Ga naar inhoud

[OPGELOST] Spyware: Powered by Zedo, Veiligheidsagent, ...

Scweez
 Delen

Aanbevolen berichten

Scweez Enthousiasteling

Scweez

Geplaatst:
Geplaatst:

Hallo,

Ik heb al enkele dagen last van verscheidene spyware waardoor mijn internet explorer meermaals vastloopt en dat soort dingen. Hiervoor heb ik even een logje gemaakt met HJT.

Alvast bedankt voor de hulp!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:13:56, on 1/05/2008

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\GSICON.EXE

C:\WINDOWS\System32\dslagent.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\System32\dwwin.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\pc\Application Data\ntos.exe,

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\System32\bKwflwAC.dll

O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - C:\WINDOWS\System32\kqpoprkv.dll (file missing)

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: (no name) - {C0FA7589-A083-47C8-BFF3-8C3DB32C3E74} - C:\WINDOWS\System32\khfgg.dll (file missing)

O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\prolooker.dll (file missing)

O2 - BHO: (no name) - {FD0782A5-79D3-4E75-88CD-CD4B6E4B4656} - C:\WINDOWS\System32\opnlm.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE

O4 - HKLM\..\Run: [MICROSFT NT SUPPORT] annmnxedfk.EXE

O4 - HKLM\..\Run: [AdobeReaderPro] devy2.exe

O4 - HKLM\..\Run: [Microsoft Machine Script] iexplorersis.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [Microsoft MachineUpdatese] tempes.exe

O4 - HKLM\..\Run: [Microsoft Update] scvhosts.exe

O4 - HKLM\..\Run: [Windows SP2 MSDTC Hotfix KB54645] ttaxowhg.exe

O4 - HKLM\..\Run: [Windows Workstation Service] wkssvc.exe

O4 - HKLM\..\Run: [Winsock2 driver] IIXTLMZ.EXE

O4 - HKLM\..\Run: [Microsoft Incroporate] htttp.exe

O4 - HKLM\..\Run: [Microsoft DLL Verifier] file.exe

O4 - HKLM\..\Run: [Microsoft Machinex] omgs.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe

O4 - HKLM\..\RunServices: [Printer] C:\WINDOWS\System32\auditchk.exe

O4 - HKLM\..\RunServices: [MICROSFT NT SUPPORT] annmnxedfk.EXE

O4 - HKLM\..\RunServices: [AdobeReaderPro] devy2.exe

O4 - HKLM\..\RunServices: [Microsoft Machine Script] iexplorersis.exe

O4 - HKLM\..\RunServices: [Microsoft MachineUpdatese] tempes.exe

O4 - HKLM\..\RunServices: [Microsoft Update] scvhosts.exe

O4 - HKLM\..\RunServices: [Windows SP2 MSDTC Hotfix KB54645] ttaxowhg.exe

O4 - HKLM\..\RunServices: [Windows Workstation Service] wkssvc.exe

O4 - HKLM\..\RunServices: [Microsoft Incroporate] htttp.exe

O4 - HKLM\..\RunServices: [netfilt4] C:\WINDOWS\System32\netfilt4.exe

O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] file.exe

O4 - HKLM\..\RunServices: [Microsoft Machinex] omgs.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Printer] C:\WINDOWS\System32\auditchk.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [Windows SP2 MSDTC Hotfix KB54645] ttaxowhg.exe

O4 - HKCU\..\Run: [Windows Workstation Service] wkssvc.exe

O4 - HKCU\..\Run: [netfilt4] C:\WINDOWS\System32\netfilt4.exe

O4 - HKCU\..\RunServices: [Windows Workstation Service] wkssvc.exe

O4 - HKCU\..\Policies\Explorer\Run: [1] C:\WINDOWS\System32\services\explorer.exe

O4 - HKCU\..\Policies\Explorer\Run: [2] C:\WINDOWS\System32\services\explorer.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')

O4 - HKUS\S-1-5-19\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe (User '?')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')

O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')

O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\Run: [Windows Workstation Service] wkssvc.exe (User '?')

O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\Run: [netfilt4] C:\WINDOWS\System32\netfilt4.exe (User '?')

O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\RunServices: [Windows Workstation Service] wkssvc.exe (User '?')

O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\Policies\Explorer\Run: [1] C:\WINDOWS\System32\services\explorer.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [Printer] C:\WINDOWS\System32\auditchk.exe (User '?')

O4 - HKUS\S-1-5-18\..\RunServices: [Windows Workstation Service] wkssvc.exe (User '?')

O4 - HKUS\.DEFAULT\..\Run: [Printer] C:\WINDOWS\System32\auditchk.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunServices: [Windows Workstation Service] wkssvc.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O15 - Trusted Zone: *.p0rt2.com

O16 - DPF: {00000005-0000-0000-0000-100009000004} - http://code.trasferimento.biz/l/6dde39373919bc322c7dcc2498089879_35.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {33331111-1111-1111-1111-611111193423} - http://www.www2.p0rt2.com/files/777.cab

O16 - DPF: {33331111-1111-1111-1111-611111193429} - http://www.www2.p0rt2.com/files/_ipsec_.cab

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {33331111-1131-1111-1111-611111193428} -

O16 - DPF: {33331111-1234-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl29bd.cab

O16 - DPF: {43331111-1111-1111-1111-611111195622} -

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink ActiveX Control) - https://livelink.groenkennisnet.nl/livelinksupport/webedit/lledit.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF785CA6-5FDE-4CAE-B8EF-CF396AEB46E6}: NameServer = 195.238.2.22 195.238.2.21

O20 - Winlogon Notify: winecx32 - winecx32.dll (file missing)

O21 - SSODL: PagingSYS - {009541A0-3B00-1F1C-00F3-040224001C01} - C:\Program Files\Common Files\PagingSYS.dll (file missing)

O22 - SharedTaskScheduler: end - {aaad3a22-1c07-45f5-bfb3-e9a8c3b382fe} - (no file)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe (file missing)

O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)

O23 - Service: windowsupdate.microsoft.com - Unknown owner - C:\WINDOWS\msnmsngrs.exe (file missing)

--

End of file - 10701 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Oei, lang geleden dat ik nog zo'n berg rotzooi in 1 logje heb tegengekomen. Laat ons even beginnen met volgende stapjes :

Download SDFix en klik op "uitvoeren".

Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

F2 - REGystem.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\pc\Application Data\ntos.exe,

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\System32\bKwflwAC.dll

O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - C:\WINDOWS\System32\kqpoprkv.dll (file missing)

O2 - BHO: (no name) - {C0FA7589-A083-47C8-BFF3-8C3DB32C3E74} - C:\WINDOWS\System32\khfgg.dll (file missing)

O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\prolooker.dll (file missing)

O2 - BHO: (no name) - {FD0782A5-79D3-4E75-88CD-CD4B6E4B4656} - C:\WINDOWS\System32\opnlm.dll (file missing)

O4 - HKLM\..\Run: [MICROSFT NT SUPPORT] annmnxedfk.EXE

O4 - HKLM\..\Run: [AdobeReaderPro] devy2.exe

O4 - HKLM\..\Run: [Microsoft Machine Script] iexplorersis.exe

O4 - HKLM\..\Run: [Microsoft MachineUpdatese] tempes.exe

O4 - HKLM\..\Run: [Microsoft Update] scvhosts.exe

O4 - HKLM\..\Run: [Windows SP2 MSDTC Hotfix KB54645] ttaxowhg.exe

O4 - HKLM\..\Run: [Windows Workstation Service] wkssvc.exe

O4 - HKLM\..\Run: [Winsock2 driver] IIXTLMZ.EXE

O4 - HKLM\..\Run: [Microsoft Incroporate] htttp.exe

O4 - HKLM\..\Run: [Microsoft DLL Verifier] file.exe

O4 - HKLM\..\Run: [Microsoft Machinex] omgs.exe

O4 - HKLM\..\RunServices: [Printer] C:\WINDOWS\System32\auditchk.exe

O4 - HKLM\..\RunServices: [MICROSFT NT SUPPORT] annmnxedfk.EXE

O4 - HKLM\..\RunServices: [AdobeReaderPro] devy2.exe

O4 - HKLM\..\RunServices: [Microsoft Machine Script] iexplorersis.exe

O4 - HKLM\..\RunServices: [Microsoft MachineUpdatese] tempes.exe

O4 - HKLM\..\RunServices: [Microsoft Update] scvhosts.exe

O4 - HKLM\..\RunServices: [Windows SP2 MSDTC Hotfix KB54645] ttaxowhg.exe

O4 - HKLM\..\RunServices: [Windows Workstation Service] wkssvc.exe

O4 - HKLM\..\RunServices: [Microsoft Incroporate] htttp.exe

O4 - HKLM\..\RunServices: [netfilt4] C:\WINDOWS\System32\netfilt4.exe

O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] file.exe

O4 - HKLM\..\RunServices: [Microsoft Machinex] omgs.exe

O4 - HKCU\..\Run: [Printer] C:\WINDOWS\System32\auditchk.exe

O4 - HKCU\..\Run: [Windows SP2 MSDTC Hotfix KB54645] ttaxowhg.exe

O4 - HKCU\..\Run: [Windows Workstation Service] wkssvc.exe

O4 - HKCU\..\Run: [netfilt4] C:\WINDOWS\System32\netfilt4.exe

O4 - HKCU\..\RunServices: [Windows Workstation Service] wkssvc.exe

O4 - HKCU\..\Policies\Explorer\Run: [1] C:\WINDOWS\System32\services\explorer.exe

O4 - HKCU\..\Policies\Explorer\Run: [2] C:\WINDOWS\System32\services\explorer.exe

O4 - HKUS\S-1-5-19\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe (User '?')

O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\Run: [Windows Workstation Service] wkssvc.exe (User '?')

O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\Run: [netfilt4] C:\WINDOWS\System32\netfilt4.exe (User '?')

O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\RunServices: [Windows Workstation Service] wkssvc.exe (User '?')

O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\Policies\Explorer\Run: [1] C:\WINDOWS\System32\services\explorer.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [Printer] C:\WINDOWS\System32\auditchk.exe (User '?')

O4 - HKUS\S-1-5-18\..\RunServices: [Windows Workstation Service] wkssvc.exe (User '?')

O4 - HKUS\.DEFAULT\..\Run: [Printer] C:\WINDOWS\System32\auditchk.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunServices: [Windows Workstation Service] wkssvc.exe (User 'Default user')

O15 - Trusted Zone: *.p0rt2.com

O16 - DPF: {00000005-0000-0000-0000-100009000004} - Welcome to DVD Planet/Digital Eyes - Your home for DVD!

O16 - DPF: {33331111-1111-1111-1111-611111193423} - http://www.www2.p0rt2.com/files/777.cab

O16 - DPF: {33331111-1111-1111-1111-611111193429} - http://www.www2.p0rt2.com/files/_ipsec_.cab

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {33331111-1131-1111-1111-611111193428} -

O16 - DPF: {33331111-1234-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl29bd.cab

O16 - DPF: {43331111-1111-1111-1111-611111195622} -

O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

O20 - Winlogon Notify: winecx32 - winecx32.dll (file missing)

O21 - SSODL: PagingSYS - {009541A0-3B00-1F1C-00F3-040224001C01} - C:\Program Files\Common Files\PagingSYS.dll (file missing)

O22 - SharedTaskScheduler: end - {aaad3a22-1c07-45f5-bfb3-e9a8c3b382fe} - (no file)

O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe (file missing)

O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)

O23 - Service: windowsupdate.microsoft.com - Unknown owner - C:\WINDOWS\msnmsngrs.exe (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Herstart je PC in veilige modus.

