Mededeling

Collapse
No announcement yet.

Win32:[email protected][Trj]

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Win32:[email protected][Trj]

    Mijn Avast virusscanner zegt steeds dat het Win32:[email protected][Trj] heeft gevonden. Ik zeg dan altijd tegen hem dat hij het in de kluis moet stoppen. Helaas komt de melding steeds terug. Hier is mijn hijackthis log. Ik hoop dat jullie mij kunnen helpen om de virus te verwijderen.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:21, on 2008-05-27
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Beveiliging\Ad-Awarenieuw\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    c:\program files\beveiliging\a-squared\a2service.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Beveiliging\AVG anti spyware\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iZ3D Driver\Win32\iZ3DCService.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Documents and Settings\Robert de Heij\Mijn documenten\Daan\WhatPulse\WhatPulse.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Robert de Heij\Bureaublad\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=3070115
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=3070115
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Documents and Settings\Robert de Heij\Mijn documenten\Daan\Orbitdownloader\orbitcth.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2AA0726C-95B7-4216-AA43-B5BDD524892F} - C:\WINDOWS\system32\ssqRLBTL.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WhatPulse] C:\Documents and Settings\Robert de Heij\Mijn documenten\Daan\WhatPulse\WhatPulse.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol\Alcohol 120\axcmd.exe" /automount
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: BOINC.lnk = C:\Program Files\BOINC\boincmgr.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Download by Orbit - res://C:\Documents and Settings\Robert de Heij\Mijn documenten\Daan\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Documents and Settings\Robert de Heij\Mijn documenten\Daan\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Documents and Settings\Robert de Heij\Mijn documenten\Daan\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Documents and Settings\Robert de Heij\Mijn documenten\Daan\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181084552093
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181084259218
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
    O20 - Winlogon Notify: ssqRLBTL - C:\WINDOWS\SYSTEM32\ssqRLBTL.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\beveiliging\a-squared\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Beveiliging\Ad-Awarenieuw\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Beveiliging\AVG anti spyware\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Roxio\ISO Recorder\ImapiHelper.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: iZ3D Service (Win32) - iZ3D LLC. - C:\Program Files\iZ3D Driver\Win32\iZ3DCService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 13145 bytes

  • #2
    Download VirtumundoBegone (mirror)
    Sla dit op op je bureaublad.

    Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

    Post ook een nieuw logje van Hijackthis

    Comment


    • #3
      VBG:


