Mededeling

Collapse
No announcement yet.

Hijacklog, maar wat moet ik nu?! Hulp!

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Hijacklog, maar wat moet ik nu?! Hulp!

    Hallo! Hier een berichtje van een gestresste pc-gebruiker die een zeer trage explorer heeft, virusmeldingen en tot overmaat van ramp een verschrikkelijk rood ballonnetje in de taakbalk.. Ik heb voor zover ik wist hoe, gedaan wat er van mij verwacht werd. Spybot en Ad-aware laten scannen bijvoorbeeld. Hierbij mijn hijackthis log van na alle scans en direct die van ewido, die ik er vlak voor deed erbij. Deze vond er 9, maar zouden die nu ook weg zijn?

    Hopelijk kunnen jullie helpen!



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:30:59, on 20-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
    C:\WINDOWS\System32\LVComsX.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1816] command /c del "C:\WINDOWS\system32\khfge.dll_tobedeleted"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2907] cmd /c del "C:\WINDOWS\system32\khfge.dll_tobedeleted"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    --
    End of file - 6466 bytes





    en de ewido-report:

    __________________________________________________
    ewido anti-spyware online scanner
    http://www.ewido.net
    __________________________________________________


    Name: TrackingCookie.Netflame
    Path: C:\Documents and Settings\pc\Cookies\[email protected][2].txt
    Risk: Medium

    Name: Adware.Generic
    Path: HKLM\SOFTWARE\Classes\WR
    Risk: Medium

    Name: Adware.Generic
    Path: HKU\S-1-5-21-1606980848-746137067-1343024091-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}
    Risk: Medium

    Name: Downloader.Adload.pr
    Path: [6120] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    Risk: High

    Name: Downloader.Adload.pr
    Path: C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    Risk: High

    Name: Hijacker.IFrame.dn
    Path: C:\Program Files\Internet Explorer\viloj.html
    Risk: High

    Name: Downloader.Agent.erf
    Path: C:\WINDOWS\b122.exe
    Risk: High

    Name: Downloader.VB.caw
    Path: C:\WINDOWS\system32\edcA01\edcA011065.exe
    Risk: High

    Name: Trojan.Small
    Path: C:\WINDOWS\TGVvIEggS3JhbmVuYnVyZw\n3pSKH00maL1vApRsBpVtT.vbs
    Risk: High

  • #2
    Download VirtumundoBegone (mirror)
    Sla dit op op je bureaublad.

    Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.


    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      Smeenk, geweldig! Wat een snelle reactie, hartstikke bedankt alvast! Ik hoop dat het me allemaal gelukt is, hier zijn in ieder geval de drie logfiles waar je om vroeg!
      (EDIT: op aanraden van Miekiemoes (gevonden via een andere site...) heb ik zojuist Avira AntiVir geinstalleerd. Ik hoop dat dit geen problemen geeft!)


      ComboFix 08-01-20.1 - pc 2008-01-20 11:44:09.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.104 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\pc\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WA6P
      C:\WINDOWS\cookies.ini
      C:\WINDOWS\system32\egfhk.ini
      C:\WINDOWS\system32\egfhk.ini2
      C:\WINDOWS\system32\gtoemoio.ini
      C:\WINDOWS\system32\jkkjiig.dll
      C:\WINDOWS\system32\khfge.dll
      C:\WINDOWS\system32\oiomeotg.dll
      C:\WINDOWS\system32\pmnopnl.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

      .
      -------\LEGACY_CMDSERVICE
      -------\LEGACY_FOPN
      -------\LEGACY_NETWORK_MONITOR
      -------\cmdService


      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))
      .

