Mededeling

Collapse
No announcement yet.

Probleempje...

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Probleempje...

    hallo,
    via www.digi-tor.org, een torentsite, heb ik geprobeerd om een spel te downloaden. Dit is echter mislukt. Na deze gebeuren kwamen er allemaal berichtjes dat mijn computer onveilig is geworden en allemaal reklames met anti-dingen. Dus dat e mijn computer onveilig is en dat ik naar bepaalde sites moet gaan en rare software moet kopen. Wat moet ik doen?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:19:31 PM, on 1/13/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20696)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    D:\Egbal\TomTomHOME.exe
    C:\Program Files\Common Files\SecurePCCleaner\mc.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\DAEMON Tools\daemon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\XP Antivirus\xpantivirus.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\aawservice.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O1 - Hosts: 66.98.148.65 auto.search.msn.com
    O1 - Hosts: 66.98.148.65 auto.search.msn.es
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\downloads\age of mythology\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: MSVPS System - {5EF40AC5-1BBE-4436-A9E3-F129C0D605D8} - C:\WINDOWS\vipextoxn.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: (no name) - {CDE8EAB9-CEF3-4885-B12F-26960A25C800} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
    O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\DOCUME~1\Aslami\LOCALS~1\Temp\juan.dll (file missing)
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: Protection Bar - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
    O3 - Toolbar: The voipwet - {D4170A6E-8CE3-444B-ACA4-B3A0AF12C55C} - C:\WINDOWS\voipwet.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TomTomHOME.exe] D:\Egbal\TomTomHOME.exe -s
    O4 - HKLM\..\Run: [SecurityUpdate] rundll32.exe C:\WINDOWS\system32\wcdlsli.dll,TurnOn2
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Graphic Update] C:\DOCUME~1\Aslami\LOCALS~1\Temp\msnmsgs.exe
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SecurePCCleaner\mc.exe" dm=http://securepccleaner.com ad=http://securepccleaner.com sd=http://ilp.securepccleaner.com
    O4 - HKLM\..\Run: [TrojanScanner] D:\Trojan Remover\Trjscan.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
    O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpantivirus.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\SUPERAntiSpyware.exe
    O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - D:\SASWINLO.dll (file missing)
    O21 - SSODL: kopmet - {A376C84E-D5BC-436F-9884-6FFF3C5D8DD9} - C:\WINDOWS\kopmet.dll
    O21 - SSODL: jetctrl - {853753C5-AF04-435F-996F-32E0D88CAE00} - C:\WINDOWS\jetctrl.dll
    O22 - SharedTaskScheduler: fluobromide - {e7aff349-39e1-4a96-a13d-24983440b44a} - C:\WINDOWS\system32\igkvf.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 8646 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht tesamen met een nieuw logje van HijackThis.

    Comment


    • #3
      Ik denk dat het gelukt is

      hallo,

      ik heb jou advies opgevolgd en ik heb tot nu toe geen pop-ups gekregen

      ---RVAXO.exe Updated: 2008-01-13---first run---
      Files found:
      C:\WINDOWS\voipwet.dll
      C:\WINDOWS\jetctrl.dll
      C:\WINDOWS\kopmet.dll
      C:\WINDOWS\search_res.txt
      C:\Documents and Settings\All Users\STARTM~1\Online Security Guide.url
      C:\Documents and Settings\All Users\STARTM~1\Security Troubleshooting.url
      C:\Documents and Settings\Aslami\FAVORI~1\Online Security Test.url

      Uninstallers Rogue scanners:


      Folders Found:

      C:\Program Files\Video ActiveX Access
      C:\Program Files\RichVideoCodec
      C:\Documents and Settings\All Users\Application Data\SalesMonitor
      C:\Program Files\Common Files\SecurePCCleaner
      C:\Program Files\XP Antivirus

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------

      Comment


      • #4
        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO doen verwijderen.

        Download Combofix (mirror) naar je Bureaublad.
        Dubbelklik op Combofix.exe
        Kies voor "Continue" door 1 te typen gevolgd door ENTER.
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
        Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
        Plaats deze log in je volgende post.

        NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

        Comment


        • #5
          ik heb gedaan wat jij zei

          Ik heb gedaan wat jij zei. De pc is niet herstart maar ik heb wel een log.

          ComboFix 08-01-15.1 - Aslami 2008-01-14 20:55:30.1 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.334 [GMT 1:00]
          Running from: C:\Documents and Settings\Aslami\Desktop\ComboFix.exe
          * Created a new restore point

          WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
          .

          ((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
          .

