Mededeling

Collapse
No announcement yet.

Virtumonde/vundo

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Virtumonde/vundo

    hallo,
    heb sinds een week last van smitfraud.C-toolbar888, dat spybot vindt maar niet wegkrijgt, nu wou ik hier vandaag een post voor plaatsen en volgde de volgende stappen eerst: virusscan, spybot, adawarescan. Deze vinden smitfraud nu echter niet meer maar iets anders: virtumonde (spybot) en vundo (mcafee).

    Mijn computer start al een tijdje ook langzamer op als normaal en de taakbalk werkt soms niet, ik kan namelijk niet op start of andere knoppen klikken....

    Bij het opstarten geeft windows volgende foutmelding: "fout opgetreden bij het laden van c:\windows\system32\koaljqqs.dll" verder geeft spybot ook een aantal meldingen waarin hij vraagt om aanpassingen in het register te maken, ik klik hiervoor op aanpassing wijgeren, waardoor ze dus volgende keer terugkomen bij het opstarten..

    hier mijn log

    mvg
    Koen

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:40:55, on 31/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Dell Network Assistant\hnm_svc.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Creative\Mixer\CTSVolFE.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=be&l=nl&s=gen
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=be&l=nl&s=gen
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=nl&client=dell-row&channel=be&ibd=3061120
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.be/ig/dell?hl=nl&client=dell-row&channel=be&ibd=3061120
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {16E8D432-73D2-4A7A-A10A-D9DBDD3FB104} - C:\WINDOWS\system32\awvvt.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {91223DE9-F8E6-4FFD-8889-BE6784C18696} - C:\WINDOWS\system32\awtrrpm.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [b0cae597] rundll32.exe "C:\WINDOWS\system32\koaljqqs.dll",b
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4333] command /c del "C:\WINDOWS\system32\psnkwfuc.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7365] cmd /c del "C:\WINDOWS\system32\psnkwfuc.dll_old"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4898] cmd /c del "C:\WINDOWS\system32\psnkwfuc.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2330] command /c del "C:\WINDOWS\system32\awvvt.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9346] cmd /c del "C:\WINDOWS\system32\awvvt.dll_old"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Koen\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: awtrrpm - C:\WINDOWS\SYSTEM32\awtrrpm.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 12988 bytes
    Last edited by kts881; 31-03-08, 18:54.

  • #2
    Start Hijackthis en vink alleen de volgende regels aan:

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {16E8D432-73D2-4A7A-A10A-D9DBDD3FB104} - C:\WINDOWS\system32\awvvt.dll (file missing)
    O4 - HKLM\..\Run: [b0cae597] rundll32.exe "C:\WINDOWS\system32\koaljqqs.dll",b
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Koen\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)


    Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".


    Download VirtumundoBegone (mirror)
    Sla dit op op je bureaublad.

    Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

    Post ook een nieuw logje van Hijackthis

    Comment


    • #3
      ok,
      heb de stappen gevolgd, alvast bedankt voor de snelle hulp

      hijackthis lijkt volgende 2 regels wel niet weg te krijgen

      O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
      O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)

      hier onder het VBG log en een nieuwe hjt log:



      [03/31/2008, 22:27:39] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Koen\Bureaublad\VirtumundoBeGone.exe" )
      [03/31/2008, 22:27:46] - Detected System Information:
      [03/31/2008, 22:27:46] - Windows Version: 5.1.2600, Service Pack 2
      [03/31/2008, 22:27:46] - Current Username: Koen (Admin)
      [03/31/2008, 22:27:46] - Windows is in NORMAL mode.
      [03/31/2008, 22:27:46] - Searching for Browser Helper Objects:
      [03/31/2008, 22:27:46] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
      [03/31/2008, 22:27:46] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
      [03/31/2008, 22:27:46] - BHO 3: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
      [03/31/2008, 22:27:46] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [03/31/2008, 22:27:46] - BHO 5: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
      [03/31/2008, 22:27:46] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [03/31/2008, 22:27:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/31/2008, 22:27:46] - No filename found. Continuing.
      [03/31/2008, 22:27:46] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
      [03/31/2008, 22:27:46] - BHO 8: {91223DE9-F8E6-4FFD-8889-BE6784C18696} ()
      [03/31/2008, 22:27:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/31/2008, 22:27:46] - Checking for HKLM\...\Winlogon\Notify\awtrrpm
      [03/31/2008, 22:27:46] - Found: HKLM\...\Winlogon\Notify\awtrrpm - This is probably Virtumundo.
      [03/31/2008, 22:27:46] - Assigning {91223DE9-F8E6-4FFD-8889-BE6784C18696} MSEvents Object
      [03/31/2008, 22:27:46] - BHO list has been changed! Starting over...
      [03/31/2008, 22:27:46] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
      [03/31/2008, 22:27:46] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
      [03/31/2008, 22:27:46] - BHO 3: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
      [03/31/2008, 22:27:46] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [03/31/2008, 22:27:46] - BHO 5: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
      [03/31/2008, 22:27:46] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [03/31/2008, 22:27:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/31/2008, 22:27:46] - No filename found. Continuing.
      [03/31/2008, 22:27:46] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
      [03/31/2008, 22:27:46] - BHO 8: {91223DE9-F8E6-4FFD-8889-BE6784C18696} (MSEvents Object)
      [03/31/2008, 22:27:46] - ALERT: Found MSEvents Object!
      [03/31/2008, 22:27:46] - BHO 9: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
      [03/31/2008, 22:27:46] - BHO 10: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
      [03/31/2008, 22:27:46] - Finished Searching Browser Helper Objects
      [03/31/2008, 22:27:46] - *** Detected MSEvents Object
      [03/31/2008, 22:27:46] - Trying to remove MSEvents Object...
      [03/31/2008, 22:27:47] - Terminating Process: IEXPLORE.EXE
      [03/31/2008, 22:27:47] - Terminating Process: RUNDLL32.EXE
      [03/31/2008, 22:27:47] - Disabling Automatic Shell Restart
      [03/31/2008, 22:27:47] - Terminating Process: EXPLORER.EXE
      [03/31/2008, 22:27:47] - Suspending the NT Session Manager System Service
      [03/31/2008, 22:27:48] - Terminating Windows NT Logon/Logoff Manager
      [03/31/2008, 22:27:48] - Re-enabling Automatic Shell Restart
      [03/31/2008, 22:27:48] - File to disable: C:\WINDOWS\system32\awtrrpm.dll
      [03/31/2008, 22:27:48] - Renaming C:\WINDOWS\system32\awtrrpm.dll -> C:\WINDOWS\system32\awtrrpm.dll.vir
      [03/31/2008, 22:27:48] - File successfully renamed!
      [03/31/2008, 22:27:48] - Removing HKLM\...\Browser Helper Objects\{91223DE9-F8E6-4FFD-8889-BE6784C18696}
      [03/31/2008, 22:27:48] - Removing HKCR\CLSID\{91223DE9-F8E6-4FFD-8889-BE6784C18696}
      [03/31/2008, 22:27:48] - Adding Kill Bit for ActiveX for GUID: {91223DE9-F8E6-4FFD-8889-BE6784C18696}
      [03/31/2008, 22:27:48] - Deleting ATLEvents/MSEvents Registry entries
      [03/31/2008, 22:27:48] - Removing HKLM\...\Winlogon\Notify\awtrrpm
      [03/31/2008, 22:27:48] - Searching for Browser Helper Objects:
      [03/31/2008, 22:27:48] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
      [03/31/2008, 22:27:48] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
      [03/31/2008, 22:27:48] - BHO 3: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
      [03/31/2008, 22:27:48] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [03/31/2008, 22:27:48] - BHO 5: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
      [03/31/2008, 22:27:48] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [03/31/2008, 22:27:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/31/2008, 22:27:48] - No filename found. Continuing.
      [03/31/2008, 22:27:48] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
      [03/31/2008, 22:27:48] - BHO 8: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
      [03/31/2008, 22:27:48] - BHO 9: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
      [03/31/2008, 22:27:48] - Finished Searching Browser Helper Objects
      [03/31/2008, 22:27:48] - Finishing up...
      [03/31/2008, 22:27:48] - A restart is needed.
      [03/31/2008, 22:27:48] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
      [03/31/2008, 22:28:14] - Attempting to Restart via STOP error (Blue Screen!)






