33b7cb0b17]
    Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:33b7cb0b17]Move incurable[/b:33b7cb0b17] zoals je zal zien in volgende afbeelding:
    [img:33b7cb0b17]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:33b7cb0b17]
    Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
    Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:33b7cb0b17]file[/b:33b7cb0b17] en kies [b:33b7cb0b17]save report list[/b:33b7cb0b17]. Bewaar de log op je bureaublad.
    Sluit daarna Dr.Web Cureit.

    [b:33b7cb0b17]Herstart[/b:33b7cb0b17] je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
    Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

    Lijkt nu toch wel gelukt te zijn hoor.
  • [quote:7fbe479bad="juisterr"]Mocht je deze niet meer hebben?

    Download [b:7fbe479bad]Dr.Web CureIt[/b:7fbe479bad] naar je bureaublad:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    Dubbelklik [b:7fbe479bad]drweb-cureit.exe[/b:7fbe479bad] en sta het toe om de express scan te starten.
    Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    Eenmaal de korte scan is beeïndigd, Klik [b:7fbe479bad]Options[/b:7fbe479bad] > Change Settings
    Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
    Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
    Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    Klik daarna de [b:7fbe479bad]groene pijl[/b:7fbe479bad] rechts om de scan te starten.
    Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
    Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:7fbe479bad]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:7fbe479bad]
    Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:7fbe479bad]Move incurable[/b:7fbe479bad] zoals je zal zien in volgende afbeelding:
    [img:7fbe479bad]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:7fbe479bad]
    Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
    Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:7fbe479bad]file[/b:7fbe479bad] en kies [b:7fbe479bad]save report list[/b:7fbe479bad]. Bewaar de log op je bureaublad.
    Sluit daarna Dr.Web Cureit.

    [b:7fbe479bad]Herstart[/b:7fbe479bad] je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
    Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

    Lijkt nu toch wel gelukt te zijn hoor.[/quote:7fbe479bad]



    Hier haar uiteindelijke message…..: :( :) :D

    Hoi,


    Ik heb dr.web cureit uitgevoerd en de programma heeft geen virussen enzo
    gevonden. Er is dus ook geen log aangemaakt.
    Mijn vraag is of mijn computer nu virus/trojan-vrij is? Als dit zo is, dan
    wil degene hartelijk bedanken voor de moeite om mijn pc weer in orde te
    maken.

    groetjes

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.