Mededeling

Collapse
No announcement yet.

Groot Probleem

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Groot Probleem

    De problemen zijn: alle desktop snelkoppelingen zijn verdwenen alleen "Deze Computer" en "Mijn Documenten" ook in Deze Computer zijn mijn lokale schijven niet meer weergegeven en kan is de optie programma's in het menu start verdwenen en vervolgens in de taakbalk staat er voor de tijd weergave: " VIRUS ALERT! "

    Had normaal ook geen toegang meer tot Register en opdrachtpromt maar door het vele surfen heb ik hiervoor al een oplossing gevonden

    Heb al Spyware Doctor, SpyHunter3, SuperSpywareRemover, CCCleaner, Registry Cleaner, SDFix.exe, Comon.exe, ... allemaal geprobeerd vinden allemaal Trojans en Adware en als ik die verwijder zijn he maar deel probleempjes zoals Pop-ups en dergelijke die wegvallen maar grote problemen blijven.

    Kan iemand mij helpen??? (zie ook bijgevoegd Hijackthis-log)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:20: VIRUS ALERT!, on 27/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSD.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\CF26656.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Bert Bostyn\Bureaublad\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: QXK Olive - {4EE62603-9BB7-462B-8A8D-E9F4BF11BE49} - C:\WINDOWS\boqnrwdmvdr.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {C127470F-9542-4AFC-94D2-93DFF410F109} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209759861328
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: byXPjkHY - byXPjkHY.dll (file missing)
    O21 - SSODL: vregfwlx - {D1D06113-DF5B-495D-8C96-D6D6962A7BAD} - (no file)
    O21 - SSODL: vltdfabw - {EC1BC473-90E9-466F-98D9-18743E770EAF} - (no file)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 9486 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log

    Comment


    • #3
      --RVAXO.exe Updated: 2008-05-27---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\boqnrwdmvdr.dll
      C:\WINDOWS\etkq.exe
      C:\WINDOWS\xmpstean.exe
      C:\WINDOWS\system32\clkcnt.txt

      Folders Found:

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------

      Comment


      • #4
        ======C:\WINDOWS====
        ----a-w 0 2008-05-27 16:22:46 C:\WINDOWS\0.log
        --s-a-w 2,048 2008-05-27 16:22:32 C:\WINDOWS\bootstat.dat
        ----a-w 0 2008-05-02 17:38:23 C:\WINDOWS\control.ini
        ----a-w 69 2008-05-21 13:33:02 C:\WINDOWS\NeroDigital.ini
        ----a-w 116,152 2008-05-27 16:17:15 C:\WINDOWS\ntbtlog.txt
        ----a-w 395 2008-05-02 20:56:08 C:\WINDOWS\ODBC.INI
        ----a-w 4,205 2008-05-02 17:37:58 C:\WINDOWS\ODBCINST.INI
        ----a-w 8,192 2008-05-02 17:42:08 C:\WINDOWS\REGLOCS.OLD
        ----a-w 16,214 2008-05-27 16:15:09 C:\WINDOWS\SchedLgU.Txt
        ----a-w 5,251,072 2008-05-27 08:32:48 C:\WINDOWS\sectest.db
        ----a-w 1,024,827 2008-05-02 22:15:53 C:\WINDOWS\setupapi.log.0.old
        ----a-w 61 2008-05-02 17:43:03 C:\WINDOWS\smscfg.ini
        ----a-w 227 2008-05-27 08:50:51 C:\WINDOWS\system.ini
        ----a-w 36 2008-05-02 17:34:30 C:\WINDOWS\vb.ini
        ----a-w 37 2008-05-02 17:34:30 C:\WINDOWS\vbaddin.ini
        ----a-w 354 2008-05-10 11:36:26 C:\WINDOWS\win.ini
        ---ha-r 749 2008-05-02 17:36:34 C:\WINDOWS\WindowsShell.Manifest
        ----a-w 1,496,421 2008-05-27 16:22:53 C:\WINDOWS\WindowsUpdate.log
        ----a-w 316,640 2008-05-09 23:12:10 C:\WINDOWS\WMSysPr9.prx