      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:40:16, on 31/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
      C:\Program Files\Dell Network Assistant\hnm_svc.exe
      C:\Program Files\McAfee\Common Framework\FrameworkService.exe
      C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
      C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
      C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
      C:\Program Files\Creative\Mixer\CTSVolFE.exe
      C:\WINDOWS\system32\dla\tfswctrl.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\Program Files\Dell\MediaDirect\PCMService.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
      C:\Program Files\McAfee\Common Framework\UdaterUI.exe
      C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
      C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
      C:\WINDOWS\stsystra.exe
      C:\Program Files\McAfee\Common Framework\McTray.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
      C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\NetWaiting\netWaiting.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=be&l=nl&s=gen
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=be&l=nl&s=gen
      R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=nl&client=dell-row&channel=be&ibd=3061120
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.be/ig/dell?hl=nl&client=dell-row&channel=be&ibd=3061120
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
      O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
      O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
      O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
      O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
      O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
      O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
      O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
      O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
      O4 - Global Startup: Digital Line Detect.lnk = ?
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
      O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
      O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
      O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
      O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
      O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
      O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

      --
      End of file - 12013 bytes

      Comment


      • #4
        Download dit bestand: zoek.exe
        Dubbelklik het, na een tijdje opent er een logje.
        Post de inhoud van dit logje in je volgende bericht

        Comment


        • #5
          hier is de log:

          ======C:\WINDOWS====
          ----a-w 0 2008-04-01 12:29:08 C:\WINDOWS\0.log
          --s-a-w 2,048 2008-04-01 12:28:18 C:\WINDOWS\bootstat.dat
          ----a-w 266,107 2008-03-31 17:03:51 C:\WINDOWS\comsetup.log
          ----a-w 15,746 2008-03-11 20:20:39 C:\WINDOWS\DPINST.LOG
          ----a-w 781,409 2008-03-31 17:03:51 C:\WINDOWS\FaxSetup.log
          ----a-w 28,683 2008-03-31 11:12:35 C:\WINDOWS\ie7Uninst.log
          ----a-w 2,010 2008-03-31 11:42:11 C:\WINDOWS\iereseticons.log
          ----a-w 944,264 2008-03-31 17:03:51 C:\WINDOWS\iis6.log
          ----a-w 1,374 2008-03-31 17:03:43 C:\WINDOWS\imsins.BAK
          ----a-w 1,374 2008-03-31 17:03:51 C:\WINDOWS\imsins.log
          ----a-w 15,986 2008-03-31 17:03:43 C:\WINDOWS\KB938127.log
          ----a-w 16,507 2008-03-31 17:03:51 C:\WINDOWS\KB942840.log
          ----a-w 34,627 2008-03-31 17:03:31 C:\WINDOWS\KB944533.log
          ----a-w 54,273 2008-03-31 17:03:51 C:\WINDOWS\MedCtrOC.log
          ----a-w 4,160 2008-04-01 12:28:53 C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
          ----a-w 39,212 2008-03-31 17:03:51 C:\WINDOWS\msgsocm.log
          ----a-w 258,802 2008-03-31 17:03:50 C:\WINDOWS\msmqinst.log
          ----a-w 32 2008-03-27 23:37:55 C:\WINDOWS\msocreg32.dat
          ----a-w 116 2008-04-01 12:44:19 C:\WINDOWS\NeroDigital.ini
          ----a-w 134,608 2008-03-31 17:03:51 C:\WINDOWS\netfxocm.log
          ----a-w 394 2008-03-11 20:28:00 C:\WINDOWS\nsw.log
          ----a-w 162,668 2008-03-31 17:03:51 C:\WINDOWS\ntdtcsetup.log
          ----a-w 392,936 2008-03-31 17:03:51 C:\WINDOWS\ocgen.log
          ----a-w 48,176 2008-03-31 17:03:51 C:\WINDOWS\ocmsn.log
          ----a-w 15,901 2008-03-29 15:33:43 C:\WINDOWS\Partizan.log
          ----a-w 246 2008-03-12 23:42:38 C:\WINDOWS\PlotFlow.INI
          ----a-w 32,626 2008-03-31 22:12:31 C:\WINDOWS\SchedLgU.Txt
          ----a-w 1,608 2008-03-25 16:00:43 C:\WINDOWS\setupact.log
          ----a-w 722,228 2008-03-31 20:36:41 C:\WINDOWS\setupapi.log
          ----a-w 246 2008-03-31 15:34:28 C:\WINDOWS\system.ini
          ----a-w 38,303 2008-03-31 17:03:51 C:\WINDOWS\tabletoc.log
          --sha-w 5,632 2008-03-31 22:05:08 C:\WINDOWS\Thumbs.db
          ----a-w 362,391 2008-03-31 17:03:51 C:\WINDOWS\tsoc.log
          ----a-w 2,566 2008-03-31 11:37:06 C:\WINDOWS\unins000.dat
          ----a-w 691,545 2008-03-31 11:36:09 C:\WINDOWS\unins000.exe
          ----a-w 113,623 2008-03-31 17:03:13 C:\WINDOWS\updspapi.log
          ----a-w 0 2008-03-24 15:18:15 C:\WINDOWS\vpd.properties
          ----a-w 159 2008-04-01 12:28:51 C:\WINDOWS\wiadebug.log
          ----a-w 48 2008-04-01 12:28:27 C:\WINDOWS\wiaservc.log
          ----a-w 718 2008-03-31 15:34:28 C:\WINDOWS\win.ini
          ----a-w 1,781,306 2008-04-01 12:30:06 C:\WINDOWS\WindowsUpdate.log
          ----a-w 0 2008-03-31 15:14:45 C:\WINDOWS\wininit.ini
          --shatr 2 2008-03-29 14:47:15 C:\WINDOWS\winstart.bat
          ----a-w 115,544 2008-03-25 18:55:10 C:\WINDOWS\wmsetup.log

