Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

IE 7 is besmet. Ontsmetter nodig!

Anoniem
None
38 antwoorden
  • Mijn IE browser is besmet. Telkens als ik windows update wil bereiken kom ik bij: http://windowsupdate.microsoft.com/


    Hostname qb-in-f100.google.com ISP Unknown
    Country United States Country Code US (USA)
    City Mountain View Region California
    IP Address 72.14.205.100 Postal Code 94043
    Flag US Latitude 37.4192
    Local time*
    13 Jan 2009 03:20
    Longitude -122.0574

    Mijn startpagina wordt telkens: http://www.daemon-search.com/startpage


    Hostname www.daemon-search.com ISP RapidSwitch Ltd
    Country United Kingdom Country Code GB (GBR)
    City Maidenhead Region Windsor and Maidenhead
    IP Address 78.129.148.73 Postal Code Unknown
    Flag GB Latitude 51.5167
    Local time*
    13 Jan 2009 11:22
    Longitude -0.7

    Ook hiervoor heb ik nimmer gekozen!


    Bestaat er software om browsers grondig te ontsmetten?
  • Op www.lavasoft.com kun je de gratis ad-aware free downloaden verder een goede virusscanner laten runnen.www.trend-micro.com www.house-call.com :o
  • Plaats is een hijackthis log.
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:04:20 PM, on 1/13/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
    C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
    C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\WINDOWS\system32\PDFCreatorMessages.exe
    c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
    C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    C:\Program Files\Sandboxie\SbieCtrl.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Sun\StarOffice 9\program\soffice.exe
    C:\Program Files\Sun\StarOffice 9\program\soffice.bin
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [PDFCreatorClient] C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
    O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
    O4 - Startup: StarOffice 9.lnk = C:\Program Files\Sun\StarOffice 9\program\quickstart.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228657101359
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2EF3A48A-0040-44A4-B921-244D624B82EA}: NameServer = xxx.xxx.xxx.xxx
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
    O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
    O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
    O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
    O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe


    End of file - 6479 bytes



    Ik zit met spyware: 'virtumonde'. Hoe kom ik ervan af?
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:cdd60c5a7b]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2EF3A48A-0040-44A4-B921-244D624B82EA}: NameServer = xxx.xxx.xxx.xxx[/b:cdd60c5a7b]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Download [b:cdd60c5a7b] en sla het op je bureaublad op.
    Dubbelklik op [b:cdd60c5a7b]mbam-setup.exe[/b:cdd60c5a7b] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:cdd60c5a7b]
    [*:cdd60c5a7b]Update MalwareBytes' Anti-Malware
    [*:cdd60c5a7b]Start MalwareBytes' Anti-Malware
    [/list:u:cdd60c5a7b]Klik daarna op "[b:cdd60c5a7b]Voltooien[/b:cdd60c5a7b]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:cdd60c5a7b]
    [*:cdd60c5a7b]Zodra het programma gestart is, ga dan naar het tabblad "[b:cdd60c5a7b]Instellingen[/b:cdd60c5a7b]".
    [*:cdd60c5a7b]Vink hier aan: "[b:cdd60c5a7b]Sluit Internet Explorer tijdens verwijdering van malware[/b:cdd60c5a7b]".
    [*:cdd60c5a7b]Ga daarna naar het tabblad "[b:cdd60c5a7b]Scanner[/b:cdd60c5a7b]", kies hier voor "[b:cdd60c5a7b]Snelle Scan[/b:cdd60c5a7b]".
    [*:cdd60c5a7b]Druk vervolgens op "[b:cdd60c5a7b]Scannen[/b:cdd60c5a7b]" om de scan te starten.
    [*:cdd60c5a7b]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:cdd60c5a7b]Wanneer de scan voltooid is, klik op [b:cdd60c5a7b]OK[/b:cdd60c5a7b], daarna "[b:cdd60c5a7b]Bekijk Resultaten[/b:cdd60c5a7b]" om de resultaten te zien.
    [*:cdd60c5a7b]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:cdd60c5a7b]Verwijder geselecteerde[/b:cdd60c5a7b]".
    [*:cdd60c5a7b]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:cdd60c5a7b]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:cdd60c5a7b]Logs[/b:cdd60c5a7b]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis
  • Mijn dank, Othuroyo, ik hoop het morgen te kunnen doen.
  • Een onderdeel van 'Malwarebytes' Anti-Malware' heeft niet 'willen' installeren:

    C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

    "Unable to register the DLL/OCX: RegSvr32 failed with exit code 0x5"

    Log 'Malwarebytes' Anti-Malware':