Open de SDFix map en dubbelklik op RunThis.bat om het tooltje te starten.

Typ Y om het schoonmaakproces te starten.

Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.

De computer zal dan herstarten (dit duurt langer dan gewoonlijk).

Wanneer de pc herstart zal het tooltje opnieuw runnen en het verwijderingsproces vervolgen, tot de melding Finished getoond wordt. Druk dan op eender welke toets om het script te beëindigen en je bureaubladiconen weer te laden.

Wanneer je bureaubladiconen verschijnen zal het rapportje van SDFix openen. Dit zal dan ook te vinden zijn in de SDFix map als Report.txt.

Plak nu de inhoud van dat rapportje in een volgende bericht, samen met een nieuw HJT-log.

Link naar reactie
Delen op andere sites
Scweez Enthousiasteling

Scweez

Geplaatst:
  • Auteur
Geplaatst:

Ok, ik heb SDFix gerund in veilige modus en dit is het resultaat:

SDFix: Version 1.177

Run by pc on do 01/05/2008 at 13:02

Microsoft Windows XP [versie 5.1.2600]

Running From: C:\SDFix

Checking Services :

Name :

NtmlSvc

Win32Sr

Path :

%SystemRoot%\System32\svchost.exe -k netsvcs

"C:\WINDOWS\win32ssr.exe"

NtmlSvc - Deleted

Win32Sr - Deleted

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\ERASEM~1.EXE - Deleted

C:\WINDOWS\system32\eraseme_04183.exe - Deleted

C:\WINDOWS\system32\TFTP1004 - Deleted

C:\WINDOWS\system32\TFTP1312 - Deleted

C:\WINDOWS\system32\TFTP1328 - Deleted

C:\WINDOWS\system32\TFTP1368 - Deleted

C:\WINDOWS\system32\TFTP1392 - Deleted

C:\WINDOWS\system32\TFTP1436 - Deleted

C:\WINDOWS\system32\TFTP1700 - Deleted

C:\WINDOWS\system32\TFTP2764 - Deleted

C:\WINDOWS\system32\TFTP3208 - Deleted

C:\WINDOWS\system32\TFTP4748 - Deleted

C:\WINDOWS\system32\TFTP608 - Deleted

C:\WINDOWS\system32\TFTP796 - Deleted

C:\WINDOWS\system32\remote.ini - Deleted

C:\WINDOWS\system32\univrs32.dat - Deleted

C:\WINDOWS\system32\v1rg1n - Deleted

C:\Documents and Settings\pc\Application Data\wsnpoem\audio.dll - Deleted

C:\Documents and Settings\pc\Application Data\wsnpoem\video.dll - Deleted

Folder C:\Documents and Settings\pc\Application Data\wsnpoem - Removed

Folder C:\Program Files\Helper - Removed

Folder C:\WINDOWS\system32\services - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-01 13:16:23

Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:61a72517

"s2"=dword:d20faf0f

"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:88,fe,4c,f3,f3,f8,52,0a,2c,63,ec,b2,36,d6,c0,78,72,87,d5,b4,4a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,54,96,b0,30,15,29,82,62,b4,cb,a1,84,28,71,b9,00,3a,..

"khjeh"=hex:f4,1a,6d,69,85,73,d9,9c,3c,03,3e,67,40,02,50,92,d2,95,3e,bc,dd,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:5c,a0,67,34,28,03,f8,8c,a9,eb,0a,13,cd,3d,1d,a3,9a,e3,76,db,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:88,fe,4c,f3,f3,f8,52,0a,2c,63,ec,b2,36,d6,c0,78,72,87,d5,b4,4a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,54,96,b0,30,15,29,82,62,b4,cb,a1,84,28,71,b9,00,3a,..

"khjeh"=hex:f4,1a,6d,69,85,73,d9,9c,3c,03,3e,67,40,02,50,92,d2,95,3e,bc,dd,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:5c,a0,67,34,28,03,f8,8c,a9,eb,0a,13,cd,3d,1d,a3,9a,e3,76,db,0e,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 103

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 19 Sep 2006 743,255 ..SH. --- "C:\WINDOWS\system32\egfhk.bak1"

Mon 27 Mar 2006 1,771,008 A..HR --- "C:\WINDOWS\system32\Ghost.exe"

Fri 7 Sep 2001 169,984 ..SHR --- "C:\WINDOWS\system32\tempesfile.exe"

Sat 4 Mar 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Mon 23 Apr 2007 24,576 ...H. --- "C:\Documents and Settings\pc\Mijn documenten\~WRL0916.tmp"

Wed 14 Mar 2007 386,560 ...H. --- "C:\Documents and Settings\pc\Mijn documenten\~WRL3566.tmp"

Finished!

Dan geeft HJT mij de volgende log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:30:59, on 1/05/2008

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\dslagent.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')

O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User '?')

O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')

O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {43331111-1111-1111-1111-611111195622} -

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink ActiveX Control) - https://livelink.groenkennisnet.nl/livelinksupport/webedit/lledit.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF785CA6-5FDE-4CAE-B8EF-CF396AEB46E6}: NameServer = 195.238.2.22 195.238.2.21

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--

End of file - 5675 bytes

Alvast bedankt!

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Knap. SDFix heeft al flink huisgehouden in de "rommel". Volgende stapje dan maar weer :

Download Combofix en zet het op je Bureaublad.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O16 - DPF: {43331111-1111-1111-1111-611111195622} -

Klik op 'Fix checked' om de items te verwijderen.

Hang dan het log van Combofix en een nieuw log van HJT aan je volgende bericht. En weet meteen eens te vertellen of je nu al minder problemen hebt met spyware en vastlopers ? Of nog niet ?