      [05/27/2008, 15:37:52] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Robert de Heij\Bureaublad\VirtumundoBeGone.exe" )
      [05/27/2008, 15:37:59] - Detected System Information:
      [05/27/2008, 15:37:59] - Windows Version: 5.1.2600, Service Pack 3
      [05/27/2008, 15:37:59] - Current Username: Robert de Heij (Admin)
      [05/27/2008, 15:37:59] - Windows is in NORMAL mode.
      [05/27/2008, 15:37:59] - Searching for Browser Helper Objects:
      [05/27/2008, 15:37:59] - BHO 1: {000123B4-9B42-4900-B3F7-F4B073EFC214} (Octh Class)
      [05/27/2008, 15:37:59] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
      [05/27/2008, 15:37:59] - BHO 3: {2AA0726C-95B7-4216-AA43-B5BDD524892F} ()
      [05/27/2008, 15:37:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/27/2008, 15:37:59] - Checking for HKLM\...\Winlogon\Notify\ssqRLBTL
      [05/27/2008, 15:37:59] - Found: HKLM\...\Winlogon\Notify\ssqRLBTL - This is probably Virtumundo.
      [05/27/2008, 15:37:59] - Assigning {2AA0726C-95B7-4216-AA43-B5BDD524892F} MSEvents Object
      [05/27/2008, 15:37:59] - BHO list has been changed! Starting over...
      [05/27/2008, 15:37:59] - BHO 1: {000123B4-9B42-4900-B3F7-F4B073EFC214} (Octh Class)
      [05/27/2008, 15:37:59] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
      [05/27/2008, 15:37:59] - BHO 3: {2AA0726C-95B7-4216-AA43-B5BDD524892F} (MSEvents Object)
      [05/27/2008, 15:37:59] - ALERT: Found MSEvents Object!
      [05/27/2008, 15:37:59] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
      [05/27/2008, 15:37:59] - BHO 5: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
      [05/27/2008, 15:37:59] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [05/27/2008, 15:37:59] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [05/27/2008, 15:37:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/27/2008, 15:37:59] - No filename found. Continuing.
      [05/27/2008, 15:37:59] - BHO 8: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
      [05/27/2008, 15:37:59] - Finished Searching Browser Helper Objects
      [05/27/2008, 15:37:59] - *** Detected MSEvents Object
      [05/27/2008, 15:37:59] - Trying to remove MSEvents Object...
      [05/27/2008, 15:38:00] - Terminating Process: IEXPLORE.EXE
      [05/27/2008, 15:38:00] - Terminating Process: RUNDLL32.EXE
      [05/27/2008, 15:38:00] - Disabling Automatic Shell Restart
      [05/27/2008, 15:38:00] - Terminating Process: EXPLORER.EXE
      [05/27/2008, 15:38:01] - Suspending the NT Session Manager System Service
      [05/27/2008, 15:38:01] - Terminating Windows NT Logon/Logoff Manager
      [05/27/2008, 15:38:01] - Re-enabling Automatic Shell Restart
      [05/27/2008, 15:38:01] - File to disable: C:\WINDOWS\system32\ssqRLBTL.dll
      [05/27/2008, 15:38:01] - Renaming C:\WINDOWS\system32\ssqRLBTL.dll -> C:\WINDOWS\system32\ssqRLBTL.dll.vir
      [05/27/2008, 15:38:01] - File successfully renamed!
      [05/27/2008, 15:38:01] - Removing HKLM\...\Browser Helper Objects\{2AA0726C-95B7-4216-AA43-B5BDD524892F}
      [05/27/2008, 15:38:01] - Removing HKCR\CLSID\{2AA0726C-95B7-4216-AA43-B5BDD524892F}
      [05/27/2008, 15:38:01] - Adding Kill Bit for ActiveX for GUID: {2AA0726C-95B7-4216-AA43-B5BDD524892F}
      [05/27/2008, 15:38:01] - Deleting ATLEvents/MSEvents Registry entries
      [05/27/2008, 15:38:01] - Removing HKLM\...\Winlogon\Notify\ssqRLBTL
      [05/27/2008, 15:38:01] - Searching for Browser Helper Objects:
      [05/27/2008, 15:38:01] - BHO 1: {000123B4-9B42-4900-B3F7-F4B073EFC214} (Octh Class)
      [05/27/2008, 15:38:01] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
      [05/27/2008, 15:38:01] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
      [05/27/2008, 15:38:01] - BHO 4: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
      [05/27/2008, 15:38:01] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [05/27/2008, 15:38:01] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [05/27/2008, 15:38:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/27/2008, 15:38:01] - No filename found. Continuing.
      [05/27/2008, 15:38:01] - BHO 7: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
      [05/27/2008, 15:38:01] - Finished Searching Browser Helper Objects
      [05/27/2008, 15:38:01] - Finishing up...
      [05/27/2008, 15:38:01] - A restart is needed.
      [05/27/2008, 15:38:01] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
      [05/27/2008, 15:38:05] - Attempting to Restart via STOP error (Blue Screen!)


      Hijackthis:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 15:43, on 2008-05-27
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Beveiliging\Ad-Awarenieuw\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\beveiliging\a-squared\a2service.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Beveiliging\AVG anti spyware\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\stsystra.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
      C:\Program Files\Dell\Media Experience\DMXLauncher.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      C:\Program Files\iZ3D Driver\Win32\iZ3DCService.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\CDBurnerXP\NMSAccessU.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\tcpsvcs.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\taskswitch.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Viewpoint\Common\ViewpointService.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Documents and Settings\Robert de Heij\Mijn documenten\Daan\WhatPulse\WhatPulse.exe
      C:\WINDOWS\ehome\McrdSvc.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\Robert de Heij\Bureaublad\HiJackThis.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=3070115
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=3070115
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
      O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Documents and Settings\Robert de Heij\Mijn documenten\Daan\Orbitdownloader\orbitcth.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
      O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
      O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
      O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
      O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
      O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
      O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [WhatPulse] C:\Documents and Settings\Robert de Heij\Mijn documenten\Daan\WhatPulse\WhatPulse.exe
      O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol\Alcohol 120\axcmd.exe" /automount
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: BOINC.lnk = C:\Program Files\BOINC\boincmgr.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O8 - Extra context menu item: &Download by Orbit - res://C:\Documents and Settings\Robert de Heij\Mijn documenten\Daan\Orbitdownloader\orbitmxt.dll/201
      O8 - Extra context menu item: &Grab video by Orbit - res://C:\Documents and Settings\Robert de Heij\Mijn documenten\Daan\Orbitdownloader\orbitmxt.dll/204
      O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Documents and Settings\Robert de Heij\Mijn documenten\Daan\Orbitdownloader\orbitmxt.dll/203
      O8 - Extra context menu item: Down&load all by Orbit - res://C:\Documents and Settings\Robert de Heij\Mijn documenten\Daan\Orbitdownloader\orbitmxt.dll/202
      O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
      O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
      O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
      O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181084552093
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181084259218
      O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\beveiliging\a-squared\a2service.exe
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Beveiliging\Ad-Awarenieuw\aawservice.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Beveiliging\AVG anti spyware\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Roxio\ISO Recorder\ImapiHelper.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: iZ3D Service (Win32) - iZ3D LLC. - C:\Program Files\iZ3D Driver\Win32\iZ3DCService.exe
      O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
      O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