      2008-01-20 11:33 . 2008-01-20 11:35 <DIR> d-------- C:\RVAXO
      2008-01-20 11:30 . 2008-01-20 12:18 616,603 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-01-20 11:30 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2008-01-20 10:28 . 2008-01-20 10:44 122,105,856 --a------ C:\231.tmp
      2008-01-20 10:02 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
      2008-01-20 09:56 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\shktpnpceqtq.sys
      2008-01-20 09:52 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
      2008-01-20 09:34 . 2008-01-20 09:57 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
      2008-01-20 09:34 . 2008-01-20 09:34 30,590 --a------ C:\WINDOWS\system32\pavas.ico
      2008-01-20 01:30 . 2008-01-20 01:30 <DIR> d-------- C:\Program Files\Trend Micro
      2008-01-19 23:16 . 2008-01-20 00:18 163 --a------ C:\WINDOWS\wininit.ini
      2008-01-19 16:23 . 2008-01-19 21:31 1,073,421 ---hs---- C:\WINDOWS\system32\mxntemct.ini
      2008-01-18 16:12 . 2008-01-20 01:28 <DIR> d--hs---- C:\WINDOWS\TGVvIEggS3JhbmVuYnVyZw
      2008-01-18 16:11 . 2008-01-18 16:41 <DIR> d-------- C:\WINDOWS\system32\wce9
      2008-01-18 16:11 . 2008-01-18 16:41 <DIR> d-------- C:\WINDOWS\system32\qe1
      2008-01-18 16:11 . 2008-01-20 01:28 <DIR> d-------- C:\WINDOWS\system32\edcA01
      2008-01-18 16:11 . 2008-01-18 16:11 <DIR> d-------- C:\Temp\Ryuan1
      2008-01-18 16:11 . 2008-01-20 11:31 <DIR> d-------- C:\Temp
      2008-01-16 19:15 . 2008-01-16 20:03 <DIR> d--h----- C:\Program Files\Zero G Registry
      2008-01-16 19:14 . 2008-01-16 19:14 <DIR> d--h----- C:\Documents and Settings\pc\InstallAnywhere
      2008-01-16 19:13 . 2008-01-18 09:36 <DIR> d-------- C:\Documents and Settings\pc\Application Data\Sports Interactive
      2008-01-12 09:31 . 2008-01-12 09:31 <DIR> d-------- C:\Program Files\Eidos Interactive
      2008-01-06 16:57 . 2005-09-20 17:27 10,368 --------- C:\WINDOWS\system32\drivers\iviaspi.sys
      2008-01-06 16:56 . 2008-01-06 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
      2008-01-06 16:55 . 2008-01-06 16:55 <DIR> d-------- C:\Program Files\Sandisk
      2008-01-06 16:55 . 2005-09-20 17:27 10,368 --a------ C:\WINDOWS\system32\iviaspi.sys
      2007-12-29 14:15 . 2007-12-29 14:15 <DIR> d-------- C:\Documents and Settings\pc\Application Data\CamfrogWEB
      2007-12-28 12:19 . 2007-12-28 12:19 <DIR> d-------- C:\Documents and Settings\pc\Application Data\Camfrog
      2007-12-27 12:45 . 2007-12-27 12:45 <DIR> d-------- C:\Program Files\CEZEO software
      2007-12-27 12:45 . 2007-12-27 12:45 <DIR> d-------- C:\Documents and Settings\pc\Application Data\CEZEO software

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-20 09:48 --------- d-----w C:\Program Files\SpywareBlaster
      2008-01-20 08:54 --------- d-----w C:\Program Files\MSN Messenger
      2008-01-20 08:53 --------- d-----w C:\Program Files\Microsoft ActiveSync
      2008-01-20 08:53 --------- d-----w C:\Program Files\Google
      2008-01-18 22:29 --------- d-----w C:\Program Files\WinASO
      2008-01-17 09:39 --------- d-----w C:\Documents and Settings\pc\Application Data\Azureus
      2008-01-16 11:33 --------- d-----w C:\Documents and Settings\pc\Application Data\U3
      2008-01-11 09:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-01-10 14:51 --------- d-----w C:\Program Files\ChessPlanet
      2008-01-06 15:56 --------- d-----w C:\Program Files\Common Files\InstallShield
      2007-12-27 10:41 --------- d-----w C:\Program Files\Azureus
      2007-12-12 20:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2007-08-09 19:06 39,950 ----a-w C:\Program Files\Compleet Factureren 2007 Setup Log.txt
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
      "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 11:46 196608]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 15:13 68856]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]
      "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 12:39 1289000]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Dit"="Dit.exe" [2003-07-16 12:56 86016 C:\WINDOWS\Dit.exe]
      "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 10:09 458752]
      "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 10:03 217088]
      "RegistryMechanic"=""
      "nwiz"="nwiz.exe" [2006-06-01 16:22 1519616 C:\WINDOWS\system32\nwiz.exe]
      "LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 10:09 458752]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 16:22 7618560]
      "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:03 110592 C:\WINDOWS\system32\bthprops.cpl]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      WinCinema Manager.lnk - C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe [2008-01-06 16:55:33 303104]
      Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
      Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-06-06 19:00:38 450560]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]

