Mededeling

Collapse
No announcement yet.

Vundo.AJ, VundoFix biedt geen oplossing

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Vundo.AJ, VundoFix biedt geen oplossing

    Goedenavond,

    Sinds een paar dagen is mijn PC volgens Norman Antivirus geinfecteerd met het Vundo.AJ trojan virus (vtsqq.dll). Telkens nadat ik het virus heb verwijderd, keert deze terug. Ik heb het geprobeerd te verwijderen met VundoFix en met VirtumondeBeGone, maar geen resultaat. Wie kan me helpen dit op te lossen?

    Alvast bedankt.

    Hijackthislog:

    [hijack][url=http://www.niele.nl/hijackthis/index.php]

    Logfile of Trend Micro HijackThis v2.0.2
    scan saved at 20:14:18, on 9-1-2008
    platform: windows xp sp2 (winnt 5.01.2600)
    msie: internet explorer v6.00 sp2 (6.00.2900.2180)
    boot mode: normal
    browser: Internet Explorer 6.0
    ColorCoder Build: 4136


    Running Processes:
    c:\windows\system32\smss.exe
    c:\windows\system32\winlogon.exe
    c:\windows\system32\services.exe
    c:\windows\system32\lsass.exe
    c:\windows\system32\svchost.exe
    c:\windows\system32\svchost.exe
    c:\norman\npm\bin\elogsvc.exe
    c:\norman\npm\bin\zanda.exe
    c:\windows\system32\spoolsv.exe
    c:\program files\pinnacle\mediaserver\microsoft sql server\mssql$pinnaclesys\binn\sqlservr.exe
    c:\program files\eset\nod32krn.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\hpzipm12.exe
    c:\windows\explorer.exe
    c:\windows\system32\svchost.exe
    c:\program files\webroot\spy sweeper\spysweeper.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\rundll32.exe
    c:\windows\soundman.exe
    c:\norman\npm\bin\njeeves.exe
    c:\norman\nvc\bin\nvcsched.exe
    c:\norman\nvc\bin\nvcoas.exe
    c:\windows\system32\wuauclt.exe
    c:\program files\internet explorer\iexplore.exe
    c:\program files\microsoft office\office11\excel.exe
    c:\program files\sports interactive\football manager 2008\fm.exe
    c:\program files\msn messenger\msnmsgr.exe
    c:\program files\msn messenger\usnsvc.exe
    c:\documents and settings\bart.luttikhu-xdbogr\mijn documenten\hjt\lastigprobleem.exe.exe