      --
      End of file - 13330 bytes

      Comment


      • #4
        Download dit bestand: zoek.exe
        Dubbelklik het, na een tijdje opent er een logje.
        Post de inhoud van dit logje in je volgende bericht

        Comment


        • #5
          Ik heb het idee dat de virus nu weg is omdat ik geen meldingen meer krijg van Avast!. Maar ik ben niet de expert dus hier is de log:


          ======C:\WINDOWS====
          ----a-w 0 2008-05-27 13:41:14 C:\WINDOWS\0.log
          ----a-w 189 2008-05-17 16:56:30 C:\WINDOWS\BasiliskII.ini
          --s-a-w 2,048 2008-05-27 13:40:33 C:\WINDOWS\bootstat.dat
          ----a-w 1,279 2008-05-07 06:59:24 C:\WINDOWS\cdplayer.ini
          -c--a-w 373 2008-05-07 21:00:42 C:\WINDOWS\cmsetacl.log
          ----a-w 317,574 2008-05-14 16:23:35 C:\WINDOWS\comsetup.log
          ----a-w 333,509 2008-05-21 14:54:16 C:\WINDOWS\DirectX.log
          -c--a-w 11,536 2008-05-12 09:00:26 C:\WINDOWS\DPINST.LOG
          -c--a-w 867 2008-05-07 21:05:57 C:\WINDOWS\DtcInstall.log
          -c--a-w 6,467 2008-05-12 19:17:54 C:\WINDOWS\DvcConn.log
          -c--a-w 5,929 2008-05-14 16:15:48 C:\WINDOWS\DvcSetup.log
          -c--a-w 588,580 2008-05-12 19:17:49 C:\WINDOWS\ehd_msi.log
          ----a-w 58,970 2008-05-14 16:23:36 C:\WINDOWS\ehOCGen.log
          ----a-w 935,354 2008-05-14 16:23:35 C:\WINDOWS\FaxSetup.log
          ----a-w 1,426 2008-05-18 17:14:47 C:\WINDOWS\HFVExplorer.INI
          ----a-w 42,994 2008-05-07 20:35:49 C:\WINDOWS\ie8Uninst.log
          ----a-w 1,219,299 2008-05-14 16:23:35 C:\WINDOWS\iis6.log
          ----a-w 1,355 2008-05-07 21:09:26 C:\WINDOWS\imsins.BAK
          ----a-w 1,917 2008-05-14 16:23:35 C:\WINDOWS\imsins.log
          ----a-w 21,441 2008-05-07 20:42:07 C:\WINDOWS\KB892130.log
          ----a-w 19,856 2008-05-07 21:09:26 C:\WINDOWS\KB947864-IE7.log
          ----a-w 15,193 2008-05-07 20:39:24 C:\WINDOWS\KB948881.log
          ----a-w 156,201 2008-05-14 16:23:36 C:\WINDOWS\MedCtrOC.log
          -c--a-w 3,202 2008-05-08 11:37:37 C:\WINDOWS\mozver.dat
          ----a-w 48,043 2008-05-14 16:23:35 C:\WINDOWS\msgsocm.log
          ----a-w 321,010 2008-05-14 16:23:26 C:\WINDOWS\msmqinst.log
          ----a-w 177,784 2008-05-14 16:23:35 C:\WINDOWS\netfxocm.log
          ----a-w 200,002 2008-05-14 16:23:35 C:\WINDOWS\ntdtcsetup.log
          ----a-w 518,715 2008-05-14 16:23:35 C:\WINDOWS\ocgen.log
          ----a-w 58,129 2008-05-14 16:23:35 C:\WINDOWS\ocmsn.log
          -c--a-w 1,523 2008-05-07 21:04:50 C:\WINDOWS\OEWABLog.txt
          ----a-w 129,145 2008-05-14 16:23:35 C:\WINDOWS\plusoc.log
          ----a-w 32,598 2008-05-27 10:55:37 C:\WINDOWS\SchedLgU.Txt
          -c--a-w 2,998 2008-05-07 21:00:33 C:\WINDOWS\sessmgr.setup.log
          ----a-w 713,649 2008-05-21 14:58:32 C:\WINDOWS\setupapi.log
          ----a-w 9,628 2008-05-07 21:04:05 C:\WINDOWS\setuplog.txt
          -c--a-w 105,493 2008-05-07 21:06:00 C:\WINDOWS\spupdsvc.log
          ----a-w 187 2008-05-07 21:05:43 C:\WINDOWS\spupdsvc.log.1.log
          ----a-w 568,736 2008-05-07 21:01:59 C:\WINDOWS\svcpack.log
          ----a-w 44,368 2008-05-14 16:23:35 C:\WINDOWS\tabletoc.log
          ----a-w 451,931 2008-05-14 16:23:35 C:\WINDOWS\tsoc.log
          ----a-w 305,789 2008-05-07 21:09:18 C:\WINDOWS\updspapi.log
          ----a-w 601 2008-05-20 18:49:15 C:\WINDOWS\wiadebug.log
          ----a-w 49 2008-05-20 18:36:17 C:\WINDOWS\wiaservc.log
          ----a-w 1,335,444 2008-05-27 13:40:52 C:\WINDOWS\WindowsUpdate.log
          ----a-w 57,364 2008-05-19 07:52:07 C:\WINDOWS\wmsetup.log