      R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2004-05-21 20:15]
      S3 XDva007;XDva007;C:\WINDOWS\system32\XDva007.sys

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-01-20 10:52:30 C:\WINDOWS\Tasks\XoftSpySE 2.job"
      - C:\Program Files\XoftSpySE\XoftSpy.exe
      "2008-01-19 02:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
      - C:\Program Files\XoftSpySE\XoftSpy.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-20 11:53:41
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-01-20 11:59:34 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-01-20 10:58:47
      ComboFix2.txt 2007-06-02 12:20:35
      .
      2008-01-20 00:36:58 --- E O F ---






      ---RVAXO.exe Updated: 2008-01-20---first run---
      Files found:
      C:\WINDOWS\system32\cbxwurr.dll.vir
      C:\WINDOWS\system32\egfhk.ini2
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\mrofinu1000106.exe
      C:\WINDOWS\mrofinu572.exe
      C:\WINDOWS\system32\pac.txt

      Uninstallers Rogue scanners:


      Folders Found:

      C:\Program Files\Temporary
      C:\Program Files\Dot1XCfg
      C:\Temp\1cb

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      C:\Documents and Settings\pc\Mijn documenten\Mijn ontvangen bestanden\Autumn_(Basic)_SL.zip
      C:\Documents and Settings\pc\Mijn documenten\Mijn ontvangen bestanden\htcs710-NWW_Netherlands_Setup.zip
      Folders Found:

      --------------RVAXO.exe finished----------------






      [01/20/2008, 11:24:30] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\pc\Bureaublad\VirtumundoBeGone.exe" )
      [01/20/2008, 11:24:41] - Detected System Information:
      [01/20/2008, 11:24:41] - Windows Version: 5.1.2600, Service Pack 2
      [01/20/2008, 11:24:41] - Current Username: pc (Admin)
      [01/20/2008, 11:24:41] - Windows is in NORMAL mode.
      [01/20/2008, 11:24:41] - Searching for Browser Helper Objects:
      [01/20/2008, 11:24:41] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
      [01/20/2008, 11:24:41] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
      [01/20/2008, 11:24:41] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
      [01/20/2008, 11:24:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [01/20/2008, 11:24:41] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [01/20/2008, 11:24:41] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [01/20/2008, 11:24:41] - BHO 4: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
      [01/20/2008, 11:24:41] - BHO 5: {66E52B35-C00B-4B5B-9F3C-B48B266C9F85} ()
      [01/20/2008, 11:24:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [01/20/2008, 11:24:41] - Checking for HKLM\...\Winlogon\Notify\khfge
      [01/20/2008, 11:24:41] - Key not found: HKLM\...\Winlogon\Notify\khfge, continuing.
      [01/20/2008, 11:24:41] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [01/20/2008, 11:24:41] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
      [01/20/2008, 11:24:41] - BHO 8: {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} ()
      [01/20/2008, 11:24:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [01/20/2008, 11:24:41] - Checking for HKLM\...\Winlogon\Notify\cbxwurr
      [01/20/2008, 11:24:41] - Found: HKLM\...\Winlogon\Notify\cbxwurr - This is probably Virtumundo.
      [01/20/2008, 11:24:41] - Assigning {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} MSEvents Object
      [01/20/2008, 11:24:41] - BHO list has been changed! Starting over...
      [01/20/2008, 11:24:41] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
      [01/20/2008, 11:24:41] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
      [01/20/2008, 11:24:41] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
      [01/20/2008, 11:24:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [01/20/2008, 11:24:41] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [01/20/2008, 11:24:41] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [01/20/2008, 11:24:41] - BHO 4: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
      [01/20/2008, 11:24:41] - BHO 5: {66E52B35-C00B-4B5B-9F3C-B48B266C9F85} ()
      [01/20/2008, 11:24:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [01/20/2008, 11:24:41] - Checking for HKLM\...\Winlogon\Notify\khfge
      [01/20/2008, 11:24:41] - Key not found: HKLM\...\Winlogon\Notify\khfge, continuing.
      [01/20/2008, 11:24:41] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [01/20/2008, 11:24:41] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
      [01/20/2008, 11:24:41] - BHO 8: {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} (MSEvents Object)
      [01/20/2008, 11:24:41] - ALERT: Found MSEvents Object!
      [01/20/2008, 11:24:41] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [01/20/2008, 11:24:41] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [01/20/2008, 11:24:41] - BHO 11: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
      [01/20/2008, 11:24:41] - Finished Searching Browser Helper Objects
      [01/20/2008, 11:24:41] - *** Detected MSEvents Object
      [01/20/2008, 11:24:41] - Trying to remove MSEvents Object...
      [01/20/2008, 11:24:42] - Terminating Process: IEXPLORE.EXE
      [01/20/2008, 11:24:43] - Terminating Process: RUNDLL32.EXE
      [01/20/2008, 11:24:43] - Disabling Automatic Shell Restart
      [01/20/2008, 11:24:44] - Terminating Process: EXPLORER.EXE
      [01/20/2008, 11:24:45] - Suspending the NT Session Manager System Service
      [01/20/2008, 11:24:45] - Terminating Windows NT Logon/Logoff Manager
      [01/20/2008, 11:24:46] - Re-enabling Automatic Shell Restart
      [01/20/2008, 11:24:46] - File to disable: C:\WINDOWS\system32\cbxwurr.dll
      [01/20/2008, 11:24:46] - Renaming C:\WINDOWS\system32\cbxwurr.dll -> C:\WINDOWS\system32\cbxwurr.dll.vir
      [01/20/2008, 11:24:47] - File successfully renamed!
      [01/20/2008, 11:24:47] - Removing HKLM\...\Browser Helper Objects\{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}
      [01/20/2008, 11:24:47] - Removing HKCR\CLSID\{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}
      [01/20/2008, 11:24:47] - Adding Kill Bit for ActiveX for GUID: {A051B1FF-8D7E-418B-AABE-4FF82F4280A2}
      [01/20/2008, 11:24:47] - Deleting ATLEvents/MSEvents Registry entries
      [01/20/2008, 11:24:47] - Removing HKLM\...\Winlogon\Notify\cbxwurr
      [01/20/2008, 11:24:47] - Searching for Browser Helper Objects:
      [01/20/2008, 11:24:47] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
      [01/20/2008, 11:24:47] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
      [01/20/2008, 11:24:47] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
      [01/20/2008, 11:24:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [01/20/2008, 11:24:47] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [01/20/2008, 11:24:47] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [01/20/2008, 11:24:47] - BHO 4: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
      [01/20/2008, 11:24:47] - BHO 5: {66E52B35-C00B-4B5B-9F3C-B48B266C9F85} ()
      [01/20/2008, 11:24:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [01/20/2008, 11:24:47] - Checking for HKLM\...\Winlogon\Notify\khfge
      [01/20/2008, 11:24:47] - Key not found: HKLM\...\Winlogon\Notify\khfge, continuing.
      [01/20/2008, 11:24:47] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [01/20/2008, 11:24:48] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
      [01/20/2008, 11:24:48] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [01/20/2008, 11:24:48] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [01/20/2008, 11:24:48] - BHO 10: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
      [01/20/2008, 11:24:48] - Finished Searching Browser Helper Objects
      [01/20/2008, 11:24:48] - Finishing up...
      [01/20/2008, 11:24:48] - A restart is needed.
      [01/20/2008, 11:24:53] - Attempting to Restart via STOP error (Blue Screen!)
      Last edited by dekraan; 20-01-08, 12:14.

      Comment


      • #4
        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO doen verwijderen.

        Download de bijlage: CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord.

        Post ook een nieuw logje van Hijackthis en vertel of je nog problemen ondervindt
        Bijgevoegde Bestanden

        Comment


        • #5
          Ha, Smeenk!

          Allemaal gedaan, en volgens mij (maar dat zegt niet veel natuurlijk!) heb ik geen problemen meer. IExplorer draait weer lekker snel, het rode ballonnetje is weg (er is nog een gele, maar dat kan geen kwaad, denk ik?!) en Spybot S&D kon bij de laatste scan niets vinden! Het zal ook wel helpen dat Avira AntiVir nu draait! Hierbij in ieder geval mijn logjes:



          ComboFix 08-01-20.1 - pc 2008-01-20 20:42:47.2 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.124 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\pc\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\pc\Bureaublad\cfscript.txt
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

          FILE
          C:\WINDOWS\system32\mxntemct.ini
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\Temp\Ryuan1
          C:\Temp\Ryuan1\tepU.log
          C:\WINDOWS\system32\edcA01
          C:\WINDOWS\system32\mxntemct.ini
          C:\WINDOWS\system32\qe1
          C:\WINDOWS\system32\wce9
          C:\WINDOWS\TGVvIEggS3JhbmVuYnVyZw

          .
          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

          .
          -------\LEGACY_XDVA007
          -------\XDva007


          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))
          .