    (R0) - hkcu\software\microsoft\internet explorer\main,start page = http://start.home.nl/
    (R1) - hklm\software\microsoft\internet explorer\main,default_page_url = http://start.home.nl/
    (R1) - hkcu\software\microsoft\internet explorer\main,window title = microsoft internet explorer aangeboden door @home
    (R1) - hkcu\software\microsoft\windows\currentversion\internet settings,proxyserver = proxy:8080
    (R0) - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
    (F2) - reg:system.ini: shell=explorer.exe
    (O2) - bho: acroiehlprobj class - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\acroiehelper.ocx
    (O2) - bho: (no name) - {137f099c-0abe-48be-b312-d6caf664ba1c} - c:\windows\system32\vtsqq.dll
    (O2) - bho: (no name) - {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\sdhelper.dll
    (O2) - bho: {2705bbc8-0c2f-d06b-79e4-e68614cc6666} - {6666cc41-686e-4e97-b60d-f2c08cbb5072} - c:\windows\system32\evuhwikf.dll (file missing)
    (O2) - bho: ssvhelper class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    (O2) - bho: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} - (no file)
    (O4) - HKLM\..\Run: [nwiz] nwiz.exe /install
    (O4) - HKLM\..\Run: [bluetoothauthenticationagent] rundll32.exe bthprops.cpl,,bluetoothauthenticationagent
    (O4) - HKLM\..\Run: [nvcpldaemon] rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
    (O4) - HKLM\..\Run: [nvmediacenter] rundll32.exe c:\windows\system32\nvmctray.dll,nvtaskbarinit
    (O4) - HKLM\..\Run: [bm] "c:\program files\common files\spyguardpro\bm.exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(1)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(2)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [soundman] soundman.exe
    (O4) - HKLM\..\Run: [bm(3)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(4)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(5)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(6)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(7)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(8)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(9)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(10)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(11)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(12)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(13)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(14)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(15)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(16)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(17)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(18)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(19)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(20)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [hitman pro expiration helper] "c:\program files\hitman pro\xphelper.exe"
    (O4) - HKLM\..\Run: [bm(21)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(22)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(23)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(24)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [bm(25)] "c:\program files\common files\spyguardpro\bm .exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    (O4) - HKLM\..\Run: [norman zanda] c:\norman\npm\bin\zlh.exe /load /splash
    (O4) - HKCU\..\Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    (O4) - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'lokale service')
    (O4) - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'netwerkservice')
    (O4) - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
    (O4) - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
    (O8) - extra context menu item: e&xport to microsoft excel - res://c:\progra~1\micros~3\office11\excel.exe/3000
    (O9) - extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    (O9) - extra 'tools' menuitem: sun java console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    (O9) - extra button: (no name) - {2d663d1a-8670-49d9-a1a5-4c56b4e14e84} - (no file)
    (O9) - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\mic273~1\office12\refiebar.dll
    (O9) - extra button: pacificpoker - {94edf7b4-4272-4af3-8f8b-4e2f68e225b7} - c:\progra~1\pacifi~1\pacificpoker.exe
    (O9) - extra button: real.com - {cd67f990-d8e9-11d2-98fe-00c0f0318afe} - c:\windows\system32\shdocvw.dll
    (O9) - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
    (O9) - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
    (O12) - plugin for .tif: c:\program files\internet explorer\plugins\npqtplugin6.dll
    (O14) - iereset.inf
    : start_page_url=http://start.home.nl/
    (O15) - trusted zone: http://spoton.webads.nl
    (O16) - dpf: {17492023-c23a-453e-a040-c7c580bbf700} (windows genuine advantage validation tool) - http://go.microsoft.com/fwlink/?linkid=39204
    (O16) - dpf: {34dc6011-88b5-4ea9-ba7a-dc7b4f4437fe} (jordanuploader class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    (O16) - dpf: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (msn photo upload tool) - http://gfx1.mail.live.com/mail/w1/resources/msnpupld.cab
    (O16) - dpf: {67dabfbf-d0ab-41fa-9c46-cc0f21721616} (divxbrowserplugin object) - http://go.divx.com/plugin/divxbrowserplugin.cab
    (O16) - dpf: {ab86ce53-ac9f-449f-9399-d8abca09ec09} (get_activex control) - https://h17000.www1.hp.com/ewfrf-java/secure/[color=#0000ff]hpgetdownloadmanager.ocx[/color]
    (O16) - dpf: {ae2b937e-ea7d-4a8d-888c-b68d7f72a3c4} (ipsuploader4 control) - http://as.photoprintit.de/ips-opdata/74914090/activex/ipsuploader4.cab
    (O16) - dpf: {b0a2c7fc-8666-44d6-a990-2fce3b933341} (ing bank autorisatiescherm) - https://secure.ingbank.nl/download/digisign.cab
    (O16) - dpf: {d821dc4a-0814-435e-9820-661c543a4679} (crldownloadwrapper class) - http://drmlicense.one.microsoft.com/crlupdate/en/[color=#0000ff]crlocx.ocx[/color]
    (O23) - Service: norman elogger service 6 (eloggersvc6) - norman asa - c:\norman\npm\bin\elogsvc.exe
    (O23) - Service: nod32 kernel service (nod32krn) - eset - c:\program files\eset\nod32krn.exe
    (O23) - Service: norman njeeves - unknown owner - c:\norman\npm\bin\njeeves.exe
    (O23) - Service: norman zanda - norman asa - c:\norman\npm\bin\zanda.exe
    (O23) - Service: norman virus control on-access component (nvcoas) - norman asa - c:\norman\nvc\bin\nvcoas.exe
    (O23) - Service: norman virus control scheduler (nvcscheduler) - norman asa - c:\norman\nvc\bin\nvcsched.exe
    (O23) - Service: nvidia display driver service (nvsvc) - nvidia corporation - c:\windows\system32\nvsvc32.exe
    (O23) - Service: pml driver hpz12 - hp - c:\windows\system32\hpzipm12.exe
    (O23) - Service: pc tools auxiliary service (sdauxservice) - pc tools - c:\program files\spyware doctor\svcntaux.exe
    (O23) - Service: pc tools security service (sdcoreservice) - pc tools - c:\program files\spyware doctor\swdsvc.exe
    (O23) - Service: webroot spy sweeper engine (webrootspysweeperservice) - webroot software, inc. - c:\program files\webroot\spy sweeper\spysweeper.exe