          2008-01-14 20:55 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
          2008-01-13 19:57 . 2008-01-13 19:57 87 --a------ C:\WINDOWS\wininit.ini
          2008-01-13 19:19 . 2008-01-13 19:19 <DIR> d-------- C:\Program Files\Avira
          2008-01-13 19:19 . 2008-01-13 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
          2008-01-13 19:18 . 2008-01-14 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-01-13 18:17 . 2008-01-13 18:17 396,288 --a------ C:\Program Files\HijackThis.exe
          2008-01-13 18:16 . 2008-01-13 18:16 396,288 --a------ C:\HijackThis.exe
          2008-01-13 16:51 . 2008-01-13 16:51 <DIR> d-------- C:\Documents and Settings\Aslami\Application Data\Simply Super Software
          2008-01-13 16:51 . 2008-01-13 16:57 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
          2008-01-13 16:51 . 2008-01-13 16:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
          2008-01-13 16:30 . 2008-01-13 16:30 <DIR> d-------- C:\Documents and Settings\Aslami\Application Data\SUPERAntiSpyware.com
          2008-01-13 16:30 . 2008-01-13 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
          2007-12-22 15:34 . 2007-12-22 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecurePCCleaner

          .
          (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-14 18:11 --------- d-----w C:\Documents and Settings\Aslami\Application Data\LimeWire
          2008-01-13 17:19 8,647 ----a-w C:\Program Files\hijackthis.log
          2008-01-13 13:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2008-01-13 13:13 --------- d-----w C:\Program Files\Creative
          2008-01-13 11:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
          2008-01-13 11:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
          2007-12-29 11:15 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
          2007-12-29 11:15 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
          2007-12-13 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
          2007-12-09 12:00 --------- d-----w C:\Documents and Settings\Aslami\Application Data\uTorrent
          2007-12-01 19:39 --------- d-----w C:\Program Files\EA SPORTS
          2007-11-24 16:30 28,160 ----a-w C:\Documents and Settings\Aslami\gjmnbm.exe
          2007-11-07 09:50 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
          2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
          2007-10-27 16:40 222,720 ------w C:\WINDOWS\system32\wmasf.dll
          2007-10-22 11:07 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
          2007-05-06 09:54 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
          2007-05-06 09:54 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
          2007-05-06 09:54 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007050620070507\index.dat
          2007-05-06 09:54 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
          .

          ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Note* empty entries & legit default entries are not shown
          REGEDIT4

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-06-14 13:00 15360]
          "DAEMON Tools"="D:\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]
          "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
          "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49 153136]
          "LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [ ]
          "SUPERAntiSpyware"="D:\SUPERAntiSpyware.exe" [ ]
          "SpybotSD TeaTimer"="D:\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "RTHDCPL"="RTHDCPL.EXE" [2006-08-23 08:28 16049664 C:\WINDOWS\RTHDCPL.EXE]
          "SkyTel"="SkyTel.EXE" [2006-08-23 08:30 2879488 C:\WINDOWS\SkyTel.exe]
          "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 10:12 90112]
          "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
          "TomTomHOME.exe"="D:\Egbal\TomTomHOME.exe" [2007-03-14 16:52 3770024]
          "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53 153136]
          "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 15:26 406016]
          "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
          "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-13 19:23 249896]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
          "ShowDeskFix"="regsvr32 /s /n /i:u shell32"

          C:\Documents and Settings\Aslami\Start Menu\Programs\Startup\
          OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]

          [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
          "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\SASSEH.DLL [ ]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
          D:\SASWINLO.dll

          R3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-07-30 02:55]

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84e7b348-7a8a-11dc-b2bb-001921ba5bd7}]
          \Shell\AutoRun\command - RavMon.exe
          \Shell\explore\Command - RavMon.exe -e
          \Shell\open\Command - RavMon.exe

          *Newly Created Service* - PROCEXP90
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-15 20:57:15
          Windows 5.1.2600 Service Pack 2 NTFS

          scanning hidden processes ...

          scanning hidden autostart entries ...

          scanning hidden files ...

          scan completed successfully
          hidden files: 0

          **************************************************************************
          .
          --------------------- DLLs Loaded Under Running Processes ---------------------

          PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
          -> C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
          .
          Completion time: 2008-01-15 20:57:52
          .
          2008-01-09 19:38:35 --- E O F ---

          Comment


          • #6
            Dit bestand lijkt me niet OK:
            C:\Documents and Settings\Aslami\gjmnbm.exe

            Kan je dat zelf vinden en verwijderen?

            Probeer dit eens: De herstelconsole installeren.

            Post daarna een nieuw logje van Combofix

            Comment


            • #7
              iets mislukt

              ik heb C:\Documents and Settings\Aslami\gjmnbm.exe
              verwijdert. Maar dat herstel console kon ik niet doen want ik heb geen cd van Windows

              ComboFix 08-01-15.1 - Aslami 2008-01-15 21:47:04.2 - NTFSx86
              Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.267 [GMT 1:00]
              Running from: C:\Documents and Settings\Aslami\Desktop\ComboFix.exe

              WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
              .