    Malwarebytes' Anti-Malware 1.32
    Database version: 1616
    Windows 5.1.2600 Service Pack 3

    1/14/2009 4:15:53 PM
    mbam-log-2009-01-14 (16-15-53).txt

    Scan type: Quick Scan
    Objects scanned: 51784
    Time elapsed: 20 minute(s), 24 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 2
    Registry Keys Infected: 11
    Registry Values Infected: 1
    Registry Data Items Infected: 2
    Folders Infected: 1
    Files Infected: 23

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\urqRJaxy.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\iiffgghf.dll (Trojan.Vundo.H) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1394974f-4285-4c13-827c-89e551fa86b1} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{1394974f-4285-4c13-827c-89e551fa86b1} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77244082-d27e-416c-9661-fad640973fce} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iiffgghf (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{77244082-d27e-416c-9661-fad640973fce} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77244082-d27e-416c-9661-fad640973fce} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{77244082-d27e-416c-9661-fad640973fce} (Trojan.Vundo.H) -> Delete on reboot.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\urqrjaxy -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\urqrjaxy -> Delete on reboot.

    Folders Infected:
    C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\system32\urqRJaxy.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\yxaJRqru.ini (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\yxaJRqru.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iiffgghf.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\blljvhte.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ethvjllb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ijqytfvo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ovftyqji.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qpcncsur.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ruscncpq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\skubvvop.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\povvbuks.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jKAQkHbB.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kHaAtSiG.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmnnMGvU.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tosh\Local Settings\Temporary Internet Files\Content.IE5\4CVQY7O1\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msqpdxcortfdbl.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\msqpdxqmbabwqw.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\msqpdxesvjipuf.sys (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\msqpdxxmdeobqm.sys (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\tempo-9DB.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\tempo-A13.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\tempo-B09.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.


    Log 'Hijackthis':


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:28:41 PM, on 1/14/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
    C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
    C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\WINDOWS\system32\PDFCreatorMessages.exe
    C:\WINDOWS\Explorer.EXE
    c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
    C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    C:\Program Files\Sandboxie\SbieCtrl.exe
    C:\Program Files\Sun\StarOffice 9\program\soffice.exe
    C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
    C:\Program Files\Sun\StarOffice 9\program\soffice.bin
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O4 - HKLM\..\Run: [PDFCreatorClient] C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: StarOffice 9.lnk = C:\Program Files\Sun\StarOffice 9\program\quickstart.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
    O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
    O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
    O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
    O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe


    End of file - 5337 bytes
  • Hoe staat het met de problemen?


    Download combofix.exe van deze site: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
    Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
    Wanneer ComboFix klaar is, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • Othuroyo, het ziet er al een flink stuk beter uit: ik kan al bij de windows update komen! :D

    Dat 'vundogedoe' is bijzonder 'smerig'. :evil:
  • Klopt, dat je niet kon updaten lag trouwens aan TrojanDnsChanger.

    Maar voor nog mijn instructie van ComboFix uit.
  • Othuroyo, de installatie van 'ComboFix' loopt vast op:

    "Windows cannot find '32788R22FWJFW\hidec.exe'"
  • Negeer die melding en probeer verder te gaan.
    Lukt dat niet hernoem ComboFix.exe dan naar Helpen.exe
  • Blijft hetzelfde: geeft melding en loopt dan 'dood'.
  • Download RSIT (door random
    andom)
    Sla het op je Bureaublad op.

    Dubbelklik op RSIT om het te starten.
    Klik op Continue in het disclaimer venster.
    Zodra de scan beëindigd is, zullen twee logs openen. Post de inhoud van log.txt (<info.txt (<
  • 'RSIT' installeert ook niet: Autolt Error "Incorrect number of parameters in function call'.
  • Download DDS3 en sla het op naar je Bureaublad.

    Dubbelklik op dds.scr om de tool te starten.
    * Wanneer het klaar is zal een logbestand DDS.txt openen.
    * Klik op Ja in het volgende scherm om de Optionele Scan te starten.
    * Sla beide logjes op je bureaublad op.


