Mededeling

Collapse
No announcement yet.

trojan metajuan

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • trojan metajuan

    Argh wat vervelend. Ik krijg als ik opstart valse foutmeldingen, mijn C: schijf heeft een kruisje in plaats van zijn gewone icoontje, als ik internet opstart zijn mijn cookie privacy settings naar low, ik heb een neppe help and support center pictogram op mijn bureaublad die ik niet kan verwijderen, hij probeert soms ook een setup te downloaden, mijn internet opent opeens ads, en soms duizenden lege pagina's achter elkar en ik krijg steeds een melding dat ik de trojan metajun heb in c:\windows\system32\dgaqjniu.dll. Help!
    Hier is mijn hijack this log.. ik hoop dat ik het goed doe.. en dat iemand kan helpen..

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 22:50:52, on 13-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
    F:\Mijn documenten\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {06307358-8ACD-463C-843F-529D65E5C845} - C:\WINDOWS\system32\ssttt.dll
    O2 - BHO: {9c08e594-1b14-447b-83a4-72a895ee04f4} - {4f40ee59-8a27-4a38-b744-41b1495e80c9} - C:\WINDOWS\system32\yjyasnrn.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {85A9C42E-29DB-438A-8D09-A056493B9471} - C:\WINDOWS\system32\fccawtr.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\dgaqjniu.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [7cfe90e1] rundll32.exe "C:\WINDOWS\system32\ldevimgb.dll",b
    O4 - HKLM\..\Run: [BM7fcda37d] Rundll32.exe "C:\WINDOWS\system32\vmiepjgj.dll",s
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201279221328
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201279844359
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/nl/TSEasyInstallX.CAB
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: dgaqjniu - C:\WINDOWS\SYSTEM32\dgaqjniu.dll
    O20 - Winlogon Notify: fccawtr - C:\WINDOWS\SYSTEM32\fccawtr.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 8483 bytes
    Last edited by divada16; 13-03-08, 23:56.

  • #2
    Download VirtumundoBegone (mirror)
    Sla dit op op je bureaublad.

    Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.


    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.

    • Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
      O2 - BHO: (no name) - {06307358-8ACD-463C-843F-529D65E5C845} - C:\WINDOWS\system32\ssttt.dll
      O2 - BHO: {9c08e594-1b14-447b-83a4-72a895ee04f4} - {4f40ee59-8a27-4a38-b744-41b1495e80c9} - C:\WINDOWS\system32\yjyasnrn.dll
      O4 - HKLM\..\Run: [7cfe90e1] rundll32.exe "C:\WINDOWS\system32\ldevimgb.dll",b
      O4 - HKLM\..\Run: [BM7fcda37d] Rundll32.exe "C:\WINDOWS\system32\vmiepjgj.dll",s

      Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Post ook een nieuw logje van Hijackthis ter controle
    Last edited by smeenk; 14-03-08, 11:10.