Link naar reactie
Delen op andere sites
Scweez Enthousiasteling

Scweez

Geplaatst:
  • Auteur
Geplaatst:

Het resultaat van ComboFix:

ComboFix 08-04-29.5 - pc 2008-05-01 14:08:02.1 - NTFSx86

Gestart vanuit: C:\Documents and Settings\pc\Mijn documenten\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\LocalService\Menu Start\Programma's\ucmore - the search accelerator

C:\Documents and Settings\LocalService\Menu Start\Programma's\ucmore - the search accelerator\How To Uninstall.lnk

C:\Documents and Settings\LocalService\Menu Start\Programma's\ucmore - the search accelerator\UCmore - The Search Accelerator.lnk

C:\Documents and Settings\LocalService\Menu Start\Programma's\ucmore - the search accelerator\UCmore Tour.lnk

C:\Documents and Settings\pc\Local Settings\Temporary Internet Files\ezaraja.vbs

C:\Documents and Settings\pc\Local Settings\Temporary Internet Files\idycizeryp.lib

C:\Documents and Settings\pc\Local Settings\Temporary Internet Files\omogakipu.exe

C:\Documents and Settings\pc\Local Settings\Temporary Internet Files\yhesycohep.bin

C:\WINDOWS\msettings.ini

C:\WINDOWS\system32\egfhk.bak1

C:\WINDOWS\system32\fxcmwsby.ini

C:\WINDOWS\system32\lnqxdorf.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mlnpo.ini

C:\WINDOWS\system32\mlnpo.ini2

C:\WINDOWS\system32\PagingSYS.sys

C:\WINDOWS\system32\qhlqfmhq.ini

C:\WINDOWS\system32\toroedge.ini

C:\WINDOWS\system32\windbg___

C:\WINDOWS\WebAssist.dll

C:\WINDOWS\win.dll

C:\WINDOWS\xhelper.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_PAGINGSYS

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))

.

2008-05-01 14:07 . 2008-05-01 14:07 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

2008-05-01 12:59 . 2008-05-01 12:59 <DIR> d-------- C:\WINDOWS\ERUNT

2008-05-01 11:42 . 2008-05-01 13:25 <DIR> d-------- C:\SDFix

2008-05-01 11:00 . 2008-05-01 11:00 <DIR> d-------- C:\Program Files\Trend Micro

2008-05-01 10:54 . 2008-05-01 10:54 <DIR> d-------- C:\Program Files\CCleaner

2008-04-30 09:44 . 2008-04-30 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-04-30 09:40 . 2008-04-30 09:40 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-04-23 11:10 . 2008-04-23 11:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-23 11:10 . 2008-04-23 11:10 1,409 --a------ C:\WINDOWS\QTFont.for

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-01 12:05 --------- d-----w C:\Documents and Settings\pc\Application Data\MegauploadToolbar

2008-05-01 07:35 --------- d-----w C:\Documents and Settings\pc\Application Data\AVG7

2008-04-30 16:00 --------- d-----w C:\Program Files\Norton Security Scan

2008-04-24 06:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7

2008-04-24 05:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-04-19 12:28 --------- d-----w C:\Program Files\Incomplete

2008-04-19 12:21 --------- d-----w C:\Program Files\LimeWire

2008-04-06 15:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2008-03-27 10:08 --------- d-----w C:\Program Files\Windows Live

2008-03-27 10:08 --------- d-----w C:\Program Files\MSN Messenger

2008-03-27 10:08 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-03-19 11:40 131 ----a-w C:\Program Files\musiCutter.ini

2008-03-17 17:29 --------- d-----w C:\Program Files\PSLIDESHOW

2008-03-17 17:28 --------- d-----w C:\Program Files\LimeWire(2)

2008-03-17 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7

2008-03-17 17:26 --------- d-----w C:\Program Files\VirusProtect 3.9

2008-03-17 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-17 11:56 11,622 ----a-w C:\WINDOWS\system32\yloto.bin

2008-03-17 11:56 11,167 ----a-w C:\Documents and Settings\All Users\Application Data\aqywakuz.dat

2008-02-06 15:14 12,651,352 ----a-w C:\mm20nld.exe

2007-03-12 13:42 38,032 ----a-w C:\Documents and Settings\pc\Application Data\GDIPFONTCACHEV1.DAT

2006-11-21 08:52 1,395 ---ha-w C:\Documents and Settings\pc\hpothb07.dat

2006-10-20 16:25 45 ----a-w C:\Program Files\serial.txt

2003-03-21 11:45 250,544 ----a-w C:\Program Files\Common Files\keyhelp.ocx

2002-07-22 17:42 1,026 ----a-w C:\Program Files\license.txt

2002-07-22 17:41 3,193 ----a-w C:\Program Files\readme.txt

2002-07-22 17:32 2,731 ----a-w C:\Program Files\history.txt

2002-07-19 09:48 80,896 ----a-w C:\Program Files\vcut.exe

2002-05-25 19:20 289,792 ----a-w C:\Program Files\musiCutter.exe

2001-09-07 12:00 169,984 --sh--r C:\WINDOWS\system32\tempesfile.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09 157592]

"DSLAGENTEXE"="dslagent.exe" [2001-05-18 18:29 16384 C:\WINDOWS\system32\dslagent.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"nwiz"="nwiz.exe" [2004-03-03 10:29 782336 C:\WINDOWS\system32\nwiz.exe]

"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-22 17:37 286720]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-03 10:29 2904064]

"TrayServer"="C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe" [2006-10-04 16:41 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]

"Windows Workstation Service"="wkssvc.exe" []

"Spyware Doctor"="" []

"bxproxy"="C:\WINDOWS\bxproxy.exe" [ ]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 18:21:38 147456]

hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.X264"= x264vfw.dll

"vidc.hfyu"= huffyuv.dll

"msacm.divxa32"= DivXa32.acm

"msacm.l3codec"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

RpcxSs

.