        Entries: 19 (17)
        Directories: 0 Files: 19
        Bytes: 8,237,699 Blocks: 16,097
        ======C:\WINDOWS\system32=====
        ----a-w 333 2008-05-02 17:43:00 C:\WINDOWS\System32\$ncsp$.inf
        ----a-w 68 2008-05-02 17:47:59 C:\WINDOWS\System32\$winnt$.inf
        ----a-w 16,832 2008-05-10 01:07:18 C:\WINDOWS\System32\amcompat.tlb
        ----a-w 2,560 2008-05-02 19:25:51 C:\WINDOWS\System32\bitcometres.dll
        ----a-w 146,650 2008-05-02 18:13:03 C:\WINDOWS\System32\BuzzingBee.wav
        ---ha-r 749 2008-05-02 17:36:34 C:\WINDOWS\System32\cdplayer.exe.manifest
        ----a-w 2,845 2008-05-02 17:38:23 C:\WINDOWS\System32\CONFIG.NT
        ----a-w 21,748 2008-05-02 17:34:44 C:\WINDOWS\System32\emptyregdb.dat
        ----a-w 119,744 2008-05-27 16:16:40 C:\WINDOWS\System32\FNTCACHE.DAT
        ----a-w 0 2008-05-02 19:28:36 C:\WINDOWS\System32\h323log.txt
        ----a-w 5,380 2008-05-02 22:11:48 C:\WINDOWS\System32\jupdate-1.6.0_04-b12.log
        ----a-w 6,300 2008-05-02 23:02:51 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
        ---ha-r 488 2008-05-02 17:36:40 C:\WINDOWS\System32\logonui.exe.manifest
        ----a-w 940,794 2008-05-02 18:13:03 C:\WINDOWS\System32\LoopyMusic.wav
        ----a-w 16,863,864 2008-05-09 21:35:04 C:\WINDOWS\System32\MRT.exe
        ---ha-r 749 2008-05-02 17:36:34 C:\WINDOWS\System32\ncpa.cpl.manifest
        ----a-w 23,392 2008-05-10 01:07:18 C:\WINDOWS\System32\nscompat.tlb
        ---ha-r 749 2008-05-02 17:36:34 C:\WINDOWS\System32\nwc.cpl.manifest
        ----a-w 53,098 2008-05-25 19:31:18 C:\WINDOWS\System32\perfc009.dat
        ----a-w 79,286 2008-05-25 19:31:18 C:\WINDOWS\System32\perfc013.dat
        ----a-w 380,684 2008-05-25 19:31:18 C:\WINDOWS\System32\perfh009.dat
        ----a-w 467,580 2008-05-25 19:31:18 C:\WINDOWS\System32\perfh013.dat
        ----a-w 990,084 2008-05-25 19:31:15 C:\WINDOWS\System32\PerfStringBackup.INI
        ----a-w 308 2008-05-02 18:36:25 C:\WINDOWS\System32\results.txt
        ----a-w 829,140 2008-05-27 16:03:02 C:\WINDOWS\System32\RVAXO.bat
        ---ha-r 749 2008-05-02 17:36:34 C:\WINDOWS\System32\sapi.cpl.manifest
        --sha-w 5,120 2008-05-15 15:25:27 C:\WINDOWS\System32\Thumbs.db
        ----a-w 138,670 2008-05-02 20:43:31 C:\WINDOWS\System32\TZLog.log
        ---ha-r 488 2008-05-02 17:36:40 C:\WINDOWS\System32\WindowsLogon.manifest
        ----a-w 2,206 2008-05-24 12:00:24 C:\WINDOWS\System32\wpa.dbl
        ---ha-r 749 2008-05-02 17:36:34 C:\WINDOWS\System32\wuaucpl.cpl.manifest

        Entries: 31 (23)
        Directories: 0 Files: 31
        Bytes: 21,101,407 Blocks: 41,226
        ======C:\WINDOWS\system32\drivers=====
        ----a-w 21,275 2008-05-02 18:36:21 C:\WINDOWS\System32\drivers\AegisP.sys

