Mededeling

Collapse
No announcement yet.

Allerlei Trojan.

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Allerlei Trojan.

    Hallo,

    Ik heb een aantal virussen blijkbaar en ik weet niet hoe ik ervanaf moet komen. Ik heb twee dagen geleden de computer laten scannen door Hitman Pro, omdat Internet heel traag was.
    Ik stuitte op een aantal virussen die ik met spydokter heb kunnen verwijderen... Althans dat dacht ik. Mijn moeder heeft vandaag de computer gesant en er blijken nog meer trojan's gevonden te zijn.
    Daarbij krijgen wij de hele tijd popups. Niet van het programma CID, daar had ik al naar gekeken. Kunnen jullie ons misschien helpen?

    Mitsie007


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:20:29, on 21-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/webhp?hl=nl&tab=iw
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [winsock32] C:\WINDOWS\system32:winsock32.exe
    O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
    O4 - HKLM\..\Run: [BM6f939ac7] Rundll32.exe "C:\WINDOWS\system32\khmexkds.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201687544888
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201687626076
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
    O20 - Winlogon Notify: fccdaxWN - fccdaxWN.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)

    --
    End of file - 5415 bytes

  • #2
    Hallo,


    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    O4 - HKLM\..\Run: [winsock32] C:\WINDOWS\system32:winsock32.exe
    O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
    O4 - HKLM\..\Run: [BM6f939ac7] Rundll32.exe "C:\WINDOWS\system32\khmexkds.dll",s
    O20 - Winlogon Notify: fccdaxWN - fccdaxWN.dll (file missing)


    Klik daarna op "Fix checked" en sluit HijackThis af.


    Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
    Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Comment


    • #3
      ik kom niet verder... ik heb dat van hijackthis gedaan... ik ben nu bij bleepingcomputer, maar hij komt niet verder dan:

      <area shape="rect" title="Computer Help and Spyware Removal" alt="Computer Help and Spyware Removal" coords="0,0,65,106" href="ht

      Daar blijft het bij...

      is er een andere manier om dit programma te dowloaden?

      Comment


      • #4
        De link is bereikbaar hoor.

        Comment


        • #5
          ja klopt, maar hij ded het bij mij echt net.. Ik heb mijn virusbeschermer verwijderd en toen deed hij het wel.. hij is nu bezig met het progamma op mijn andere computer. Het duurt heel lang, maar hij doet het wel.

          straks vervolg....

          Comment


          • #6
            oke.. eindelijk daar ben ik weer...

            Na een drukke periode op school heb ik tijd gevonden om dit goed te doen. Ik heb het twee keer geprobeerd, maar de computer liep steeds weer vast. Vervolgens op veilige modus gestart en voila!!! Hij deed het

            de scan en daarna een nieuwe hijackthis logje:

            ComboFix 08-04-20.5 - Myrthe 2008-04-24 21:50:53.3 - NTFSx86 MINIMAL
            Gestart vanuit: C:\Documents and Settings\Myrthe\Bureaublad\ComboFix.exe

            WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
            .

            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            C:\WINDOWS\system32\AKQAdcdd.ini2
            C:\WINDOWS\system32\drfqtkfy.ini
            C:\WINDOWS\system32\fccdaxWN.dll
            C:\WINDOWS\system32\hgGyxWpQ.dll
            C:\WINDOWS\system32\ijRXayay.ini
            C:\WINDOWS\system32\ijRXayay.ini2
            C:\WINDOWS\system32\jkkIxuRk.dll
            C:\WINDOWS\system32\kynydmll.dll
            C:\WINDOWS\system32\qoMeEXNg.dll
            C:\WINDOWS\system32\tnlxomor.dll
            C:\WINDOWS\system32\yayaXRji.dll
            C:\WINDOWS\system32\yfktqfrd.dll
            .
            ---- Previous Run -------
            .
            C:\WINDOWS\cookies.ini
            C:\WINDOWS\pskt.ini
            C:\WINDOWS\system32\mcrh.tmp

            .
            (((((((((((((((((((( Bestanden Gemaakt van 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))
            .