          Entries: 46 (45)
          Directories: 0 Files: 46
          Bytes: 8,828,745 Blocks: 17,264
          ======C:\WINDOWS\system32=====
          ----a-w 1,152,888 2008-05-15 23:24:43 C:\WINDOWS\System32\aswBoot.exe
          ----a-w 95,608 2008-05-15 23:12:36 C:\WINDOWS\System32\AVASTSS.scr
          ----a-w 107,888 2008-04-22 10:47:28 C:\WINDOWS\System32\CmdLineExt.dll
          ----a-w 2,894 2008-05-20 10:13:37 C:\WINDOWS\System32\CONFIG.NT
          ----a-w 55,296 2008-05-21 14:58:29 C:\WINDOWS\System32\disable.exe
          ----a-w 117 2008-05-21 14:58:29 C:\WINDOWS\System32\disabledvd.vbs
          ----a-w 1,488,872 2008-05-14 17:55:13 C:\WINDOWS\System32\FNTCACHE.DAT
          ----a-w 5,758 2008-04-17 16:01:58 C:\WINDOWS\System32\jupdate-1.6.0_04-b12.log
          ----a-w 16,863,864 2008-05-09 21:35:04 C:\WINDOWS\System32\MRT.exe
          ----a-w 88,556 2008-05-27 13:40:50 C:\WINDOWS\System32\nvapps.xml
          ----a-w 64,200 2008-05-07 21:08:22 C:\WINDOWS\System32\perfc009.dat
          ----a-w 84,158 2008-05-07 21:08:22 C:\WINDOWS\System32\perfc013.dat
          ----a-w 407,670 2008-05-07 21:08:22 C:\WINDOWS\System32\perfh009.dat
          ----a-w 473,350 2008-05-07 21:08:22 C:\WINDOWS\System32\perfh013.dat
          ----a-w 1,041,902 2008-05-07 21:08:22 C:\WINDOWS\System32\PerfStringBackup.INI
          ----a-w 90 2008-05-07 21:05:43 C:\WINDOWS\System32\spupdwxp.log
          ----a-w 57,344 2008-05-26 17:26:00 C:\WINDOWS\System32\ssqPjHxu.dll
          ----a-w 57,344 2008-05-26 17:25:37 C:\WINDOWS\System32\ssqRLBTL.dll.vir
          ----a-w 2,206 2008-05-27 13:41:38 C:\WINDOWS\System32\wpa.dbl
          ----a-w 57,344 2008-05-26 17:26:38 C:\WINDOWS\System32\yaywvtSj.dll