Inhoud van de 'Gedeelde Taken' map

"2008-04-30 11:38:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-04-30 22:00:00 C:\WINDOWS\Tasks\At1.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-05-01 07:00:00 C:\WINDOWS\Tasks\At10.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-05-01 08:00:02 C:\WINDOWS\Tasks\At11.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-05-01 09:00:00 C:\WINDOWS\Tasks\At12.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-05-01 10:00:00 C:\WINDOWS\Tasks\At13.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-04-30 11:00:00 C:\WINDOWS\Tasks\At14.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-05-01 12:00:00 C:\WINDOWS\Tasks\At15.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-04-30 13:00:00 C:\WINDOWS\Tasks\At16.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-04-30 14:00:00 C:\WINDOWS\Tasks\At17.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-04-30 15:00:00 C:\WINDOWS\Tasks\At18.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-04-30 16:00:00 C:\WINDOWS\Tasks\At19.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-04-28 23:00:00 C:\WINDOWS\Tasks\At2.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-04-30 17:00:00 C:\WINDOWS\Tasks\At20.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-04-30 18:00:00 C:\WINDOWS\Tasks\At21.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-04-30 19:00:00 C:\WINDOWS\Tasks\At22.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-04-30 20:00:00 C:\WINDOWS\Tasks\At23.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-04-30 21:00:00 C:\WINDOWS\Tasks\At24.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-04-30 22:00:00 C:\WINDOWS\Tasks\At25.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-28 23:00:00 C:\WINDOWS\Tasks\At26.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-18 00:00:00 C:\WINDOWS\Tasks\At27.job"

- C:\WINDOWS\System32\winmds.exe

"2008-03-30 01:00:00 C:\WINDOWS\Tasks\At28.job"

- C:\WINDOWS\System32\winmds.exe

"2008-02-26 03:00:00 C:\WINDOWS\Tasks\At29.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-18 00:00:00 C:\WINDOWS\Tasks\At3.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-02-26 04:00:00 C:\WINDOWS\Tasks\At30.job"

- C:\WINDOWS\System32\winmds.exe

"2007-08-02 13:10:48 C:\WINDOWS\Tasks\At31.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-17 05:00:00 C:\WINDOWS\Tasks\At32.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-24 06:00:00 C:\WINDOWS\Tasks\At33.job"

- C:\WINDOWS\System32\winmds.exe

"2008-05-01 07:00:00 C:\WINDOWS\Tasks\At34.job"

- C:\WINDOWS\System32\winmds.exe

"2008-05-01 08:00:03 C:\WINDOWS\Tasks\At35.job"

- C:\WINDOWS\System32\winmds.exe

"2008-05-01 09:00:00 C:\WINDOWS\Tasks\At36.job"

- C:\WINDOWS\System32\winmds.exe

"2008-05-01 10:00:01 C:\WINDOWS\Tasks\At37.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-30 11:00:00 C:\WINDOWS\Tasks\At38.job"

- C:\WINDOWS\System32\winmds.exe

"2008-05-01 12:00:00 C:\WINDOWS\Tasks\At39.job"

- C:\WINDOWS\System32\winmds.exe

"2008-03-30 01:00:00 C:\WINDOWS\Tasks\At4.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-04-30 13:00:00 C:\WINDOWS\Tasks\At40.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-30 14:00:00 C:\WINDOWS\Tasks\At41.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-30 15:00:00 C:\WINDOWS\Tasks\At42.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-30 16:00:00 C:\WINDOWS\Tasks\At43.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-30 17:00:00 C:\WINDOWS\Tasks\At44.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-30 18:00:00 C:\WINDOWS\Tasks\At45.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-30 19:00:00 C:\WINDOWS\Tasks\At46.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-30 20:00:00 C:\WINDOWS\Tasks\At47.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-30 21:00:00 C:\WINDOWS\Tasks\At48.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-30 22:00:00 C:\WINDOWS\Tasks\At49.job"

- C:\WINDOWS\System32\winmds.exe

"2008-02-26 03:00:00 C:\WINDOWS\Tasks\At5.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-04-28 23:00:00 C:\WINDOWS\Tasks\At50.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-18 00:00:00 C:\WINDOWS\Tasks\At51.job"

- C:\WINDOWS\System32\winmds.exe

"2008-03-30 01:00:00 C:\WINDOWS\Tasks\At52.job"

- C:\WINDOWS\System32\winmds.exe

"2008-02-26 03:00:00 C:\WINDOWS\Tasks\At53.job"

- C:\WINDOWS\System32\winmds.exe

"2008-02-26 04:00:00 C:\WINDOWS\Tasks\At54.job"

- C:\WINDOWS\System32\winmds.exe

"2007-08-25 15:51:54 C:\WINDOWS\Tasks\At55.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-17 05:00:00 C:\WINDOWS\Tasks\At56.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-24 06:00:00 C:\WINDOWS\Tasks\At57.job"

- C:\WINDOWS\System32\winmds.exe

"2008-05-01 07:00:00 C:\WINDOWS\Tasks\At58.job"

- C:\WINDOWS\System32\winmds.exe

"2008-05-01 08:00:03 C:\WINDOWS\Tasks\At59.job"

- C:\WINDOWS\System32\winmds.exe

"2008-02-26 04:00:00 C:\WINDOWS\Tasks\At6.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-05-01 09:00:00 C:\WINDOWS\Tasks\At60.job"

- C:\WINDOWS\System32\winmds.exe

"2008-05-01 10:00:01 C:\WINDOWS\Tasks\At61.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-30 11:00:00 C:\WINDOWS\Tasks\At62.job"