    Comment


    • #3
      VBG
      [03/14/2008, 23:08:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Danielle Ardon\Bureaublad\VirtumundoBeGone.exe" )
      [03/14/2008, 23:08:17] - Detected System Information:
      [03/14/2008, 23:08:17] - Windows Version: 5.1.2600, Service Pack 2
      [03/14/2008, 23:08:17] - Current Username: Danielle Ardon (Admin)
      [03/14/2008, 23:08:17] - Windows is in NORMAL mode.
      [03/14/2008, 23:08:17] - Searching for Browser Helper Objects:
      [03/14/2008, 23:08:17] - BHO 1: {5b52aecd-1a84-4990-a52b-c0eabe9ddce0} ()
      [03/14/2008, 23:08:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/14/2008, 23:08:17] - Checking for HKLM\...\Winlogon\Notify\qefajnst
      [03/14/2008, 23:08:17] - Key not found: HKLM\...\Winlogon\Notify\qefajnst, continuing.
      [03/14/2008, 23:08:17] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [03/14/2008, 23:08:17] - BHO 3: {85A9C42E-29DB-438A-8D09-A056493B9471} ()
      [03/14/2008, 23:08:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/14/2008, 23:08:17] - Checking for HKLM\...\Winlogon\Notify\fccawtr
      [03/14/2008, 23:08:17] - Found: HKLM\...\Winlogon\Notify\fccawtr - This is probably Virtumundo.
      [03/14/2008, 23:08:17] - Assigning {85A9C42E-29DB-438A-8D09-A056493B9471} MSEvents Object
      [03/14/2008, 23:08:17] - BHO list has been changed! Starting over...
      [03/14/2008, 23:08:17] - BHO 1: {5b52aecd-1a84-4990-a52b-c0eabe9ddce0} ()
      [03/14/2008, 23:08:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/14/2008, 23:08:17] - Checking for HKLM\...\Winlogon\Notify\qefajnst
      [03/14/2008, 23:08:17] - Key not found: HKLM\...\Winlogon\Notify\qefajnst, continuing.
      [03/14/2008, 23:08:17] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [03/14/2008, 23:08:17] - BHO 3: {85A9C42E-29DB-438A-8D09-A056493B9471} (MSEvents Object)
      [03/14/2008, 23:08:17] - ALERT: Found MSEvents Object!
      [03/14/2008, 23:08:17] - BHO 4: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
      [03/14/2008, 23:08:17] - BHO 5: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
      [03/14/2008, 23:08:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/14/2008, 23:08:17] - Checking for HKLM\...\Winlogon\Notify\dgaqjniu
      [03/14/2008, 23:08:17] - Found: HKLM\...\Winlogon\Notify\dgaqjniu - This is probably Virtumundo.
      [03/14/2008, 23:08:17] - Assigning {A95B2816-1D7E-4561-A202-68C0DE02353A} MSEvents Object
      [03/14/2008, 23:08:17] - BHO list has been changed! Starting over...
      [03/14/2008, 23:08:17] - BHO 1: {5b52aecd-1a84-4990-a52b-c0eabe9ddce0} ()
      [03/14/2008, 23:08:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/14/2008, 23:08:17] - Checking for HKLM\...\Winlogon\Notify\qefajnst
      [03/14/2008, 23:08:17] - Key not found: HKLM\...\Winlogon\Notify\qefajnst, continuing.
      [03/14/2008, 23:08:17] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [03/14/2008, 23:08:17] - BHO 3: {85A9C42E-29DB-438A-8D09-A056493B9471} (MSEvents Object)
      [03/14/2008, 23:08:17] - ALERT: Found MSEvents Object!
      [03/14/2008, 23:08:18] - BHO 4: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
      [03/14/2008, 23:08:18] - BHO 5: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
      [03/14/2008, 23:08:18] - ALERT: Found MSEvents Object!
      [03/14/2008, 23:08:18] - BHO 6: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
      [03/14/2008, 23:08:18] - BHO 7: {EB554378-B75B-4188-A93B-0C7E46E506FC} ()
      [03/14/2008, 23:08:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/14/2008, 23:08:18] - Checking for HKLM\...\Winlogon\Notify\ssttt
      [03/14/2008, 23:08:18] - Key not found: HKLM\...\Winlogon\Notify\ssttt, continuing.
      [03/14/2008, 23:08:18] - Finished Searching Browser Helper Objects
      [03/14/2008, 23:08:18] - *** Detected MSEvents Object
      [03/14/2008, 23:08:18] - Trying to remove MSEvents Object...
      [03/14/2008, 23:08:19] - Terminating Process: IEXPLORE.EXE
      [03/14/2008, 23:08:19] - Terminating Process: RUNDLL32.EXE
      [03/14/2008, 23:08:20] - Disabling Automatic Shell Restart
      [03/14/2008, 23:08:20] - Terminating Process: EXPLORER.EXE
      [03/14/2008, 23:08:20] - Suspending the NT Session Manager System Service
      [03/14/2008, 23:08:20] - Terminating Windows NT Logon/Logoff Manager
      [03/14/2008, 23:08:21] - Re-enabling Automatic Shell Restart