          2008-01-20 12:15 . 2008-01-20 12:15 <DIR> d-------- C:\Program Files\Avira
          2008-01-20 12:15 . 2008-01-20 12:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
          2008-01-20 10:28 . 2008-01-20 10:44 122,105,856 --a------ C:\231.tmp
          2008-01-20 10:02 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
          2008-01-20 09:56 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\shktpnpceqtq.sys
          2008-01-20 09:52 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
          2008-01-20 09:34 . 2008-01-20 13:20 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
          2008-01-20 09:34 . 2008-01-20 09:34 30,590 --a------ C:\WINDOWS\system32\pavas.ico
          2008-01-20 01:30 . 2008-01-20 01:30 <DIR> d-------- C:\Program Files\Trend Micro
          2008-01-19 23:16 . 2008-01-20 00:18 163 --a------ C:\WINDOWS\wininit.ini
          2008-01-18 16:11 . 2008-01-20 20:47 <DIR> d-------- C:\Temp
          2008-01-16 19:15 . 2008-01-16 20:03 <DIR> d--h----- C:\Program Files\Zero G Registry
          2008-01-16 19:14 . 2008-01-16 19:14 <DIR> d--h----- C:\Documents and Settings\pc\InstallAnywhere
          2008-01-16 19:13 . 2008-01-18 09:36 <DIR> d-------- C:\Documents and Settings\pc\Application Data\Sports Interactive
          2008-01-06 16:57 . 2005-09-20 17:27 10,368 --------- C:\WINDOWS\system32\drivers\iviaspi.sys
          2008-01-06 16:56 . 2008-01-06 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
          2008-01-06 16:55 . 2008-01-06 16:55 <DIR> d-------- C:\Program Files\Sandisk
          2008-01-06 16:55 . 2005-09-20 17:27 10,368 --a------ C:\WINDOWS\system32\iviaspi.sys
          2007-12-29 14:15 . 2007-12-29 14:15 <DIR> d-------- C:\Documents and Settings\pc\Application Data\CamfrogWEB
          2007-12-28 12:19 . 2007-12-28 12:19 <DIR> d-------- C:\Documents and Settings\pc\Application Data\Camfrog
          2007-12-27 12:45 . 2007-12-27 12:45 <DIR> d-------- C:\Program Files\CEZEO software
          2007-12-27 12:45 . 2007-12-27 12:45 <DIR> d-------- C:\Documents and Settings\pc\Application Data\CEZEO software

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-20 13:52 --------- d-----w C:\Program Files\Azureus
          2008-01-20 09:48 --------- d-----w C:\Program Files\SpywareBlaster
          2008-01-20 08:54 --------- d-----w C:\Program Files\MSN Messenger
          2008-01-20 08:53 --------- d-----w C:\Program Files\Microsoft ActiveSync
          2008-01-20 08:53 --------- d-----w C:\Program Files\Google
          2008-01-18 22:29 --------- d-----w C:\Program Files\WinASO
          2008-01-17 09:39 --------- d-----w C:\Documents and Settings\pc\Application Data\Azureus
          2008-01-16 11:33 --------- d-----w C:\Documents and Settings\pc\Application Data\U3
          2008-01-11 09:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2008-01-06 15:56 --------- d-----w C:\Program Files\Common Files\InstallShield
          2007-12-12 20:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
          2007-08-09 19:06 39,950 ----a-w C:\Program Files\Compleet Factureren 2007 Setup Log.txt
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
          "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 11:46 196608]
          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 15:13 68856]
          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]
          "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 12:39 1289000]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Dit"="Dit.exe" [2003-07-16 12:56 86016 C:\WINDOWS\Dit.exe]
          "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 10:09 458752]
          "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 10:03 217088]
          "RegistryMechanic"=""
          "nwiz"="nwiz.exe" [2006-06-01 16:22 1519616 C:\WINDOWS\system32\nwiz.exe]
          "LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 10:09 458752]
          "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 16:22 7618560]
          "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:03 110592 C:\WINDOWS\system32\bthprops.cpl]
          "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-20 12:19 249896]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          WinCinema Manager.lnk - C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe [2008-01-06 16:55:33 303104]
          Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
          Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-06-06 19:00:38 450560]
          Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]