            2008-04-22 18:09 . 2008-04-22 18:09 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
            2008-04-22 17:16 . 2008-04-22 17:16 <DIR> dr-h----- C:\Documents and Settings\Reinier en Jennie\Onlangs geopend
            2008-04-22 17:15 . 2008-04-22 17:16 <DIR> dr-h----- C:\Documents and Settings\Esther\Onlangs geopend
            2008-04-22 17:11 . 2008-04-22 17:11 <DIR> d-------- C:\WINDOWS\system32\LogFiles
            2008-04-22 17:11 . 2008-04-22 17:11 <DIR> d-------- C:\Program Files\CCleaner
            2008-04-22 17:11 . 2008-04-23 06:50 <DIR> dr-h----- C:\Documents and Settings\Myrthe\Onlangs geopend
            2008-04-21 12:46 . 2008-04-22 17:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
            2008-04-21 11:33 . 2008-04-21 11:35 1,541,493 ---hs---- C:\WINDOWS\system32\vfiesytd.ini
            2008-04-21 09:05 . 2008-04-21 09:05 <DIR> d-------- C:\Documents and Settings\Reinier en Jennie\Application Data\Lavasoft
            2008-04-21 08:35 . 2008-04-21 08:35 <DIR> d-------- C:\Temp\Tmp___1834
            2008-04-20 08:29 . 2008-04-23 20:18 109,738 --a------ C:\WINDOWS\BM6f939ac7.xml
            2008-04-19 20:16 . 2008-04-22 17:12 <DIR> d-------- C:\30b2fb9497591de7b2
            2008-04-19 20:15 . 2008-04-22 17:13 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
            2008-04-19 15:03 . 2008-04-19 15:03 37,888 --a------ C:\WINDOWS\system32\fccdaxWN.dll__DELETE_ON_REBOOT
            2008-04-16 13:43 . 2008-04-16 13:43 <DIR> d-------- C:\Program Files\Samsung
            2008-04-16 11:50 . 2008-04-22 17:16 <DIR> d-------- C:\Program Files\Hitman Pro
            2008-04-16 10:01 . 2008-04-16 10:01 <DIR> d-------- C:\Program Files\uTorrent
            2008-04-16 10:01 . 2008-04-22 17:11 <DIR> d-------- C:\Documents and Settings\Myrthe\Application Data\uTorrent
            2008-04-12 22:14 . 2008-04-12 22:14 <DIR> d-------- C:\Documents and Settings\Reinier en Jennie\Application Data\dvdcss
            2008-04-10 22:45 . 2006-01-26 13:21 34,686 --a------ C:\WINDOWS\system32\drivers\Capt905c.sys
            2008-04-10 22:45 . 2006-01-26 13:21 24,569 --a------ C:\WINDOWS\system32\drivers\Camd905c.sys
            2008-04-06 21:55 . 2008-04-06 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
            2008-04-06 21:50 . 2008-04-06 21:52 <DIR> d-------- C:\Program Files\Big City Adventure Sydney Australia
            2008-04-06 21:49 . 2008-04-06 21:49 <DIR> d-------- C:\Program Files\ReflexiveArcade
            2008-04-05 20:17 . 2008-04-05 20:17 <DIR> d-------- C:\Team17
            2008-04-05 13:34 . 2008-04-05 13:34 <DIR> d-------- C:\Documents and Settings\Myrthe\Application Data\DAEMON Tools
            2008-04-03 12:07 . 2008-04-03 12:07 268 --ah----- C:\sqmdata05.sqm
            2008-04-03 12:07 . 2008-04-03 12:07 244 --ah----- C:\sqmnoopt05.sqm
            2008-03-29 23:50 . 2008-03-29 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
            2008-03-29 21:01 . 2008-03-29 23:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
            2008-03-28 21:24 . 2008-03-28 21:24 <DIR> d-------- C:\Documents and Settings\Myrthe\Application Data\dvdcss
            2008-03-28 18:14 . 2008-03-28 18:14 <DIR> d-------- C:\Documents and Settings\Myrthe\Application Data\PlayFirst
            2008-03-25 19:46 . 2008-03-03 15:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
            2008-03-24 12:14 . 2008-04-19 22:25 <DIR> d-------- C:\Documents and Settings\Myrthe\Application Data\LimeWire
            2008-03-24 11:57 . 2008-03-24 11:57 <DIR> d-------- C:\Program Files\Trend Micro