      [03/14/2008, 23:08:21] - File to disable: C:\WINDOWS\system32\fccawtr.dll
      [03/14/2008, 23:08:21] - Renaming C:\WINDOWS\system32\fccawtr.dll -> C:\WINDOWS\system32\fccawtr.dll.vir
      [03/14/2008, 23:08:21] - File successfully renamed!
      [03/14/2008, 23:08:21] - Removing HKLM\...\Browser Helper Objects\{85A9C42E-29DB-438A-8D09-A056493B9471}
      [03/14/2008, 23:08:21] - Removing HKCR\CLSID\{85A9C42E-29DB-438A-8D09-A056493B9471}
      [03/14/2008, 23:08:21] - Adding Kill Bit for ActiveX for GUID: {85A9C42E-29DB-438A-8D09-A056493B9471}
      [03/14/2008, 23:08:21] - Deleting ATLEvents/MSEvents Registry entries
      [03/14/2008, 23:08:21] - Removing HKLM\...\Winlogon\Notify\fccawtr
      [03/14/2008, 23:08:21] - Searching for Browser Helper Objects:
      [03/14/2008, 23:08:21] - BHO 1: {5b52aecd-1a84-4990-a52b-c0eabe9ddce0} ()
      [03/14/2008, 23:08:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/14/2008, 23:08:21] - Checking for HKLM\...\Winlogon\Notify\qefajnst
      [03/14/2008, 23:08:21] - Key not found: HKLM\...\Winlogon\Notify\qefajnst, continuing.
      [03/14/2008, 23:08:21] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [03/14/2008, 23:08:21] - BHO 3: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
      [03/14/2008, 23:08:21] - BHO 4: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
      [03/14/2008, 23:08:21] - ALERT: Found MSEvents Object!
      [03/14/2008, 23:08:21] - BHO 5: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
      [03/14/2008, 23:08:21] - BHO 6: {EB554378-B75B-4188-A93B-0C7E46E506FC} ()
      [03/14/2008, 23:08:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/14/2008, 23:08:21] - Checking for HKLM\...\Winlogon\Notify\ssttt
      [03/14/2008, 23:08:21] - Key not found: HKLM\...\Winlogon\Notify\ssttt, continuing.
      [03/14/2008, 23:08:21] - Finished Searching Browser Helper Objects
      [03/14/2008, 23:08:21] - *** Detected MSEvents Object
      [03/14/2008, 23:08:21] - Trying to remove MSEvents Object...
      [03/14/2008, 23:08:22] - Terminating Process: IEXPLORE.EXE
      [03/14/2008, 23:08:22] - Terminating Process: RUNDLL32.EXE
      [03/14/2008, 23:08:22] - Disabling Automatic Shell Restart
      [03/14/2008, 23:08:22] - Terminating Process: EXPLORER.EXE
      [03/14/2008, 23:08:22] - Suspending the NT Session Manager System Service
      [03/14/2008, 23:08:22] - Terminating Windows NT Logon/Logoff Manager
      [03/14/2008, 23:08:22] - Re-enabling Automatic Shell Restart
      [03/14/2008, 23:08:22] - File to disable: C:\WINDOWS\system32\dgaqjniu.dll
      [03/14/2008, 23:08:22] - Renaming C:\WINDOWS\system32\dgaqjniu.dll -> C:\WINDOWS\system32\dgaqjniu.dll.vir
      [03/14/2008, 23:08:22] - File successfully renamed!
      [03/14/2008, 23:08:22] - Removing HKLM\...\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
      [03/14/2008, 23:08:22] - Removing HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
      [03/14/2008, 23:08:23] - Adding Kill Bit for ActiveX for GUID: {A95B2816-1D7E-4561-A202-68C0DE02353A}
      [03/14/2008, 23:08:23] - Deleting ATLEvents/MSEvents Registry entries
      [03/14/2008, 23:08:23] - Removing HKLM\...\Winlogon\Notify\dgaqjniu
      [03/14/2008, 23:08:23] - Searching for Browser Helper Objects:
      [03/14/2008, 23:08:23] - BHO 1: {5b52aecd-1a84-4990-a52b-c0eabe9ddce0} ()
      [03/14/2008, 23:08:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/14/2008, 23:08:23] - Checking for HKLM\...\Winlogon\Notify\qefajnst
      [03/14/2008, 23:08:23] - Key not found: HKLM\...\Winlogon\Notify\qefajnst, continuing.
      [03/14/2008, 23:08:23] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [03/14/2008, 23:08:23] - BHO 3: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
      [03/14/2008, 23:08:23] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
      [03/14/2008, 23:08:23] - BHO 5: {EB554378-B75B-4188-A93B-0C7E46E506FC} ()
      [03/14/2008, 23:08:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/14/2008, 23:08:23] - Checking for HKLM\...\Winlogon\Notify\ssttt
      [03/14/2008, 23:08:23] - Key not found: HKLM\...\Winlogon\Notify\ssttt, continuing.
      [03/14/2008, 23:08:23] - Finished Searching Browser Helper Objects
      [03/14/2008, 23:08:23] - Finishing up...
      [03/14/2008, 23:08:23] - A restart is needed.
      [03/14/2008, 23:08:33] - Attempting to Restart via STOP error (Blue Screen!)