        Entries: 1 (1)
        Directories: 0 Files: 1
        Bytes: 21,275 Blocks: 42
        =======C:\Program Files=====
        Entries: 0 (0)
        Directories: 0 Files: 0
        Bytes: 0 Blocks: 0
        =======C:=====
        ----a-w 0 2008-05-02 17:38:23 C:\AUTOEXEC.BAT
        --sha-r 279 2008-05-26 12:35:29 C:\boot.ini
        ----a-w 16,830 2008-05-27 08:52:07 C:\ComboFix.txt
        ----a-w 0 2008-05-02 17:38:23 C:\CONFIG.SYS
        ----a-w 320 2008-05-27 16:21:27 C:\firstrun6.log
        --sha-r 0 2008-05-02 17:38:23 C:\IO.SYS
        --sha-r 0 2008-05-02 17:38:23 C:\MSDOS.SYS
        --sha-w 792,723,456 2008-05-27 16:22:30 C:\pagefile.sys
        ----a-w 455 2008-05-27 16:25:40 C:\RVAXO-results.log
        ----a-w 4,704 2008-05-27 16:25:41 C:\RVAXO-Vfind.log

        Entries: 10 (6)
        Directories: 0 Files: 10
        Bytes: 792,746,044 Blocks: 1,548,334
        ======C:\Documents and Settings\Bert Bostyn\Application Data======
        --sha-w 62 2008-05-02 19:25:46 C:\Documents and Settings\Bert Bostyn\Application Data\desktop.ini
        ----a-w 20,336 2008-05-16 15:11:51 C:\Documents and Settings\Bert Bostyn\Application Data\GDIPFONTCACHEV1.DAT

        Entries: 2 (1)
        Directories: 0 Files: 2
        Bytes: 20,398 Blocks: 41
        ======C:\Documents and Settings\Bert Bostyn======
        ----a-w 42 2008-05-07 20:16:01 C:\Documents and Settings\Bert Bostyn\default.pls
        ---ha-w 3,145,728 2008-05-27 16:21:46 C:\Documents and Settings\Bert Bostyn\NTUSER.DAT
        ---ha-w 49,152 2008-05-27 16:25:38 C:\Documents and Settings\Bert Bostyn\ntuser.dat.LOG
        --sh--w 188 2008-05-27 16:14:55 C:\Documents and Settings\Bert Bostyn\ntuser.ini
        ----a-w 106 2008-05-26 09:11:15 C:\Documents and Settings\Bert Bostyn\scan.log
        ----a-w 368 2008-05-25 14:19:40 C:\Documents and Settings\Bert Bostyn\sh_wi.bak

        Entries: 6 (3)
        Directories: 0 Files: 6
        Bytes: 3,195,584 Blocks: 6,244
        ======C:\WINDOWS\Downloaded Program Files====
        ---ha-w 65 2008-05-02 17:36:40 C:\WINDOWS\Downloaded Program Files\desktop.ini

        Entries: 1 (0)
        Directories: 0 Files: 1
        Bytes: 65 Blocks: 1
        =============






        Dit zijn , alvast bedankt voor de snelle reactie

        Comment


        • #5
          Ik zie op het 1e oog geen foute dingen meer

          Post ook maar even een nieuw logje van Hijackthis en vertel of er nog problemen zijn.

          Comment


          • #6
            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 18:57: VIRUS ALERT!, on 27/05/2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16640)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
            C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
            C:\WINDOWS\eHome\ehRecvr.exe
            C:\WINDOWS\eHome\ehSched.exe
            C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
            C:\Program Files\Common Files\LightScribe\LSSrvc.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
            C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
            C:\WINDOWS\system32\SearchIndexer.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\ehome\ehtray.exe
            C:\WINDOWS\eHome\ehmsas.exe
            C:\WINDOWS\RTHDCPL.EXE
            C:\Program Files\Launch Manager\LaunchAp.exe
            C:\Program Files\Launch Manager\HotkeyApp.exe
            C:\Program Files\Launch Manager\OSD.exe
            C:\Program Files\Launch Manager\Wbutton.exe
            C:\WINDOWS\system32\igfxtray.exe
            C:\WINDOWS\system32\hkcmd.exe
            C:\WINDOWS\system32\igfxpers.exe
            C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
            C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
            C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
            C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
            C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
            C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
            C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
            C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe
            C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
            C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
            C:\Documents and Settings\Bert Bostyn\Bureaublad\HiJackThis.exe