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2008-04-24 12:55 --------- d-----w C:\Documents and Settings\Reinier en Jennie\Application Data\uTorrent
            2008-04-22 15:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
            2008-04-22 15:14 --------- d-----w C:\Program Files\Lavasoft
            2008-04-22 15:14 --------- d-----w C:\Documents and Settings\Myrthe\Application Data\Lavasoft
            2008-04-21 13:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
            2008-04-16 18:09 --------- d-----w C:\Documents and Settings\Myrthe\Application Data\Vso
            2008-04-16 11:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
            2008-04-15 10:11 --------- d-----w C:\Program Files\Common Files\InstallShield
            2008-04-14 21:35 --------- d-----w C:\Documents and Settings\Esther\Application Data\LimeWire
            2008-04-11 07:01 --------- d-----w C:\Program Files\The Nightshift Code
            2008-04-11 07:01 --------- d-----w C:\Program Files\Mystery Case Files Madame Fate
            2008-04-11 07:01 --------- d-----w C:\Program Files\Cate West The Vanishing Files
            2008-04-09 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
            2008-04-05 11:34 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
            2008-03-25 18:07 --------- d-----w C:\Program Files\ESET
            2008-03-24 10:32 --------- d-----w C:\Program Files\Opera
            2008-03-22 11:13 --------- d-----w C:\Documents and Settings\Reinier en Jennie\Application Data\LimeWire
            2008-03-22 09:45 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Webroot
            2008-03-21 18:03 --------- d-----w C:\Program Files\EA GAMES
            2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
            2008-03-15 11:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
            2008-03-06 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Drive four meta program
            2008-03-05 17:58 --------- d-----w C:\Documents and Settings\Esther\Application Data\readme way live
            2008-03-04 11:09 --------- d-----w C:\Program Files\LimeWire
            2008-03-03 14:45 --------- d-----w C:\Program Files\Common Files\SWF Studio
            2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
            2008-02-26 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
            2008-02-25 09:14 --------- d-----w C:\Program Files\SubSync
            2008-02-25 09:13 249,856 ------w C:\WINDOWS\Setup1.exe
            2008-02-24 11:42 --------- d-----w C:\Documents and Settings\Esther\Application Data\ESET
            2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
            2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
            2008-02-17 08:54 164 ----a-w C:\install.dat
            2008-02-16 13:08 3,414,150 ----a-w C:\WINDOWS\system32\exec1.exe
            2008-02-02 20:29 155,995 ----a-w C:\WINDOWS\java\Packages\NXV3FB7N.ZIP
            2008-02-02 16:30 73,216 ------w C:\WINDOWS\ST6UNST.EXE
            .

            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]
            "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "SoundMan"="SOUNDMAN.EXE" [2002-08-15 12:46 46592 C:\WINDOWS\SOUNDMAN.EXE]
            "winsock32"="C:\WINDOWS\system32:winsock32.exe" [ ]
            "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
            "BM6f939ac7"="C:\WINDOWS\system32\khmexkds.dll" [ ]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdaxWN]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
            "msacm.ac3acm"= ac3acm.acm

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^hp psc 1000 series.lnk]
            path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\hp psc 1000 series.lnk
            backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^hpoddt01.exe.lnk]
            path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\hpoddt01.exe.lnk
            backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
            --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
            --a------ 2007-09-20 16:35 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative info]
            C:\DOCUME~1\Myrthe\APPLIC~1\README~1\atom heart.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
            --a------ 2004-08-04 10:03 15360 C:\WINDOWS\system32\ctfmon.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
            --a------ 2006-06-26 10:46 497200 C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
            --a------ 2006-06-26 11:34 614960 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
            --a------ 2006-06-26 11:33 243248 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\meta program mapi mags]
            C:\Documents and Settings\All Users\Application Data\Drive four meta program\FIND FIRST.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update Machine]


            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
            --a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
            --a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
            --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Updater]
            --------- 2007-11-24 15:08 1478612 C:\WINDOWS\system32\updater\explorer.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
            --a------ 2008-04-16 10:01 219952 C:\Program Files\uTorrent\uTorrent.exe

            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
            "C:\\Program Files\\uTorrent\\uTorrent.exe"=
            "C:\\Program Files\\LimeWire\\LimeWire.exe"=
            "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
            "C:\\WINDOWS\\system32\\ftp.exe"=

            R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
            R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-07-29 14:14]
            R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-07-29 14:15]
            S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
            S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
            S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
            S4 Windows Services Control;Windows Services Control;c:\windows\system32\drivers\services.exe