- C:\WINDOWS\System32\winmds.exe

"2008-05-01 12:00:00 C:\WINDOWS\Tasks\At63.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-30 13:00:00 C:\WINDOWS\Tasks\At64.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-30 14:00:00 C:\WINDOWS\Tasks\At65.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-30 15:00:00 C:\WINDOWS\Tasks\At66.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-30 16:00:00 C:\WINDOWS\Tasks\At67.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-30 17:00:00 C:\WINDOWS\Tasks\At68.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-30 18:00:00 C:\WINDOWS\Tasks\At69.job"

- C:\WINDOWS\System32\winmds.exe

"2007-06-29 14:42:20 C:\WINDOWS\Tasks\At7.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-04-30 19:00:00 C:\WINDOWS\Tasks\At70.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-30 20:00:00 C:\WINDOWS\Tasks\At71.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-30 21:00:00 C:\WINDOWS\Tasks\At72.job"

- C:\WINDOWS\System32\winmds.exe

"2008-04-17 05:00:00 C:\WINDOWS\Tasks\At8.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2008-04-24 06:00:00 C:\WINDOWS\Tasks\At9.job"

- C:\WINDOWS\System32\3lk22Hk2.exe

"2007-09-22 10:33:30 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1182073967.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I

"2008-04-30 16:04:46 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Program Files\Norton Security Scan\Nss.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-01 14:14:22

Windows 5.1.2600 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 103

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe

.

**************************************************************************

.

Voltooingstijd: 2008-05-01 14:21:35 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-01 12:21:25

Pre-Run: 1,385,639,936 bytes beschikbaar

Post-Run: 1,459,601,408 bytes beschikbaar

294

En vervolgens nog een logje van HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:27:31, on 1/05/2008

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\dslagent.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\explorer.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')

O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User '?')

O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')

O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink ActiveX Control) - https://livelink.groenkennisnet.nl/livelinksupport/webedit/lledit.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF785CA6-5FDE-4CAE-B8EF-CF396AEB46E6}: NameServer = 195.238.2.22 195.238.2.21

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--

End of file - 6180 bytes

Tot nu toe heb ik geen last meer van popups en dergelijke... Je hebt me echt al heel wat geholpen! Bedankt hiervoor! Ik krijg ook geen foutmeldingen meer dat Internet Explorer moet worden afgesloten, dat was hetgene dat me het meest stoorde. :)

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\WINDOWS\system32\yloto.bin

C:\Documents and Settings\All Users\Application Data\aqywakuz.dat

C:\WINDOWS\system32\tempesfile.exe

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At25.job

C:\WINDOWS\Tasks\At26.job

C:\WINDOWS\Tasks\At27.job

C:\WINDOWS\Tasks\At28.job

C:\WINDOWS\Tasks\At29.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At30.job

C:\WINDOWS\Tasks\At31.job

C:\WINDOWS\Tasks\At32.job

C:\WINDOWS\Tasks\At33.job

C:\WINDOWS\Tasks\At34.job

C:\WINDOWS\Tasks\At35.job

C:\WINDOWS\Tasks\At36.job

C:\WINDOWS\Tasks\At37.job

C:\WINDOWS\Tasks\At38.job

C:\WINDOWS\Tasks\At39.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At40.job

C:\WINDOWS\Tasks\At41.job

C:\WINDOWS\Tasks\At42.job

C:\WINDOWS\Tasks\At43.job

C:\WINDOWS\Tasks\At44.job

C:\WINDOWS\Tasks\At45.job

C:\WINDOWS\Tasks\At46.job

C:\WINDOWS\Tasks\At47.job

C:\WINDOWS\Tasks\At48.job

C:\WINDOWS\Tasks\At49.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At50.job

C:\WINDOWS\Tasks\At51.job

C:\WINDOWS\Tasks\At52.job

C:\WINDOWS\Tasks\At53.job

C:\WINDOWS\Tasks\At54.job

C:\WINDOWS\Tasks\At55.job

C:\WINDOWS\Tasks\At56.job

C:\WINDOWS\Tasks\At57.job

C:\WINDOWS\Tasks\At58.job

C:\WINDOWS\Tasks\At59.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At60.job

C:\WINDOWS\Tasks\At61.job

C:\WINDOWS\Tasks\At62.job

C:\WINDOWS\Tasks\At63.job

C:\WINDOWS\Tasks\At64.job

C:\WINDOWS\Tasks\At65.job

C:\WINDOWS\Tasks\At66.job

C:\WINDOWS\Tasks\At67.job

C:\WINDOWS\Tasks\At68.job

C:\WINDOWS\Tasks\At69.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At70.job

C:\WINDOWS\Tasks\At71.job

C:\WINDOWS\Tasks\At72.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

Registry::

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"bxproxy"=

"Windows Workstation Service"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.X264"=

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
Scweez Enthousiasteling

Scweez

Geplaatst:
  • Auteur
Geplaatst:

Hier is het volgende logje van Combofix:

ComboFix 08-04-29.5 - pc 2008-05-02 10:37:15.3 - NTFSx86

Gestart vanuit: C:\Documents and Settings\pc\Bureaublad\ComboFix.exe

Command switches used :: C:\Documents and Settings\pc\Bureaublad\CFScript.txt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::

C:\Documents and Settings\All Users\Application Data\aqywakuz.dat

C:\WINDOWS\system32\tempesfile.exe

C:\WINDOWS\system32\yloto.bin

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At25.job

C:\WINDOWS\Tasks\At26.job

C:\WINDOWS\Tasks\At27.job

C:\WINDOWS\Tasks\At28.job

C:\WINDOWS\Tasks\At29.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At30.job

C:\WINDOWS\Tasks\At31.job

C:\WINDOWS\Tasks\At32.job

C:\WINDOWS\Tasks\At33.job

C:\WINDOWS\Tasks\At34.job

C:\WINDOWS\Tasks\At35.job

C:\WINDOWS\Tasks\At36.job

C:\WINDOWS\Tasks\At37.job

C:\WINDOWS\Tasks\At38.job

C:\WINDOWS\Tasks\At39.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At40.job