    Plak de inhoud van dds.txt in je volgende antwoord.
  • DDS (Ver_09-01-07.01) - NTFSx86
    Run by tosh at 18:36:20.43 on Wed 01/14/2009
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11

    ============== Running Processes ===============


    ============== Pseudo HJT Report ===============

    BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
    BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
    BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [AnyDVD] "c:\program files\slysoft\anydvd\AnyDVD.exe"
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
    uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [PDFCreatorClient] c:\program files\jawssystems\jaws pdf creator\PDFClient.exe
    mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [APVXDWIN] "c:\program files\panda security\panda antivirus + firewall 2008\APVXDWIN.EXE" /s
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    StartupFolder: c:\docume~1\tosh\startm~1\programs\startup\starof~1.lnk - c:\program files\sun\staroffice 9

    \program\quickstart.exe
    LSP: c:\program files\panda security\panda antivirus + firewall 2008\pavlsp.dll
    TCP: {2EF3A49A-0050-44A4-B921-244D624B86EA} = xxx.xxx.xxx.xxx
    Notify: avldr - avldr.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop

    search\MSNLNamespaceMgr.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\tosh\applic~1\mozilla\firefox\profiles\p3diyp3l.default\
    FF - prefs.js: keyword.enabled - false
    FF - component: c:\program files\daemon tools toolbar\firefoxdtt\components\DTToolbarFF.dll

    ============= SERVICES / DRIVERS ===============


    ============== File Associations ===============

    JSEFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
    VBEFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
    VBSFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*

    =============== Created Last 30 ================

    2009-01-14 18:16 <DIR> –d—– C:\test
    2009-01-14 18:10 <DIR> –d—– c:\windows\system32\WBEM
    2009-01-14 17:30 389,120 a——- c:\windows\system32\CF6772.exe
    2009-01-14 17:22 389,120 a——- c:\windows\system32\CF5087.exe
    2009-01-14 17:18 389,120 a——- c:\windows\system32\CF4441.exe
    2009-01-14 17:18 189 a——- C:\Start_.cmd
    2009-01-14 17:16 389,120 a——- c:\windows\system32\CF3931.exe
    2009-01-14 17:16 389,120 a——- c:\windows\system32\cmd.execf
    2009-01-14 17:16 <DIR> –d—– c:\windows\system32
    2009-01-14 16:50 <DIR> –d—– c:\program files\MSXML 4.0
    2009-01-14 15:52 <DIR> –d—– c:\docume~1\tosh\applic~1\Malwarebytes
    2009-01-14 15:48 <DIR> –d—– c:\program files\Malwarebytes' Anti-Malware
    2009-01-14 15:48 <DIR> –d—– c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-01-13 18:39 <DIR> –d—– c:\docume~1\alluse~1\applic~1\Hitman Pro
    2009-01-13 18:02 <DIR> –d—– c:\program files\Trend Micro
    2009-01-13 13:27 <DIR> –d—– c:\program files\Lavasoft
    2009-01-13 13:26 <DIR> –d—– c:\program files\common files\Wise Installation Wizard
    2009-01-12 14:20 <DIR> –d—– c:\program files\VideoLAN
    2009-01-11 15:15 <DIR> –d—– c:\program files\Sandboxie
    2009-01-09 18:07 <DIR> –d—– c:\program files\ATI Technologies
    2009-01-09 18:07 <DIR> –d—– c:\program files\ATI
    2009-01-09 14:23 <DIR> –d—– c:\program files\Nero
    2009-01-09 14:22 <DIR> –d—– c:\docume~1\alluse~1\applic~1\Nero
    2009-01-09 13:37 <DIR> –d—– c:\program files\SpeedFan
    2009-01-06 11:40 <DIR> –d—– c:\program files\Total Video Player
    2009-01-04 13:27 <DIR> –d—– c:\program files\Secunia
    2009-01-04 13:24 <DIR> –d—– c:\docume~1\tosh\applic~1\Songbird2
    2009-01-04 13:24 <DIR> –d—– c:\docume~1\alluse~1\applic~1\SongbirdVLC
    2009-01-04 13:24 <DIR> –d—– c:\program files\Songbird
    2009-01-04 10:23 <DIR> –d—– c:\documents and settings\tosh\Xinorbis
    2009-01-04 10:23 <DIR> –d—– c:\program files\freshney.org
    2008-12-30 13:00 <DIR> –d—– c:\program files\PowerQuest
    2008-12-29 10:00 <DIR> –d—– c:\program files\Google Video
    2008-12-27 17:02 <DIR> –d—– c:\docume~1\tosh\applic~1\uTorrent
    2008-12-26 15:16 <DIR> –d—– c:\docume~1\tosh\applic~1\DAEMON Tools Pro
    2008-12-26 15:15 <DIR> –d—– c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
    2008-12-26 15:15 <DIR> –d—– c:\program files\DAEMON Tools Toolbar
    2008-12-26 15:14 <DIR> –d—– c:\program files\DAEMON Tools Lite
    2008-12-26 15:14 <DIR> –d—– c:\docume~1\tosh\applic~1\DAEMON Tools Lite
    2008-12-26 09:22 <DIR> –d–r– c:\docume~1\tosh\applic~1\Brother
    2008-12-25 13:44 <DIR> –d—– c:\program files\Brownie
    2008-12-25 13:43 <DIR> –d—– c:\program files\Brother
    2008-12-24 14:20 <DIR> –d—– c:\program files\SlySoft
    2008-12-21 18:59 <DIR> –d—– c:\program files\FLAC
    2008-12-21 18:05 <DIR> –d—– c:\documents and settings\tosh\.SunDownloadManager
    2008-12-21 16:00 <DIR> –d—– c:\program files\NCH Software
    2008-12-21 15:59 <DIR> –d—– c:\program files\NCH Swift Sound
    2008-12-20 18:08 <DIR> –d—– c:\program files\Alcohol Soft
    2008-12-20 16:23 <DIR> –d—– c:\docume~1\tosh\applic~1\DeepBurner Pro
    2008-12-20 16:22 <DIR> –d—– c:\program files\Astonsoft
    2008-12-20 12:01 <DIR> –d—– c:\program files\Total Video Converter1
    2008-12-20 11:42 <DIR> –d—– c:\program files\Total Video Converter
    2008-12-20 11:38 <DIR> –d—– c:\docume~1\tosh\applic~1\Softplicity
    2008-12-20 11:38 <DIR> –d—– c:\program files\TotalAudioConverter
    2008-12-16 13:25 <DIR> –d—– c:\docume~1\alluse~1\applic~1\SmartSound Software Inc
    2008-12-16 13:25 <DIR> –d—– c:\program files\SmartSound Software