            [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0DA3B9B7-3DB5-97A1-DA31-969D6950BB42}]
            C:\WINDOWS\system32:winsock32.exe
            .
            Inhoud van de 'Gedeelde Taken' map
            "2008-04-18 22:00:00 C:\WINDOWS\Tasks\At1.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-04-21 07:00:08 C:\WINDOWS\Tasks\At10.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-04-21 08:00:05 C:\WINDOWS\Tasks\At11.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-04-24 09:00:03 C:\WINDOWS\Tasks\At12.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-04-22 10:00:01 C:\WINDOWS\Tasks\At13.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-04-21 11:00:00 C:\WINDOWS\Tasks\At14.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-04-21 12:00:03 C:\WINDOWS\Tasks\At15.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-04-21 13:00:00 C:\WINDOWS\Tasks\At16.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-04-19 14:00:02 C:\WINDOWS\Tasks\At17.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-04-22 15:00:00 C:\WINDOWS\Tasks\At18.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-04-22 16:00:00 C:\WINDOWS\Tasks\At19.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-04-18 23:00:00 C:\WINDOWS\Tasks\At2.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-04-22 17:01:22 C:\WINDOWS\Tasks\At20.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-04-23 18:00:05 C:\WINDOWS\Tasks\At21.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-04-24 19:00:00 C:\WINDOWS\Tasks\At22.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-04-24 20:00:00 C:\WINDOWS\Tasks\At23.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-04-19 21:00:00 C:\WINDOWS\Tasks\At24.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-04-18 22:00:00 C:\WINDOWS\Tasks\At25.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-04-18 23:00:00 C:\WINDOWS\Tasks\At26.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-03-29 01:00:00 C:\WINDOWS\Tasks\At27.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-01-30 12:00:37 C:\WINDOWS\Tasks\At28.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-01-30 12:00:37 C:\WINDOWS\Tasks\At29.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-03-29 01:00:00 C:\WINDOWS\Tasks\At3.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-01-30 12:00:37 C:\WINDOWS\Tasks\At30.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-01-30 12:00:37 C:\WINDOWS\Tasks\At31.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-04-23 05:00:00 C:\WINDOWS\Tasks\At32.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-04-21 06:00:00 C:\WINDOWS\Tasks\At33.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-04-21 07:00:11 C:\WINDOWS\Tasks\At34.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-04-21 08:00:08 C:\WINDOWS\Tasks\At35.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-04-24 09:00:04 C:\WINDOWS\Tasks\At36.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-04-22 10:00:01 C:\WINDOWS\Tasks\At37.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-04-21 11:00:00 C:\WINDOWS\Tasks\At38.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-04-21 12:00:04 C:\WINDOWS\Tasks\At39.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-01-30 11:25:26 C:\WINDOWS\Tasks\At4.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-04-21 13:00:00 C:\WINDOWS\Tasks\At40.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-04-19 14:00:03 C:\WINDOWS\Tasks\At41.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-04-22 15:00:00 C:\WINDOWS\Tasks\At42.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-04-22 16:00:00 C:\WINDOWS\Tasks\At43.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-04-22 17:01:51 C:\WINDOWS\Tasks\At44.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-04-23 18:00:06 C:\WINDOWS\Tasks\At45.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-04-24 19:00:00 C:\WINDOWS\Tasks\At46.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-04-24 20:00:00 C:\WINDOWS\Tasks\At47.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-04-19 21:00:00 C:\WINDOWS\Tasks\At48.job"
            - C:\WINDOWS\system32\6D2AN36H.exe
            "2008-01-30 11:25:26 C:\WINDOWS\Tasks\At5.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-01-30 11:25:26 C:\WINDOWS\Tasks\At6.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-01-30 11:25:26 C:\WINDOWS\Tasks\At7.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-04-23 05:00:00 C:\WINDOWS\Tasks\At8.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-04-21 06:00:00 C:\WINDOWS\Tasks\At9.job"
            - C:\WINDOWS\System32\B6w4SVRt.exe
            "2008-04-19 20:17:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1201641402.job"
            - D:\Digital Imaging\Bin\hpqfrucl.exe4-I
            .
            **************************************************************************

            catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2008-04-24 21:56:32
            Windows 5.1.2600 Service Pack 2 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            ------------------------ Other Running Processes ------------------------
            .
            C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
            C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
            .
            **************************************************************************
            .
            Voltooingstijd: 2008-04-24 22:00:35 - machine was rebooted [Myrthe]
            ComboFix-quarantined-files.txt 2008-04-24 20:00:28