C:\WINDOWS\Tasks\At41.job

C:\WINDOWS\Tasks\At42.job

C:\WINDOWS\Tasks\At43.job

C:\WINDOWS\Tasks\At44.job

C:\WINDOWS\Tasks\At45.job

C:\WINDOWS\Tasks\At46.job

C:\WINDOWS\Tasks\At47.job

C:\WINDOWS\Tasks\At48.job

C:\WINDOWS\Tasks\At49.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At50.job

C:\WINDOWS\Tasks\At51.job

C:\WINDOWS\Tasks\At52.job

C:\WINDOWS\Tasks\At53.job

C:\WINDOWS\Tasks\At54.job

C:\WINDOWS\Tasks\At55.job

C:\WINDOWS\Tasks\At56.job

C:\WINDOWS\Tasks\At57.job

C:\WINDOWS\Tasks\At58.job

C:\WINDOWS\Tasks\At59.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At60.job

C:\WINDOWS\Tasks\At61.job

C:\WINDOWS\Tasks\At62.job

C:\WINDOWS\Tasks\At63.job

C:\WINDOWS\Tasks\At64.job

C:\WINDOWS\Tasks\At65.job

C:\WINDOWS\Tasks\At66.job

C:\WINDOWS\Tasks\At67.job

C:\WINDOWS\Tasks\At68.job

C:\WINDOWS\Tasks\At69.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At70.job

C:\WINDOWS\Tasks\At71.job

C:\WINDOWS\Tasks\At72.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Application Data\aqywakuz.dat

C:\WINDOWS\system32\tempesfile.exe

C:\WINDOWS\system32\yloto.bin

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At25.job

C:\WINDOWS\Tasks\At26.job

C:\WINDOWS\Tasks\At27.job

C:\WINDOWS\Tasks\At28.job

C:\WINDOWS\Tasks\At29.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At30.job

C:\WINDOWS\Tasks\At31.job

C:\WINDOWS\Tasks\At32.job

C:\WINDOWS\Tasks\At33.job

C:\WINDOWS\Tasks\At34.job

C:\WINDOWS\Tasks\At35.job

C:\WINDOWS\Tasks\At36.job

C:\WINDOWS\Tasks\At37.job

C:\WINDOWS\Tasks\At38.job

C:\WINDOWS\Tasks\At39.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At40.job

C:\WINDOWS\Tasks\At41.job

C:\WINDOWS\Tasks\At42.job

C:\WINDOWS\Tasks\At43.job

C:\WINDOWS\Tasks\At44.job

C:\WINDOWS\Tasks\At45.job

C:\WINDOWS\Tasks\At46.job

C:\WINDOWS\Tasks\At47.job

C:\WINDOWS\Tasks\At48.job

C:\WINDOWS\Tasks\At49.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At50.job

C:\WINDOWS\Tasks\At51.job

C:\WINDOWS\Tasks\At52.job

C:\WINDOWS\Tasks\At53.job

C:\WINDOWS\Tasks\At54.job

C:\WINDOWS\Tasks\At55.job

C:\WINDOWS\Tasks\At56.job

C:\WINDOWS\Tasks\At57.job

C:\WINDOWS\Tasks\At58.job

C:\WINDOWS\Tasks\At59.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At60.job

C:\WINDOWS\Tasks\At61.job

C:\WINDOWS\Tasks\At62.job

C:\WINDOWS\Tasks\At63.job

C:\WINDOWS\Tasks\At64.job

C:\WINDOWS\Tasks\At65.job

C:\WINDOWS\Tasks\At66.job

C:\WINDOWS\Tasks\At67.job

C:\WINDOWS\Tasks\At68.job

C:\WINDOWS\Tasks\At69.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At70.job

C:\WINDOWS\Tasks\At71.job

C:\WINDOWS\Tasks\At72.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))

.

2008-05-01 14:07 . 2008-05-01 14:07 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

2008-05-01 12:59 . 2008-05-01 12:59 <DIR> d-------- C:\WINDOWS\ERUNT

2008-05-01 11:42 . 2008-05-01 13:25 <DIR> d-------- C:\SDFix

2008-05-01 11:00 . 2008-05-01 11:00 <DIR> d-------- C:\Program Files\Trend Micro

2008-05-01 10:54 . 2008-05-01 10:54 <DIR> d-------- C:\Program Files\CCleaner

2008-04-30 09:44 . 2008-04-30 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-04-30 09:40 . 2008-04-30 09:40 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-04-23 11:10 . 2008-04-23 11:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-23 11:10 . 2008-04-23 11:10 1,409 --a------ C:\WINDOWS\QTFont.for

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-02 08:32 --------- d-----w C:\Documents and Settings\pc\Application Data\MegauploadToolbar

2008-05-01 07:35 --------- d-----w C:\Documents and Settings\pc\Application Data\AVG7

2008-04-30 16:00 --------- d-----w C:\Program Files\Norton Security Scan

2008-04-24 06:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7

2008-04-24 05:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-04-19 12:28 --------- d-----w C:\Program Files\Incomplete

2008-04-19 12:21 --------- d-----w C:\Program Files\LimeWire

2008-04-06 15:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2008-03-27 10:08 --------- d-----w C:\Program Files\Windows Live

2008-03-27 10:08 --------- d-----w C:\Program Files\MSN Messenger

2008-03-27 10:08 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-03-19 11:40 131 ----a-w C:\Program Files\musiCutter.ini

2008-03-17 17:29 --------- d-----w C:\Program Files\PSLIDESHOW

2008-03-17 17:28 --------- d-----w C:\Program Files\LimeWire(2)