          Entries: 44 (41)
          Directories: 0 Files: 44
          Bytes: 7,090,204 Blocks: 13,870
          ======C:\WINDOWS\system32=====
          ----a-w 1,909 2008-03-29 14:47:15 C:\WINDOWS\System32\AUTOEXEC.NT
          ----a-w 44,032 2008-03-18 20:17:44 C:\WINDOWS\System32\awtrrpm.dll.vir
          ----a-w 2,845 2008-03-29 14:47:15 C:\WINDOWS\System32\CONFIG.NT
          ----a-w 11,588 2008-03-21 13:02:48 C:\WINDOWS\System32\jsxibvhl.dll
          ------w 88,640 2008-03-19 19:56:42 C:\WINDOWS\System32\koaljqqs.dll_old
          ----a-w 32 2008-03-27 23:37:55 C:\WINDOWS\System32\msvcsv60.dll
          ----a-w 372 2008-03-29 15:34:20 C:\WINDOWS\System32\PARTIZAN.TXT
          ----a-w 65,378 2008-03-30 22:40:14 C:\WINDOWS\System32\perfc009.dat
          ----a-w 85,606 2008-03-30 22:40:14 C:\WINDOWS\System32\perfc013.dat
          ----a-w 410,908 2008-03-30 22:40:14 C:\WINDOWS\System32\perfh009.dat
          ----a-w 476,874 2008-03-30 22:40:14 C:\WINDOWS\System32\perfh013.dat
          ----a-w 1,049,984 2008-03-30 22:40:12 C:\WINDOWS\System32\PerfStringBackup.INI
          ----a-w 230 2008-03-31 11:10:14 C:\WINDOWS\System32\spupdsvc.inf
          --sha-w 294 2008-03-23 22:17:58 C:\WINDOWS\System32\sqqjlaok.ini
          --sh--w 354 2008-03-31 13:12:10 C:\WINDOWS\System32\sqqjlaok.ini2
          --sh--w 1,543,579 2008-03-23 20:42:24 C:\WINDOWS\System32\sqqjlaok.tmp
          ----a-w 4,580 2008-03-25 15:56:34 C:\WINDOWS\System32\tmp.reg
          ----a-w 0 2008-03-25 15:56:34 C:\WINDOWS\System32\tmp.txt
          --sha-w 162,305 2008-03-31 15:15:17 C:\WINDOWS\System32\tvvwa.ini
          --sha-w 162,305 2008-03-31 15:12:57 C:\WINDOWS\System32\tvvwa.ini2
          ----a-w 32 2008-03-27 23:37:55 C:\WINDOWS\System32\w3data.vss
          ----a-w 2,206 2008-04-01 12:29:30 C:\WINDOWS\System32\wpa.dbl