              ((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
              .

              2008-01-14 20:55 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
              2008-01-13 19:57 . 2008-01-13 19:57 87 --a------ C:\WINDOWS\wininit.ini
              2008-01-13 19:19 . 2008-01-13 19:19 <DIR> d-------- C:\Program Files\Avira
              2008-01-13 19:19 . 2008-01-13 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
              2008-01-13 19:18 . 2008-01-14 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
              2008-01-13 18:17 . 2008-01-13 18:17 396,288 --a------ C:\Program Files\HijackThis.exe
              2008-01-13 18:16 . 2008-01-13 18:16 396,288 --a------ C:\HijackThis.exe
              2008-01-13 16:51 . 2008-01-13 16:51 <DIR> d-------- C:\Documents and Settings\Aslami\Application Data\Simply Super Software
              2008-01-13 16:51 . 2008-01-13 16:57 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
              2008-01-13 16:51 . 2008-01-13 16:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
              2008-01-13 16:30 . 2008-01-13 16:30 <DIR> d-------- C:\Documents and Settings\Aslami\Application Data\SUPERAntiSpyware.com
              2008-01-13 16:30 . 2008-01-13 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
              2007-12-22 15:34 . 2007-12-22 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecurePCCleaner

              .
              (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-01-14 18:11 --------- d-----w C:\Documents and Settings\Aslami\Application Data\LimeWire
              2008-01-13 17:19 8,647 ----a-w C:\Program Files\hijackthis.log
              2008-01-13 13:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
              2008-01-13 13:13 --------- d-----w C:\Program Files\Creative
              2008-01-13 11:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
              2008-01-13 11:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
              2007-12-29 11:15 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
              2007-12-29 11:15 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
              2007-12-13 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
              2007-12-09 12:00 --------- d-----w C:\Documents and Settings\Aslami\Application Data\uTorrent
              2007-12-01 19:39 --------- d-----w C:\Program Files\EA SPORTS
              2007-11-07 09:50 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
              2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
              2007-10-27 16:40 222,720 ------w C:\WINDOWS\system32\wmasf.dll
              2007-10-22 11:07 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
              2007-05-06 09:54 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
              2007-05-06 09:54 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
              2007-05-06 09:54 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007050620070507\index.dat
              2007-05-06 09:54 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
              .

              ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Note* empty entries & legit default entries are not shown
              REGEDIT4

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-06-14 13:00 15360]
              "DAEMON Tools"="D:\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]
              "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
              "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49 153136]
              "LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [ ]
              "SUPERAntiSpyware"="D:\SUPERAntiSpyware.exe" [ ]
              "SpybotSD TeaTimer"="D:\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "RTHDCPL"="RTHDCPL.EXE" [2006-08-23 08:28 16049664 C:\WINDOWS\RTHDCPL.EXE]
              "SkyTel"="SkyTel.EXE" [2006-08-23 08:30 2879488 C:\WINDOWS\SkyTel.exe]
              "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 10:12 90112]
              "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
              "TomTomHOME.exe"="D:\Egbal\TomTomHOME.exe" [2007-03-14 16:52 3770024]
              "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53 153136]
              "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 15:26 406016]
              "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
              "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-13 19:23 249896]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
              "ShowDeskFix"="regsvr32 /s /n /i:u shell32"

              C:\Documents and Settings\Aslami\Start Menu\Programs\Startup\
              OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]

              [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
              "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\SASSEH.DLL [ ]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
              D:\SASWINLO.dll

              R3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-07-30 02:55]

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84e7b348-7a8a-11dc-b2bb-001921ba5bd7}]
              \Shell\AutoRun\command - RavMon.exe
              \Shell\explore\Command - RavMon.exe -e
              \Shell\open\Command - RavMon.exe

              *Newly Created Service* - PROCEXP90
              .
              **************************************************************************

              catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2008-01-15 21:48:02
              Windows 5.1.2600 Service Pack 2 NTFS

              scanning hidden processes ...

              scanning hidden autostart entries ...

              scanning hidden files ...

              scan completed successfully
              hidden files: 0

              **************************************************************************
              .
              --------------------- DLLs Loaded Under Running Processes ---------------------

              PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
              -> C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
              .
              Completion time: 2008-01-15 21:48:26
              ComboFix2.txt 2008-01-15 19:57:53
              .
              2008-01-09 19:38:35 --- E O F ---

              Comment


              • #8
                Dit commando ingeven bij Start - Uitvoeren:
                C:\WINDOWS\i386\winnt32.exe /cmdcons
                Druk daarna op OK.