          R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2004-05-21 20:15]

          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-01-20 19:51:18 C:\WINDOWS\Tasks\XoftSpySE 2.job"
          - C:\Program Files\XoftSpySE\XoftSpy.exe
          "2008-01-19 02:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
          - C:\Program Files\XoftSpySE\XoftSpy.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-20 20:52:42
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2008-01-20 20:58:55 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-01-20 19:58:44
          ComboFix2.txt 2008-01-20 10:59:35
          ComboFix3.txt 2007-06-02 12:20:35
          .
          2008-01-20 14:22:57 --- E O F ---



          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 21:03:38, on 20-1-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
          C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
          C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
          C:\WINDOWS\System32\nvsvc32.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\Dit.exe
          C:\WINDOWS\DitExp.exe
          C:\Program Files\Logitech\Video\LogiTray.exe
          C:\WINDOWS\system32\rundll32.exe
          C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
          C:\Program Files\MSN Messenger\msnmsgr.exe
          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\PROGRA~1\MI3AA1~1\rapimgr.exe
          C:\WINDOWS\System32\LVComsX.exe
          C:\Program Files\Logitech\Video\FxSvr2.exe
          C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
          O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
          O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
          O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
          O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
          O4 - HKLM\..\Run: [Dit] Dit.exe
          O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
          O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
          O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
          O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
          O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
          O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
          O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
          O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
          O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
          O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
          O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
          O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
          O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
          O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
          O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
          O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
          O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
          O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
          O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
          O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
          O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
          O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
          O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

          --
          End of file - 7923 bytes


          Mocht jij ook denken dat alles nu opgelost is... heb je dan nog tips of goede (freeware) programma's die ik (zonder al te veel know-how) kan gebruiken om de pc schoon en veilig te houden. Firefox bv ipv explorer? Of een handige scanner, beveiliger of opsporingsprogramma? Hoor 't graag :-) en alvast bedankt!!!!

          Comment


          • #6
            Verwijder het volgende bestand:
            C:\231.tmp

            Verwijder de volgende map:
            C:\Qoobox

            Maak dan je prullenbak leeg.

            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Ga naar Start - Uitvoeren en geef hier het volgende in:
            Combofix /U
            Druk daarna op OK.
            Let op: Er moet een spatie tussen Combofix en /U zitten.

            Dit zal Combofix deïnstalleren.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Kijk naar deze link:

            Comment


            • #7
              Dank je! Ik heb inmiddels FireFox geinstalleerd en na wat je zei een nieuwe hijackthis log gemaakt. Hopelijk is ie helemaal schoon!



              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 20:29:36, on 22-1-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
              C:\WINDOWS\Dit.exe
              C:\WINDOWS\DitExp.exe
              C:\Program Files\Logitech\Video\LogiTray.exe
              C:\WINDOWS\system32\rundll32.exe
              C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
              C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
              C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              C:\Program Files\Messenger\msmsgs.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Microsoft ActiveSync\wcescomm.exe
              C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
              C:\PROGRA~1\MI3AA1~1\rapimgr.exe
              C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
              C:\WINDOWS\System32\LVComsX.exe
              C:\WINDOWS\System32\nvsvc32.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Logitech\Video\FxSvr2.exe
              C:\WINDOWS\system32\wuauclt.exe
              C:\Program Files\Windows Live\Messenger\usnsvc.exe
              C:\Program Files\Mozilla Firefox\firefox.exe
              C:\WINDOWS\system32\wuauclt.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
              O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
              O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
              O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
              O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
              O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
              O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
              O4 - HKLM\..\Run: [Dit] Dit.exe
              O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
              O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
              O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
              O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
              O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
              O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
              O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
              O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
              O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
              O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
              O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
              O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
              O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
              O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
              O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
              O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
              O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
              O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
              O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
              O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
              O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
              O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
              O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
              O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
              O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
              O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
              O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
              O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
              O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

              --
              End of file - 7857 bytes

              Comment


              • #8
                Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
                R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
                O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

                Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

                Voor de rest ziet het er goed uit

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X