      RVAXO

      ---RVAXO.exe Updated: 2008-03-14---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\system32\fccawtr.dll.vir
      C:\WINDOWS\system32\dgaqjniu.dllbox
      C:\WINDOWS\system32\tttss.ini2
      C:\WINDOWS\pskt.ini
      C:\Documents and Settings\Danielle Ardon\Mijn documenten\pos???.tmp
      C:\pos???.tmp
      C:\Documents and Settings\Danielle Ardon\Bureau~1\Help and Support Center.lnk

      Folders Found:

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------


      Hijack this

      Logfile of Trend Micro HijackThis v2.0.0 (BETA)
      Scan saved at 0:03:33, on 15-3-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Norton Internet Security\ISSVC.exe
      C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows NT\Bureau-accessoires\wordpad.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
      F:\Mijn documenten\HiJackThis_v2.exe
      C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: (no name) - {5C3AE72F-3A7F-4ED0-9251-DB7CB01CC636} - C:\WINDOWS\system32\ssttt.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201279221328
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201279844359
      O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/nl/TSEasyInstallX.CAB
      O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
      O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

      --
      End of file - 7893 bytes



      Er staat nog wel een windows update op mijn bureaublad, en dat verwijst naar een site genaamd systemerrorfixer.com... maar voor de rest is het geloof ik weg... Moet ik nog iets doen?

      Comment


      • #4
        Zoek met je verkenner dit bestand eens op: C:\WINDOWS\system32\ssttt.dll
        Probeer vervolgens dat bestand naar je bureaublad te slepen.
        Als dat gelukt is herstart je de computer.

        Na de herstart post je een nieuw logje van Hijackthis ter controle

        Comment


        • #5
          Kan sstt niet verplaatsen. Het is door iemand anders of een programma in gebruik En nu?

          Comment


          • #6
            Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regel:
            O2 - BHO: (no name) - {5C3AE72F-3A7F-4ED0-9251-DB7CB01CC636} - C:\WINDOWS\system32\ssttt.dll
            Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

            Herstart je computer.

            Post na de herstart een nieuw logje van Hijackthis

            Comment


            • #7
              Blijkbaar toch nog stevig verankerd

              Download Combofix (mirror) naar je Bureaublad.
              Dubbelklik op Combofix.exe
              Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
              Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
              Plaats deze log in je volgende post.

              NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

              Comment


              • #8
                Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
                Dit zal alles van RVAXO doen verwijderen.

                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Ga naar Start - Uitvoeren en geef hier het volgende in:
                Combofix /U
                Druk daarna op OK.
                Let op: Er moet een spatie tussen Combofix en /U zitten.