                Comment


                • #9
                  mislukt...

                  het is mislukt..
                  er komt dan te staan:
                  C:\WINDOWS\i386 refers to a location that is unavailable. It could be on a hard drive on this computer, or on a network. Check to make sure that the disk isproperly inserted, or that you are connected to Internet or your network, and try again. Is it still cannot be located, the information might have been moved to a different location.

                  Comment


                  • #10
                    slapen

                    Ik ga nu slapen, gewoon om je het te laten weten dat ik er niet meer ben
                    tot morgen en bedankt

                    Comment


                    • #11
                      Dan gaat het volgens mij niet, of het echt zo'n groot probleem is dan Combofix doet vermoeden

                      Comment


                      • #12
                        En nu...

                        Zoals ik een keer heb gezegd zijn er geen pop-ups meer
                        maar wat moet ik nu verder doen? hoeft er nog wat gebeurd worden?

                        Comment


                        • #13
                          Download ATF cleaner (mirror)(gemaakt door Atribune)

                          Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                          Dubbelklik op ATF cleaner om het programma te starten.
                          Op het tabblad "Main", plaats je een vinkje bij Select All.
                          Klik op de knop Empty Selected.

                          Het volgende doen als je ook FireFox als browser hebt:
                          Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                          Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                          (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                          Klik op de knop Empty Selected.

                          Het volgende doen als je ook Opera als browser hebt:
                          Klik op tabblad "Opera", plaats een vinkje bij Select All.
                          Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                          Klik op de knop Empty Selected.
                          Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                          Ga naar Start - Uitvoeren en geef hier het volgende in:
                          Combofix /U
                          Druk daarna op OK.
                          Let op: Er moet een spatie tussen Combofix en /U zitten.

                          Dit zal Combofix deïnstalleren.

                          Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                          Kijk hier hoe je je systeemherstel moet uitschakelen.
                          Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                          Post als laatste nog een nieuw logje van Hijackthis ter controle

                          Comment


                          • #14
                            oke

                            Logfile of Trend Micro HijackThis v2.0.2
                            Scan saved at 8:42:36 PM, on 1/16/2008
                            Platform: Windows XP SP2 (WinNT 5.01.2600)
                            MSIE: Internet Explorer v7.00 (7.00.6000.20696)
                            Boot mode: Normal

                            Running processes:
                            C:\WINDOWS\System32\smss.exe
                            C:\WINDOWS\system32\winlogon.exe
                            C:\WINDOWS\system32\services.exe
                            C:\WINDOWS\system32\lsass.exe
                            C:\WINDOWS\system32\Ati2evxx.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\WINDOWS\system32\Ati2evxx.exe
                            C:\WINDOWS\system32\spoolsv.exe
                            C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
                            C:\WINDOWS\Explorer.EXE
                            C:\WINDOWS\RTHDCPL.EXE
                            C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                            C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                            C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
                            D:\Egbal\TomTomHOME.exe
                            C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
                            C:\WINDOWS\system32\ctfmon.exe
                            D:\DAEMON Tools\daemon.exe
                            C:\Program Files\MSN Messenger\MsnMsgr.Exe
                            C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
                            D:\Spybot - Search & Destroy\TeaTimer.exe
                            C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
                            C:\WINDOWS\system32\PnkBstrA.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
                            C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
                            C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                            C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\WINDOWS\system32\wuauclt.exe
                            C:\WINDOWS\system32\wuauclt.exe
                            C:\HijackThis.exe

                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                            R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
                            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\downloads\age of mythology\Reader\ActiveX\AcroIEHelper.ocx
                            O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
                            O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
                            O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
                            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                            O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
                            O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
                            O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
                            O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                            O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
                            O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
                            O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                            O4 - HKLM\..\Run: [TomTomHOME.exe] D:\Egbal\TomTomHOME.exe -s
                            O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
                            O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
                            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                            O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
                            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                            O4 - HKCU\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033
                            O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
                            O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                            O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
                            O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\SUPERAntiSpyware.exe
                            O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
                            O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
                            O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
                            O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
                            O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
                            O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
                            O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                            O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                            O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                            O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
                            O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
                            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                            O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                            O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
                            O20 - Winlogon Notify: !SASWinLogon - D:\SASWINLO.dll (file missing)
                            O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
                            O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
                            O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                            O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
                            O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
                            O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

                            --
                            End of file - 7486 bytes

                            Comment


                            • #15
                              Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
                              O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
                              O20 - Winlogon Notify: !SASWinLogon - D:\SASWINLO.dll (file missing)

                              Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

                              Voor de rest ziet het er allemaal weer prima uit

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X