          Entries: 22 (17)
          Directories: 0 Files: 22
          Bytes: 4,114,053 Blocks: 8,046
          =======C:\Program Files=====
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          =======C:=====
          --sha-r 211 2008-03-31 15:34:28 C:\boot.ini
          --sha-w 1,072,103,424 2008-04-01 12:28:16 C:\hiberfil.sys
          --sha-w 1,610,612,736 2008-04-01 12:28:14 C:\pagefile.sys
          ----a-w 3,109 2008-03-25 16:02:07 C:\rapport.txt
          --sha-w 18,432 2008-03-31 22:05:10 C:\Thumbs.db

          Entries: 5 (1)
          Directories: 0 Files: 5
          Bytes: 2,682,737,912 Blocks: 5,239,724
          ======C:\Documents and Settings\Koen\Application Data======
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          ======C:\Temp======
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          ======C:\Documents and Settings\Koen======
          ----a-w 123 2008-03-30 23:20:27 C:\Documents and Settings\Koen\default.pls
          ----a-w 813 2008-03-18 21:54:55 C:\Documents and Settings\Koen\log.txt
          ----a-w 10,747,904 2008-03-31 22:12:51 C:\Documents and Settings\Koen\ntuser.dat
          ---ha-w 32,768 2008-04-01 13:54:56 C:\Documents and Settings\Koen\ntuser.dat.LOG
          --sh--w 288 2008-03-31 22:12:29 C:\Documents and Settings\Koen\ntuser.ini
          --sha-w 13,824 2008-03-31 22:06:40 C:\Documents and Settings\Koen\Thumbs.db

          Entries: 6 (3)
          Directories: 0 Files: 6
          Bytes: 10,795,720 Blocks: 21,087
          =============

          Comment


          • #6
            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            ECHO Deleting files>>log.txt
            FOR %%g in (
            C:\WINDOWS\wininit.ini
            C:\WINDOWS\System32\awtrrpm.dll.vir
            C:\WINDOWS\System32\jsxibvhl.dll
            C:\WINDOWS\System32\koaljqqs.dll_old
            C:\WINDOWS\System32\sqqjlaok.ini
            C:\WINDOWS\System32\sqqjlaok.ini2
            C:\WINDOWS\System32\sqqjlaok.tmp
            C:\WINDOWS\System32\tmp.reg
            C:\WINDOWS\System32\tmp.txt
            C:\WINDOWS\System32\tvvwa.ini
            C:\WINDOWS\System32\tvvwa.ini2) DO (
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            REN %%g *nucia
            IF EXIST %%gnucia (
            ECHO renamed to %%gnucia >>log.txt)
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.


            Dubbelklik op del.bat en post de inhoud van de logfile die opent.
            Last edited by smeenk; 01-04-08, 23:32.

            Comment


            • #7
              Deleting files
              C:\WINDOWS\wininit.ini deleted
              C:\WINDOWS\System32\awtrrpm.dll.vir deleted
              C:\WINDOWS\System32\jsxibvhl.dll deleted
              C:\WINDOWS\System32\koaljqqs.dll_old deleted
              C:\WINDOWS\System32\sqqjlaok.ini deleted
              C:\WINDOWS\System32\sqqjlaok.ini2 deleted
              C:\WINDOWS\System32\sqqjlaok.tmp deleted
              C:\WINDOWS\System32\tmp.reg deleted
              C:\WINDOWS\System32\tmp.txt deleted
              C:\WINDOWS\System32\tvvwa.ini deleted
              C:\WINDOWS\System32\tvvwa.ini2 deleted

              Comment


              • #8
                Je Java software is verouderd.
                Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                • Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
                • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                • Herhaal dit tot alle oudere versies verdwenen zijn.
                • Na het verwijderen van alle oudere versies, herstart je pc.
                • Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                Kijk hier hoe je je systeemherstel moet uitschakelen.
                Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                Vertel of er nog problemen zijn

                Comment


                • #9
                  ok ik denk dat alles dan opgelost is, ik heb als laatste ook nog spybot en adaware een scan laten uitvoeren en die vinden ook niets meer.
                  bedankt voor de hulp

                  Comment


                  • #10
                    Graag gedaan hoor

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X