            Pre-Run: 87,949,139,968 bytes beschikbaar
            Post-Run: 87,929,176,064 bytes beschikbaar

            291 --- E O F --- 2008-04-23 04:52:26




            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 22:05:12, on 24-4-2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16640)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
            C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
            C:\WINDOWS\SOUNDMAN.EXE
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\WINDOWS\explorer.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Program Files\MSN Messenger\msnmsgr.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/webhp?hl=nl&tab=iw
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
            O4 - HKLM\..\Run: [winsock32] C:\WINDOWS\system32:winsock32.exe
            O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
            O4 - HKLM\..\Run: [BM6f939ac7] Rundll32.exe "C:\WINDOWS\system32\khmexkds.dll",s
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201687544888
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201687626076
            O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
            O20 - Winlogon Notify: fccdaxWN - C:\WINDOWS\
            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
            O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
            O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
            O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
            O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
            O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
            O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)

            --
            End of file - 5071 bytes

            Comment


            • #7
              Sluit alle open vensters.
              Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

              O4 - HKLM\..\Run: [winsock32] C:\WINDOWS\system32:winsock32.exe
              O4 - HKLM\..\Run: [BM6f939ac7] Rundll32.exe "C:\WINDOWS\system32\khmexkds.dll",s
              O20 - Winlogon Notify: fccdaxWN - C:\WINDOWS\


              Klik daarna op "Fix checked" en sluit HijackThis af.

              Open een kladblokbestand.
              Kopieer onderstaande code in dit kladblokbestand.
              Ga naar Bestand - Opslaan als.
              Bij "Opslaan in" kies je: Bureaublad
              Bij "Bestandsnaam" zet je: fix.bat
              Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
              Klik op de knop Opslaan.
              Code:
              SC DELETE "Windows Services Control" 
              DEL C:\WINDOWS\Tasks\At*.job
              Dubbelklik op fix.bat.

              Herstart de computer.
              Maak een nieuwe log met Combofix en post deze.
              Post ook een nieuwe hijackthislog.

              Comment


              • #8
                goed.. ik heb het gedaan...

                Weer eerst het logje van combofix en dan Hijackthis

                ComboFix 08-04-20.5 - Myrthe 2008-04-24 22:31:19.4 - NTFSx86 MINIMAL
                Gestart vanuit: C:\Documents and Settings\Myrthe\Bureaublad\ComboFix.exe

                WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
                .

                (((((((((((((((((((( Bestanden Gemaakt van 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))
                .