    --
    end of file - 11619 bytes[/hijack]


    VirtumondeLog:

    [01/05/2008, 21:19:23] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Bart.LUTTIKHU-XDBOGR\Bureaublad\VirtumundoBeGone.exe" )
    [01/05/2008, 21:19:29] - Detected System Information:
    [01/05/2008, 21:19:29] - Windows Version: 5.1.2600, Service Pack 2
    [01/05/2008, 21:19:29] - Current Username: Bart (Admin)
    [01/05/2008, 21:19:29] - Windows is in SAFE mode.
    [01/05/2008, 21:19:29] - Searching for Browser Helper Objects:
    [01/05/2008, 21:19:29] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [01/05/2008, 21:19:29] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
    [01/05/2008, 21:19:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [01/05/2008, 21:19:29] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [01/05/2008, 21:19:29] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [01/05/2008, 21:19:29] - BHO 3: {5992A336-D121-4D68-B3F7-5B250166F1AE} ()
    [01/05/2008, 21:19:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [01/05/2008, 21:19:29] - Checking for HKLM\...\Winlogon\Notify\vtsqq
    [01/05/2008, 21:19:29] - Key not found: HKLM\...\Winlogon\Notify\vtsqq, continuing.
    [01/05/2008, 21:19:29] - BHO 4: {6666cc41-686e-4e97-b60d-f2c08cbb5072} ()
    [01/05/2008, 21:19:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [01/05/2008, 21:19:29] - Checking for HKLM\...\Winlogon\Notify\evuhwikf
    [01/05/2008, 21:19:29] - Key not found: HKLM\...\Winlogon\Notify\evuhwikf, continuing.
    [01/05/2008, 21:19:29] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [01/05/2008, 21:19:29] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [01/05/2008, 21:19:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [01/05/2008, 21:19:29] - No filename found. Continuing.
    [01/05/2008, 21:19:29] - BHO 7: {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} ()
    [01/05/2008, 21:19:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [01/05/2008, 21:19:29] - Checking for HKLM\...\Winlogon\Notify\nnnmmml
    [01/05/2008, 21:19:29] - Found: HKLM\...\Winlogon\Notify\nnnmmml - This is probably Virtumundo.
    [01/05/2008, 21:19:29] - Assigning {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} MSEvents Object
    [01/05/2008, 21:19:29] - BHO list has been changed! Starting over...
    [01/05/2008, 21:19:29] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [01/05/2008, 21:19:29] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
    [01/05/2008, 21:19:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [01/05/2008, 21:19:29] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [01/05/2008, 21:19:29] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [01/05/2008, 21:19:29] - BHO 3: {5992A336-D121-4D68-B3F7-5B250166F1AE} ()
    [01/05/2008, 21:19:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [01/05/2008, 21:19:29] - Checking for HKLM\...\Winlogon\Notify\vtsqq
    [01/05/2008, 21:19:29] - Key not found: HKLM\...\Winlogon\Notify\vtsqq, continuing.
    [01/05/2008, 21:19:29] - BHO 4: {6666cc41-686e-4e97-b60d-f2c08cbb5072} ()
    [01/05/2008, 21:19:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [01/05/2008, 21:19:29] - Checking for HKLM\...\Winlogon\Notify\evuhwikf
    [01/05/2008, 21:19:29] - Key not found: HKLM\...\Winlogon\Notify\evuhwikf, continuing.
    [01/05/2008, 21:19:29] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [01/05/2008, 21:19:29] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [01/05/2008, 21:19:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [01/05/2008, 21:19:29] - No filename found. Continuing.