    ==================== Find3M ====================

    2009-01-14 17:08 198,376 a——- c:\windows\system32\drivers\APPFCONT.DAT.bck
    2009-01-14 17:08 198,376 a——- c:\windows\system32\drivers\APPFCONT.DAT
    2009-01-14 17:03 1,204 a——- c:\windows\system32\drivers\APPFLTR.CFG.bck
    2009-01-14 17:03 1,204 a——- c:\windows\system32\drivers\APPFLTR.CFG
    2009-01-04 18:38 38,496 a——- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-04 18:38 15,504 a——- c:\windows\system32\drivers\mbam.sys
    2008-12-29 22:06 103,360 ——– c:\windows\system32\drivers\AnyDVD.sys
    2008-12-21 16:00 27,136 ——– c:\windows\system32\drivers
    chssvad.sys
    2008-12-20 16:20 717,296 ——– c:\windows\system32\drivers\sptd.sys
    2008-12-16 09:29 410,984 ——– c:\windows\system32\deploytk.dll
    2008-12-13 15:04 142,592 ——– c:\windows\system32\drivers\sp_rsdrv2.sys
    2008-12-11 11:57 333,952 ——– c:\windows\system32\drivers\srv.sys
    2008-12-10 15:17 7,808 ——– c:\windows\system32\drivers\psi_mf.sys
    2008-12-05 16:04 509,224 ——– c:\windows\system32\ICCProfiles.dll
    2008-12-05 15:12 86,327 ——– c:\windows\pchealth\helpctr\offlinecache\index.dat
    2008-12-05 12:49 21,640 ——– c:\windows\system32\emptyregdb.dat
    2008-11-25 16:37 4,952,576 ——– c:\windows\system32\drivers\RtkHDAud.sys
    2008-11-20 16:51 34,816 ——– c:\windows\system32\RtkCoInstXP.dll
    2008-11-19 18:21 93,128 ——– c:\windows\system32\ElbyCDIO.dll
    2008-11-17 16:08 17,676,288 a——- c:\windows\RTHDCPL.EXE
    2008-11-02 15:02 7,680 ——– c:\windows\system32\ff_vfw.dll
    2008-10-28 23:35 684,032 ——– c:\windows\system32\divx.dll
    2008-10-23 13:36 286,720 ——– c:\windows\system32\gdi32.dll
    2008-10-16 21:38 826,368 ——– c:\windows\system32\wininet.dll

    ============= FINISH: 18:37:22.37 ===============
  • Ziet er schoon uit.
    Volgens mij ben je clean, doe echter dit nog even:

    Download ATF cleaner (mirror)(gemaakt door Atribune)

    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

    Dubbelklik op

    ATF cleaner om het programma te starten.
    Op het tabblad Main, plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:

    Klik op tabblad Firefox, plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    (dit haalt het vinkje weer weg bij Firefox saved passwords)
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:

    Klik op tabblad Opera, plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    Klik op de knop Empty Selected.
    Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt
  • Othuroyo, dank je zeer voor jouw hulp en advies. Jij laat niets aan het toeval over - daar houd ik wel van. :wink:
  • Graag gedaan Maanvol :wink:

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.