                2008-04-22 18:09 . 2008-04-22 18:09 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
                2008-04-22 17:16 . 2008-04-22 17:16 <DIR> dr-h----- C:\Documents and Settings\Reinier en Jennie\Onlangs geopend
                2008-04-22 17:15 . 2008-04-22 17:16 <DIR> dr-h----- C:\Documents and Settings\Esther\Onlangs geopend
                2008-04-22 17:11 . 2008-04-22 17:11 <DIR> d-------- C:\WINDOWS\system32\LogFiles
                2008-04-22 17:11 . 2008-04-22 17:11 <DIR> d-------- C:\Program Files\CCleaner
                2008-04-22 17:11 . 2008-04-23 06:50 <DIR> dr-h----- C:\Documents and Settings\Myrthe\Onlangs geopend
                2008-04-21 12:46 . 2008-04-22 17:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
                2008-04-21 11:33 . 2008-04-21 11:35 1,541,493 ---hs---- C:\WINDOWS\system32\vfiesytd.ini
                2008-04-21 09:05 . 2008-04-21 09:05 <DIR> d-------- C:\Documents and Settings\Reinier en Jennie\Application Data\Lavasoft
                2008-04-21 08:35 . 2008-04-21 08:35 <DIR> d-------- C:\Temp\Tmp___1834
                2008-04-20 08:29 . 2008-04-23 20:18 109,738 --a------ C:\WINDOWS\BM6f939ac7.xml
                2008-04-19 20:16 . 2008-04-22 17:12 <DIR> d-------- C:\30b2fb9497591de7b2
                2008-04-19 20:15 . 2008-04-22 17:13 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
                2008-04-19 15:03 . 2008-04-19 15:03 37,888 --a------ C:\WINDOWS\system32\fccdaxWN.dll__DELETE_ON_REBOOT
                2008-04-16 13:43 . 2008-04-16 13:43 <DIR> d-------- C:\Program Files\Samsung
                2008-04-16 11:50 . 2008-04-22 17:16 <DIR> d-------- C:\Program Files\Hitman Pro
                2008-04-16 10:01 . 2008-04-16 10:01 <DIR> d-------- C:\Program Files\uTorrent
                2008-04-16 10:01 . 2008-04-22 17:11 <DIR> d-------- C:\Documents and Settings\Myrthe\Application Data\uTorrent
                2008-04-12 22:14 . 2008-04-12 22:14 <DIR> d-------- C:\Documents and Settings\Reinier en Jennie\Application Data\dvdcss
                2008-04-10 22:45 . 2006-01-26 13:21 34,686 --a------ C:\WINDOWS\system32\drivers\Capt905c.sys
                2008-04-10 22:45 . 2006-01-26 13:21 24,569 --a------ C:\WINDOWS\system32\drivers\Camd905c.sys
                2008-04-06 21:55 . 2008-04-06 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
                2008-04-06 21:50 . 2008-04-06 21:52 <DIR> d-------- C:\Program Files\Big City Adventure Sydney Australia
                2008-04-06 21:49 . 2008-04-06 21:49 <DIR> d-------- C:\Program Files\ReflexiveArcade
                2008-04-05 20:17 . 2008-04-05 20:17 <DIR> d-------- C:\Team17
                2008-04-05 13:34 . 2008-04-05 13:34 <DIR> d-------- C:\Documents and Settings\Myrthe\Application Data\DAEMON Tools
                2008-04-03 12:07 . 2008-04-03 12:07 268 --ah----- C:\sqmdata05.sqm
                2008-04-03 12:07 . 2008-04-03 12:07 244 --ah----- C:\sqmnoopt05.sqm
                2008-03-29 23:50 . 2008-03-29 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                2008-03-29 21:01 . 2008-03-29 23:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
                2008-03-28 21:24 . 2008-03-28 21:24 <DIR> d-------- C:\Documents and Settings\Myrthe\Application Data\dvdcss
                2008-03-28 18:14 . 2008-03-28 18:14 <DIR> d-------- C:\Documents and Settings\Myrthe\Application Data\PlayFirst
                2008-03-25 19:46 . 2008-03-03 15:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
                2008-03-24 12:14 . 2008-04-19 22:25 <DIR> d-------- C:\Documents and Settings\Myrthe\Application Data\LimeWire
                2008-03-24 11:57 . 2008-03-24 11:57 <DIR> d-------- C:\Program Files\Trend Micro

                .
                ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                2008-04-24 12:55 --------- d-----w C:\Documents and Settings\Reinier en Jennie\Application Data\uTorrent
                2008-04-22 15:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                2008-04-22 15:14 --------- d-----w C:\Program Files\Lavasoft
                2008-04-22 15:14 --------- d-----w C:\Documents and Settings\Myrthe\Application Data\Lavasoft
                2008-04-21 13:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
                2008-04-16 18:09 --------- d-----w C:\Documents and Settings\Myrthe\Application Data\Vso
                2008-04-16 11:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
                2008-04-15 10:11 --------- d-----w C:\Program Files\Common Files\InstallShield
                2008-04-14 21:35 --------- d-----w C:\Documents and Settings\Esther\Application Data\LimeWire
                2008-04-11 07:01 --------- d-----w C:\Program Files\The Nightshift Code
                2008-04-11 07:01 --------- d-----w C:\Program Files\Mystery Case Files Madame Fate
                2008-04-11 07:01 --------- d-----w C:\Program Files\Cate West The Vanishing Files
                2008-04-09 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
                2008-04-05 11:34 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
                2008-03-25 18:07 --------- d-----w C:\Program Files\ESET
                2008-03-24 10:32 --------- d-----w C:\Program Files\Opera
                2008-03-22 11:13 --------- d-----w C:\Documents and Settings\Reinier en Jennie\Application Data\LimeWire
                2008-03-22 09:45 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Webroot
                2008-03-21 18:03 --------- d-----w C:\Program Files\EA GAMES
                2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
                2008-03-15 11:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
                2008-03-06 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Drive four meta program
                2008-03-05 17:58 --------- d-----w C:\Documents and Settings\Esther\Application Data\readme way live
                2008-03-04 11:09 --------- d-----w C:\Program Files\LimeWire
                2008-03-03 14:45 --------- d-----w C:\Program Files\Common Files\SWF Studio
                2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
                2008-02-26 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
                2008-02-25 09:14 --------- d-----w C:\Program Files\SubSync
                2008-02-25 09:13 249,856 ------w C:\WINDOWS\Setup1.exe
                2008-02-24 11:42 --------- d-----w C:\Documents and Settings\Esther\Application Data\ESET
                2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
                2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
                2008-02-17 08:54 164 ----a-w C:\install.dat
                2008-02-16 13:08 3,414,150 ----a-w C:\WINDOWS\system32\exec1.exe
                2008-02-02 20:29 155,995 ----a-w C:\WINDOWS\java\Packages\NXV3FB7N.ZIP
                2008-02-02 16:30 73,216 ------w C:\WINDOWS\ST6UNST.EXE
                .