                Dit zal Combofix deïnstalleren.

                Post als laatste nog een nieuw logje van Hijackthis ter controle

                Comment


                • #9
                  Hieronder de hijack this log.. alleen nog een vraagje.. virtumundobegone.. kan ik die gewoon van mijn bureaublad verwijderen?

                  Logfile of Trend Micro HijackThis v2.0.0 (BETA)
                  Scan saved at 23:07:34, on 17-3-2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
                  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                  C:\Program Files\Norton Internet Security\ISSVC.exe
                  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                  C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
                  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                  C:\WINDOWS\system32\atwtusb.exe
                  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                  C:\Program Files\Bonjour\mDNSResponder.exe
                  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                  C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
                  C:\Program Files\Messenger\msmsgs.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                  C:\WINDOWS\system32\TBLMOUSE.EXE
                  C:\Program Files\MSN Messenger\usnsvc.exe
                  C:\Program Files\internet explorer\iexplore.exe
                  C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
                  F:\Mijn documenten\HiJackThis_v2.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
                  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
                  O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
                  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
                  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                  O4 - HKLM\..\Run: [PWRISOVM.EXE] H:\PowerISO\PWRISOVM.EXE
                  O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
                  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
                  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
                  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201279221328
                  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201279844359
                  O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/nl/TSEasyInstallX.CAB
                  O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
                  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                  O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
                  O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
                  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                  O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                  O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
                  O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
                  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                  O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
                  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                  O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
                  O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
                  O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
                  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
                  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

                  --
                  End of file - 8063 bytes

                  Comment


                  • #10
                    Je Hijackthis logje ziet er weer goed uit

                    Alle gebruikte programma's + bijbehorende logjes mag je verwijderen

                    Doe dit nog:
                    Open een kladblokbestand.
                    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                    @ECHO OFF
                    IF EXIST log.txt DEL log.txt
                    ECHO Deleting files>>log.txt
                    FOR %%g in (
                    C:\sqmdata00.sqm
                    C:\sqmnoopt00.sqm
                    C:\WINDOWS\system32\bgmivedl.ini
                    C:\WINDOWS\system32\rroduius.ini
                    C:\WINDOWS\system32\gwqrkvsk.ini
                    C:\WINDOWS\system32\bbjhvhtq.ini
                    C:\WINDOWS\system32\nitarjrg.ini
                    C:\WINDOWS\msdownld.tmp) DO (
                    IF EXIST %%g (
                    ATTRIB -r -s -h %%g
                    DEL %%g
                    IF EXIST %%g (
                    ECHO %%g not deleted>>log.txt
                    ) ELSE (
                    ECHO %%g deleted>>log.txt)
                    ) ELSE (
                    ECHO %%g not found>>log.txt))
                    START NOTEPAD.EXE log.txt

                    Ga naar Bestand - Opslaan als.
                    Bij "Opslaan in" kies je: Bureaublad
                    Bij "Bestandsnaam" zet je: del.bat
                    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                    Klik op de knop Opslaan.

                    Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                    Comment


                    • #11
                      hier het logje Enorm bedankt voor alles, jullie zijn als het rode kruis voor de zieke computers!

                      Deleting files
                      C:\sqmdata00.sqm deleted
                      C:\sqmnoopt00.sqm deleted
                      C:\WINDOWS\system32\bgmivedl.ini deleted
                      C:\WINDOWS\system32\rroduius.ini deleted
                      C:\WINDOWS\system32\gwqrkvsk.ini deleted
                      C:\WINDOWS\system32\bbjhvhtq.ini deleted
                      C:\WINDOWS\system32\nitarjrg.ini deleted
                      C:\WINDOWS\msdownld.tmp not deleted

                      Comment


                      • #12
                        Graag gedaan hoor

                        Ik denk dat we nu klaar zijn

                        Comment

                        Sorry, you are not authorized to view this page
                        Working...
                        X