2008-03-17 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7

2008-03-17 17:26 --------- d-----w C:\Program Files\VirusProtect 3.9

2008-03-17 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft

2008-02-06 15:14 12,651,352 ----a-w C:\mm20nld.exe

2007-03-12 13:42 38,032 ----a-w C:\Documents and Settings\pc\Application Data\GDIPFONTCACHEV1.DAT

2006-11-21 08:52 1,395 ---ha-w C:\Documents and Settings\pc\hpothb07.dat

2006-10-20 16:25 45 ----a-w C:\Program Files\serial.txt

2003-03-21 11:45 250,544 ----a-w C:\Program Files\Common Files\keyhelp.ocx

2002-07-22 17:42 1,026 ----a-w C:\Program Files\license.txt

2002-07-22 17:41 3,193 ----a-w C:\Program Files\readme.txt

2002-07-22 17:32 2,731 ----a-w C:\Program Files\history.txt

2002-07-19 09:48 80,896 ----a-w C:\Program Files\vcut.exe

2002-05-25 19:20 289,792 ----a-w C:\Program Files\musiCutter.exe

.

((((((((((((((((((((((((((((( snapshot@2008-05-01_14.20.53.38 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-01 12:13:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-02 08:12:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09 157592]

"DSLAGENTEXE"="dslagent.exe" [2001-05-18 18:29 16384 C:\WINDOWS\system32\dslagent.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"nwiz"="nwiz.exe" [2004-03-03 10:29 782336 C:\WINDOWS\system32\nwiz.exe]

"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-22 17:37 286720]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-03 10:29 2904064]

"TrayServer"="C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe" [2006-10-04 16:41 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]

"Windows Workstation Service"="wkssvc.exe" []

"Spyware Doctor"="" []

"bxproxy"="C:\WINDOWS\bxproxy.exe" [ ]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 18:21:38 147456]

hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.X264"= x264vfw.dll

"vidc.hfyu"= huffyuv.dll

"msacm.divxa32"= DivXa32.acm

"msacm.l3codec"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

RpcxSs

*Newly Created Service* - CATCHME

.

Inhoud van de 'Gedeelde Taken' map

"2008-04-30 11:38:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2007-09-22 10:33:30 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1182073967.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I

"2008-04-30 16:04:46 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Program Files\Norton Security Scan\Nss.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-02 10:41:03

Windows 5.1.2600 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 103

**************************************************************************

.

Voltooingstijd: 2008-05-02 10:47:51

ComboFix-quarantined-files.txt 2008-05-02 08:47:08

ComboFix2.txt 2008-05-01 12:21:36

Pre-Run: 1,461,374,976 bytes beschikbaar

Post-Run: 1,457,164,288 bytes beschikbaar

267

Ik heb nog steeds geen last van pop-ups en andere vervelende toestanden... :laugh: Bedankt!

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Ondanks de toch wel zware besmetting, heb je dat vlotjes opgelost. Proficiat !

Nu de problemen van de baan zijn, is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten. En je JAVA kan een update gebruiken.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Combofix wordt verwijderd en een nieuw systeemherstelpunt wordt aangemaakt.

Verwijder SDFix.

Download CCleaner.

Installeer het en start het op. Klik in de linkse kolom op “Opties”. Selecteer het tabblad ‘Geavanceerd’ en haal het vinkje weg voor “Verwijder alleen tijdelijke bestanden in de Windows systeemmap die ouder zijn dan 48 uur” en sluit hierna het programma.

Start CCleaner op en klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scannen voor fouten’. Als er fouten gevonden worden klik je op ”alle fouten herstellen” en ”OK”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen.

- Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.

- Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".

- Zet een vinkje voor "Systeemherstel uitschakelen".

- Klik "Toepassen".

- Windows vraagt of je dat zeker weet.

- Klik "Ja".

- Klik "OK".

- Start de pc opnieuw op.

- Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.

- Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"

- Klik "Ja".

- Verwijder het vinkje voor "Systeemherstel uitschakelen".

- Klik "Toepassen".

- Klik "OK".

- Start de pc opnieuw op

- Er is nu een nieuw herstelpunt aangemaakt.

Je Java software is verouderd. Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem. Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren.

Download Java Runtime Environment (JRE) 6u6

  • Scroll omlaag naar : "Java Runtime Environment (JRE) 6u6".
  • Klik op de "Download" knop aan de rechterkant.
  • In het uitklapmenu rechts naast Platform, selecteer “Windows”.
  • Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op “Continue”.
  • De pagina zal herladen.
  • Klik op de jre-6u6-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
  • Sluit alle programma's die eventueel open zijn, zeker je webbrowser.
  • Ga dan naar Start -> Configuratiescherm -> Software en verwijder alle oudere versies van Java uit de Softwarelijst.
  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
  • Klik dan op “Verwijderen” of op de “Wijzig/Verwijder” knop.
  • Herhaal dit tot alle oudere versies verdwenen zijn.
  • Na het verwijderen van alle oudere versies, herstart je pc.
  • Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

That’s it !

Link naar reactie
Delen op andere sites
Scweez Enthousiasteling

Scweez

Geplaatst:
  • Auteur
Geplaatst:

Goed, ik heb de laatst stappen doorlopen...

Maar nu duiken er plots 2 nieuwe problemen op. Wanneer de pc opnieuw opgestart is en ik klik op een icoontje van mijn bureaublad (bijvoorbeeld een internetverbinding tot stand brengen), dan zal dit enkele minuten duren voor ik een venster krijg.

Uiteindelijk opent dit dan toch en verschijnen er nog enkele icoontjes in de takenbalk.

Het tweede probleem is een foutmelding wanneer ik internet explorer sluit. Een voorbeeld hiervan zie je in bijlage.

Voor de rest... prima werk!

post-3523-1417703746,0102_thumb.jpg

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.