                ((((((((((((((((((((((((((((( [email protected]_22.00.11.20 )))))))))))))))))))))))))))))))))))))))))
                .
                - 2008-04-24 19:55:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
                + 2008-04-24 20:29:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
                .
                ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                REGEDIT4
                *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]
                "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "SoundMan"="SOUNDMAN.EXE" [2002-08-15 12:46 46592 C:\WINDOWS\SOUNDMAN.EXE]
                "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]

                [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
                "msacm.ac3acm"= ac3acm.acm

                [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^hp psc 1000 series.lnk]
                path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\hp psc 1000 series.lnk
                backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

                [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^hpoddt01.exe.lnk]
                path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\hpoddt01.exe.lnk
                backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
                --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
                --a------ 2007-09-20 16:35 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative info]
                C:\DOCUME~1\Myrthe\APPLIC~1\README~1\atom heart.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
                --a------ 2004-08-04 10:03 15360 C:\WINDOWS\system32\ctfmon.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
                --a------ 2006-06-26 10:46 497200 C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
                --a------ 2006-06-26 11:34 614960 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
                --a------ 2006-06-26 11:33 243248 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\meta program mapi mags]
                C:\Documents and Settings\All Users\Application Data\Drive four meta program\FIND FIRST.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update Machine]


                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
                --a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
                --a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
                --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Updater]
                --------- 2007-11-24 15:08 1478612 C:\WINDOWS\system32\updater\explorer.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
                --a------ 2008-04-16 10:01 219952 C:\Program Files\uTorrent\uTorrent.exe

                [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                "C:\\Program Files\\uTorrent\\uTorrent.exe"=
                "C:\\Program Files\\LimeWire\\LimeWire.exe"=
                "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
                "C:\\WINDOWS\\system32\\ftp.exe"=

                S1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
                S3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-07-29 14:14]
                S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-07-29 14:15]
                S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
                S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
                S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

                *Newly Created Service* - CATCHME

                [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0DA3B9B7-3DB5-97A1-DA31-969D6950BB42}]
                C:\WINDOWS\system32:winsock32.exe
                .
                Inhoud van de 'Gedeelde Taken' map
                "2008-04-24 20:17:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1201641402.job"
                - D:\Digital Imaging\Bin\hpqfrucl.exe4-I
                .
                **************************************************************************

                catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                Rootkit scan 2008-04-24 22:33:28
                Windows 5.1.2600 Service Pack 2 NTFS

                scannen van verborgen processen ...

                scannen van verborgen autostart items ...

                scannen van verborgen bestanden ...