            R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
            R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
            O2 - BHO: QXK Olive - {4EE62603-9BB7-462B-8A8D-E9F4BF11BE49} - C:\WINDOWS\boqnrwdmvdr.dll (file missing)
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O2 - BHO: (no name) - {C127470F-9542-4AFC-94D2-93DFF410F109} - (no file)
            O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
            O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
            O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
            O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
            O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
            O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
            O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
            O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
            O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
            O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
            O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
            O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
            O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
            O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
            O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
            O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
            O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
            O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" /minimized
            O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
            O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
            O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209759861328
            O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
            O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
            O20 - Winlogon Notify: byXPjkHY - byXPjkHY.dll (file missing)
            O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
            O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
            O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
            O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
            O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
            O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
            O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
            O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
            O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

            --
            End of file - 9022 bytes



            Nog altijd voor de tijdnotatie in de taakbalk: VIRUS ALERT! en nog altijd geen programma toegang via startmenu en nog altijd geen Lokale Schijven te zien in Deze Computer-map

            Comment


            • #7
              Start Hijackthis en vink alleen de volgende regels aan:
              R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
              R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
              R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
              O2 - BHO: QXK Olive - {4EE62603-9BB7-462B-8A8D-E9F4BF11BE49} - C:\WINDOWS\boqnrwdmvdr.dll (file missing)
              O2 - BHO: (no name) - {C127470F-9542-4AFC-94D2-93DFF410F109} - (no file)
              O20 - Winlogon Notify: byXPjkHY - byXPjkHY.dll (file missing)

              Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

              Herstart je computer.

              Download Malwarebytes' Anti-Malware via hier of hier.

              Dubbelklik mbam-setup.exe om het programma te installeren.
              • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
              • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
              • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
              • Het scannen kan een tijdje duren, dus wees geduldig.
              • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
              • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
              • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
              • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
              • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.

              Extra opmerking:
              Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

              Comment


              • #8
                Heb dus deze bestanden aangevinkt en gefixd. Nu is mijn PC vast gelopen bij de melding:
                " Windows wordt afgesloten ... "

                Wat moet ik nu doen? Blijven wachten tot hij toch automatisch herstart of batterij uit nemen van mijn laptop??

                Comment


                • #9
                  Je zou hem zelf kunnen laten rebooten, mogelijk start MBAM na herstart weer mee op.

                  Comment


                  • #10
                    Heb MBAM nog niet kunnen installeren zit nog maar aan het heropstarten na HijackThis

                    Comment


                    • #11
                      Dan die stap overnieuw proberen.

                      Comment


                      • #12
                        Heb nu dus toch mijn batterij uitgehaald en hij starte automatisch opnieuw op dus zal nu die MBAM installeren

                        Comment


                        • #13
                          Oké hij is opnieuw opgestart en het ziet er al veel beter uit heb weer toegang tot alles de achtergrond van Bureaublad is wel veranderd maar dat is snel weer aangepast zal nu de MBAM installeren en runnen

                          Hartelijk dank echt!!!

                          Comment


                          • #14
                            Ik twijfel wel of dit wel mijn bureaublad is: ik kreeg na het invoegen van mijn passwoord bij opstarten eerst 2 maal de melding dat ik niet gemachtigd was of dat er beschadiging van dit account was opgetreden uiteindelijk start hij toch op.

                            Ook zou normaal HijackThis op mijn bureaublad moeten staan maar dat is niet het geval. Als ik zoek via de Windows zoekoptie vind ik het HijackThis bestand terug in: C:\Documents and Settings\Bert Bostyn\Bureaublad
                            dus het bureaublad waar ik op aangemeld ben maar zie het niet staan, Is dit Normaal????

                            Comment


                            • #15
                              Heb juist gezien dat ik dus niet op mijn nomraal Account zit maar op: C:\Documents and Settings\TEMP\Bureaublad
                              Wat nu???

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X