    [01/05/2008, 21:19:29] - BHO 7: {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} (MSEvents Object)
    [01/05/2008, 21:19:29] - ALERT: Found MSEvents Object!
    [01/05/2008, 21:19:29] - Finished Searching Browser Helper Objects
    [01/05/2008, 21:19:29] - *** Detected MSEvents Object
    [01/05/2008, 21:19:29] - Trying to remove MSEvents Object...
    [01/05/2008, 21:19:30] - Terminating Process: IEXPLORE.EXE
    [01/05/2008, 21:19:30] - Terminating Process: RUNDLL32.EXE
    [01/05/2008, 21:19:30] - Disabling Automatic Shell Restart
    [01/05/2008, 21:19:30] - Terminating Process: EXPLORER.EXE
    [01/05/2008, 21:19:30] - Suspending the NT Session Manager System Service
    [01/05/2008, 21:19:30] - Terminating Windows NT Logon/Logoff Manager
    [01/05/2008, 21:19:31] - Re-enabling Automatic Shell Restart
    [01/05/2008, 21:19:31] - File to disable: C:\WINDOWS\system32\nnnmmml.dll
    [01/05/2008, 21:19:31] - Removing HKLM\...\Browser Helper Objects\{A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D}
    [01/05/2008, 21:19:31] - Removing HKCR\CLSID\{A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D}
    [01/05/2008, 21:19:31] - Adding Kill Bit for ActiveX for GUID: {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D}
    [01/05/2008, 21:19:31] - Deleting ATLEvents/MSEvents Registry entries
    [01/05/2008, 21:19:31] - Removing HKLM\...\Winlogon\Notify\nnnmmml
    [01/05/2008, 21:19:31] - Searching for Browser Helper Objects:
    [01/05/2008, 21:19:31] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [01/05/2008, 21:19:31] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
    [01/05/2008, 21:19:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [01/05/2008, 21:19:31] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [01/05/2008, 21:19:31] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [01/05/2008, 21:19:31] - BHO 3: {5992A336-D121-4D68-B3F7-5B250166F1AE} ()
    [01/05/2008, 21:19:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [01/05/2008, 21:19:31] - Checking for HKLM\...\Winlogon\Notify\vtsqq
    [01/05/2008, 21:19:31] - Key not found: HKLM\...\Winlogon\Notify\vtsqq, continuing.
    [01/05/2008, 21:19:31] - BHO 4: {6666cc41-686e-4e97-b60d-f2c08cbb5072} ()
    [01/05/2008, 21:19:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [01/05/2008, 21:19:31] - Checking for HKLM\...\Winlogon\Notify\evuhwikf
    [01/05/2008, 21:19:31] - Key not found: HKLM\...\Winlogon\Notify\evuhwikf, continuing.
    [01/05/2008, 21:19:31] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [01/05/2008, 21:19:31] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [01/05/2008, 21:19:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [01/05/2008, 21:19:31] - No filename found. Continuing.
    [01/05/2008, 21:19:31] - Finished Searching Browser Helper Objects
    [01/05/2008, 21:19:31] - Finishing up...
    [01/05/2008, 21:19:31] - A restart is needed.
    [01/05/2008, 21:19:36] - Attempting to Restart via STOP error (Blue Screen!)

  • #2
    Wil je de logs als gewoon tekst op het forum plaatsen, het is erg moeilijk leesbaar zo.

    Download Combofix naar je bureaublad

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log.
    Groet,
    Pimmerd

    Comment


    • #3
      Bedankt voor de reactie, maar het is inmiddels verholpen

      Comment


      • #4
        oke
        Groet,
        Pimmerd

        Comment

        Sorry, you are not authorized to view this page
        Working...
        X