                Scan succesvol afgerond
                verborgen bestanden: 0

                **************************************************************************
                .
                Voltooingstijd: 2008-04-24 22:35:38
                ComboFix-quarantined-files.txt 2008-04-24 20:35:17
                ComboFix2.txt 2008-04-24 20:00:37

                Pre-Run: 88,115,351,552 bytes beschikbaar
                Post-Run: 88,113,074,176 bytes beschikbaar

                169 --- E O F --- 2008-04-23 04:52:26




                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 22:39:15, on 24-4-2008
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                Boot mode: Normal

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\system32\spoolsv.exe
                c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
                C:\WINDOWS\Explorer.EXE
                C:\WINDOWS\SOUNDMAN.EXE
                C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
                C:\WINDOWS\system32\ctfmon.exe
                C:\Program Files\MSN Messenger\msnmsgr.exe
                C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\system32\wuauclt.exe
                C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/webhp?hl=nl&tab=iw
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
                O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
                O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201687544888
                O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201687626076
                O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
                O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
                O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
                O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
                O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
                O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
                O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)

                --
                End of file - 4861 bytes

                Comment


                • #9
                  Deze had ik gemist.

                  Open een kladblokbestand.
                  Kopieer onderstaande code in dit kladblokbestand.
                  Ga naar Bestand - Opslaan als.
                  Bij "Opslaan in" kies je: Bureaublad
                  Bij "Bestandsnaam" zet je: fix.reg
                  Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                  Klik op de knop Opslaan.
                  Code:
                  REGEDIT4
                  
                  [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0DA3B9B7-3DB5-97A1-DA31-969D6950BB42}]
                  Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.

                  Zijn er nog problemen?

                  Comment


                  • #10
                    Bij mijn weten doet hij het nu goed,

                    ik krijg geen virusmeldingen meer, maar ik wacht nog even af...

                    Toch super bedankt!!! echt heel fijn!

                    Myrthe

                    Comment


                    • #11
                      Dan gaan we de restjes opruimen:



                      Open een kladblokbestand.
                      Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.
                      @ECHO OFF
                      IF EXIST log.txt DEL log.txt
                      ECHO Deleting files>>log.txt
                      FOR %%g in (
                      C:\WINDOWS\system32\updater\explorer.exe
                      C:\WINDOWS\system32\vfiesytd.ini) DO (
                      IF EXIST %%g (
                      ATTRIB -r -s -h %%g
                      DEL %%g
                      IF EXIST %%g (
                      ECHO %%g not deleted>>log.txt
                      ) ELSE (
                      ECHO %%g deleted successfully>>log.txt)
                      ) ELSE (
                      ECHO %%g not found>>log.txt))
                      >>log.txt (
                      ECHO.
                      ECHO Deleting folders)
                      FOR %%I in (
                      "C:\Documents and Settings\All Users\Application Data\Drive four meta program"
                      "C:\DOCUME~1\Myrthe\APPLIC~1\README~1") DO (
                      IF EXIST %%I (
                      RD /S /Q %%I
                      IF EXIST %%I (
                      ECHO %%I not deleted>>log.txt
                      ) ELSE (
                      ECHO %%I deleted successfully>>log.txt)
                      ) ELSE (
                      ECHO %%I not found>>log.txt))
                      START NOTEPAD.EXE log.txt

                      Ga naar Bestand - Opslaan als.
                      Bij "Opslaan in" kies je: Bureaublad
                      Bij "Bestandsnaam" zet je: del.bat
                      Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                      Klik op de knop Opslaan.

                      Dubbelklik op del.bat en post de inhoud van de logfile die opent.
                      Open een kladblokbestand.
                      Kopieer onderstaande code in dit kladblokbestand.
                      Ga naar Bestand - Opslaan als.
                      Bij "Opslaan in" kies je: Bureaublad
                      Bij "Bestandsnaam" zet je: fix.reg
                      Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                      Klik op de knop Opslaan.
                      Code:
                      REGEDIT4
                      
                      [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Updater]
                      
                      [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\meta program mapi mags]
                      
                      [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative info]
                      Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.

                      Comment


                      • #12
                        oke dat is gedaan


                        Deleting files
                        C:\WINDOWS\system32\updater\explorer.exe deleted successfully
                        C:\WINDOWS\system32\vfiesytd.ini deleted successfully

                        Deleting folders
                        "C:\Documents and Settings\All Users\Application Data\Drive four meta program" deleted successfully
                        "C:\DOCUME~1\Myrthe\APPLIC~1\README~1" not found

                        Comment


                        • #13
                          Mooi zo.

                          Ga naar Start - Uitvoeren en tik in: ComboFix /u
                          Druk op Enter.

                          Update je virusscanner, en laat de volledige computer nog een keer scannen.
                          Wordt er nog wat gevonden, dan laat je dit verwijderen.

                          Blijken er nog problemen te zijn, dan meld je het maar.

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X