          Entries: 20 (20)
          Directories: 0 Files: 20
          Bytes: 22,107,349 Blocks: 43,186
          ======C:\WINDOWS\system32\drivers=====
          ----a-w 26,944 2008-05-15 23:13:26 C:\WINDOWS\System32\drivers\aavmker4.sys
          ----a-w 20,560 2008-05-15 23:16:06 C:\WINDOWS\System32\drivers\aswFsBlk.sys
          ----a-w 94,416 2008-05-15 23:18:33 C:\WINDOWS\System32\drivers\aswmon2.sys
          ----a-w 23,152 2008-05-15 23:15:29 C:\WINDOWS\System32\drivers\aswRdr.sys
          ----a-w 78,416 2008-05-15 23:20:32 C:\WINDOWS\System32\drivers\aswSP.sys
          ----a-w 42,912 2008-05-15 23:14:11 C:\WINDOWS\System32\drivers\aswTdi.sys
          ----a-w 717,296 2008-05-21 15:26:21 C:\WINDOWS\System32\drivers\sptd.sys

          Entries: 7 (7)
          Directories: 0 Files: 7
          Bytes: 1,003,696 Blocks: 1,964
          =======C:\Program Files=====
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          =======C:=====
          ----a-w 31,457,280 2008-05-18 17:13:18 C:\disc.dsk
          ----a-w 10,485,760 2008-05-18 17:14:41 C:\gamedik.dsk
          ----a-w 25,165,824 2008-05-12 16:25:06 C:\hfs24M.DSK
          --sha-w 2,145,304,576 2008-05-27 13:40:31 C:\hiberfil.sys
          ----a-w 209,715,200 2008-05-23 10:46:37 C:\mydisk.dsk
          --sha-r 251,712 2008-05-07 20:57:01 C:\ntldr
          --sha-w 2,145,386,496 2008-05-27 13:40:23 C:\pagefile.sys
          ----a-w 524,288,000 2008-05-11 17:35:16 C:\system7.hfv

          Entries: 8 (5)
          Directories: 0 Files: 8
          Bytes: 5,092,054,848 Blocks: 9,945,420
          ======C:\Documents and Settings\Robert de Heij\Application Data======
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          ======C:\Temp======
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          ======C:\Documents and Settings\Robert de Heij======
          ----a-w 151,068 2008-05-22 20:10:29 C:\Documents and Settings\Robert de Heij\.recently-used.xbel
          ---ha-w 10,485,760 2008-05-27 13:38:05 C:\Documents and Settings\Robert de Heij\NTUSER.DAT
          ---ha-w 28,672 2008-05-27 14:19:06 C:\Documents and Settings\Robert de Heij\ntuser.dat.LOG
          --sh--w 188 2008-05-27 10:55:35 C:\Documents and Settings\Robert de Heij\ntuser.ini

          Entries: 4 (1)
          Directories: 0 Files: 4
          Bytes: 10,665,688 Blocks: 20,833
          ======C:\WINDOWS\Downloaded Program Files====
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          =============

          Comment


          • #6
            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            ECHO Deleting files>>log.txt
            FOR %%g in (
            C:\WINDOWS\System32\ssqPjHxu.dll
            C:\WINDOWS\System32\ssqRLBTL.dll.vir
            C:\WINDOWS\System32\yaywvtSj.dll) DO (
            DEL /Q %%gNUCIA
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            REN %%g *NUCIA
            IF EXIST %%gNUCIA (
            ECHO renamed to %%gNUCIA>>log.txt)
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.

            Dubbelklik op del.bat en post de inhoud van de logfile die opent.

            Comment


            • #7
              Dit is de log:

              Deleting files
              C:\WINDOWS\System32\ssqPjHxu.dll deleted
              C:\WINDOWS\System32\ssqRLBTL.dll.vir deleted
              C:\WINDOWS\System32\yaywvtSj.dll deleted

              Comment


              • #8
                Doe dit nog:

                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                Kijk hier hoe je je systeemherstel moet uitschakelen.
                Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                Dan denk ik dat alles weer OK is.

                Groeten smeenk

                Comment


                • #9
                  Heel erg bedankt voor de hulp!

                  Comment


                  • #10
                    Graag gedaan hoor

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X