Volledige versie bekijken : pop up celldorado hijackthis log
Zoals aangeraden hier het logje van hijackthis
Hopelijk komt er reactie zodat ik het kan oplossen
Alvast bedankt
Logfile of HijackThis v1.99.1
Scan saved at 19:49:26, on 16-6-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Documents and Settings\HILDE.HILDE-BERVOETS\Application Data\tmp7.tmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Motive\Common\MOTIVE~1.EXE
C:\Program Files\Telenet EasyCare\bin\mad.exe
C:\Program Files\Telenet EasyCare\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT 2.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HILDE.HILDE-BERVOETS\Local Settings\Temporary Internet Files\Content.IE5\G9QBSHUZ\hijackthis[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {2df8e1db-823e-47e7-852d-a17dce06aeec} - C:\WINDOWS\system32\msdard.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} - C:\WINDOWS\system32\tmpA61.tmp.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\rqpqnl.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180615816968
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://downloads.telenet.be/tisp/ols/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: c:\windows\system32\ddabawv.dll
O20 - Winlogon Notify: msdard - C:\WINDOWS\SYSTEM32\msdard.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - - C:\Documents and Settings\HILDE.HILDE-BERVOETS\Application Data\tmp7.tmp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Hallo lex11,
Download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) naar je bureaublad.
Dubbelklik VundoFix.exe om het te starten.
Zet een vinkje naast: Run VundoFix as a task.
Je zal een melding krijgen dat Vundofix zal sluiten en daarna terug openen. Klik OK
Wanneer VundoFix opnieuw opent, klik de Scan for Vundo knop.
Eenmaal gedaan met scannen, Rechtsklik in het witte venster in Vundofix.
Selecteer “Add More Files?” die je in het menu zal zien. Dit zal een nieuw venster openen.
In dat venster: Kopieer en plak het volgende in het eerste veld: path to file
Kopieer en plak het volgende in het tweede veld: path to reversed file
Klik de “Add Files” knop.
Klik de "Close Window" knop.
Daarna, klik de Remove Vundo knop.
Je zal een melding krijgen of je de bestanden wilt laten verwijderen, klik YES
Nadat je Yes hebt geklikt, zullen de icoontjes op je bureaublad verdwijnen tijdens het verwijderen van Vundo.
Wanneer voltooid zal je de melding krijgen dat het je PC zal afsluiten, klik OK.
Start je pc terug opnieuw op.
Post de inhoud van C:\vundofix.txt en een nieuwe hijackthislog in je volgende post.
Grtz,
Rosty.
Okee, hier het vundo fix resultaat,
VundoFix V6.5.0
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 6:16:26 17-6-2007
Listing files found while scanning....
C:\WINDOWS\cdddeg.ini
C:\WINDOWS\gedddc.dll
C:\windows\system32\ddabawv.dll
C:\windows\system32\jkkllll.dll
C:\windows\system32\msdard.dll
C:\WINDOWS\system32\tmpB.tmp.dll
Beginning removal...
Attempting to delete C:\WINDOWS\cdddeg.ini
C:\WINDOWS\cdddeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\gedddc.dll
C:\WINDOWS\gedddc.dll Has been deleted!
Attempting to delete C:\windows\system32\ddabawv.dll
C:\windows\system32\ddabawv.dll Could not be deleted.
Attempting to delete C:\windows\system32\jkkllll.dll
C:\windows\system32\jkkllll.dll Has been deleted!
Attempting to delete C:\windows\system32\msdard.dll
C:\windows\system32\msdard.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tmpB.tmp.dll
C:\WINDOWS\system32\tmpB.tmp.dll Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 6:29:58, on 17-6-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Documents and Settings\HILDE.HILDE-BERVOETS\Application Data\tmp7.tmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HILDE.HILDE-BERVOETS\Local Settings\Temporary Internet Files\Content.IE5\G9QBSHUZ\hijackthis[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {2df8e1db-823e-47e7-852d-a17dce06aeec} - C:\WINDOWS\system32\dinsno.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180615816968
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://downloads.telenet.be/tisp/ols/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: c:\windows\system32\ddabawv.dll
O20 - Winlogon Notify: dinsno - C:\WINDOWS\SYSTEM32\dinsno.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - - C:\Documents and Settings\HILDE.HILDE-BERVOETS\Application Data\tmp7.tmp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Hallo lex11,
dit ziet er al beter uit maar we zijn er nog niet hoor.
Sla deze instructies op in kladblok of print ze uit, we moeten herstarten tijdens de fix.
* Download Dr.Web CureIt naar je bureaublad:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Nog niet gebruiken!!!
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) en sla het progje op naar je bureaublad.
Dubbelklik SDFix.exe en kies Install om het uit te pakken naar de folder op je bureaublad.
Herstart de pc in de veilige modus.
Safe mode for Windows XP
Herstart de computer
Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter
Open de uitgepakte SDFix folder en dubbelklik RunThis.bat om het script te starten.
Typ Y en klik enter om het schoonmaakproces te starten.
Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te beëindigen en je bureaubladiconen weer te laden.
Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
Dubbelklik drweb-cureit.exe en sta het toe om de express scan te starten.
Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
Eenmaal de korte scan is beeïndigd, Klik Options > Change Settings
Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
Klik daarna de groene pijl rechts om de scan te starten.
Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: Move incurable zoals je zal zien in volgende afbeelding:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik file en kies save report list. Bewaar de log op je bureaublad.
Sluit daarna Dr.Web Cureit.
Herstart je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
Na het herstarten, Kopieer en plak de inhoud van de SDFix log, de DrWebCureIt log en een nieuw HijackThis log.
Grtz,
Rosty.
dinsno.dllc:\windows\system32Trojan.Virtumod
ziezo alvast bedankt
Will be cured after reboot.
tmp3.tmp.exeC:\Documents and Settings\HILDE.HILDE-BERVOETS\Application DataTrojan.Packed.49Deleted.tmp61.tmp.exeC:\Docume nts and Settings\HILDE.HILDE-BERVOETS\Application DataTrojan.Packed.49Deleted.A0085730.exeC:\System Volume Information\_restore{BEA71C20-AA29-464B-9455-F2B505018B50}\RP356Trojan.Packed.49Deleted.A008573 1.exeC:\System Volume Information\_restore{BEA71C20-AA29-464B-9455-F2B505018B50}\RP356Trojan.Packed.49Deleted.A008573 2.exeC:\System Volume Information\_restore{BEA71C20-AA29-464B-9455-F2B505018B50}\RP356Trojan.Packed.49Deleted.A008573 3.exeC:\System Volume Information\_restore{BEA71C20-AA29-464B-9455-F2B505018B50}\RP356Trojan.Packed.49Deleted.A008573 4.exeC:\System Volume Information\_restore{BEA71C20-AA29-464B-9455-F2B505018B50}\RP356Trojan.Packed.49Deleted.A008573 5.exeC:\System Volume Information\_restore{BEA71C20-AA29-464B-9455-F2B505018B50}\RP356Trojan.Packed.49Deleted.A008573 6.exeC:\System Volume Information\_restore{BEA71C20-AA29-464B-9455-F2B505018B50}\RP356Trojan.Packed.49Deleted.A008573 7.exeC:\System Volume Information\_restore{BEA71C20-AA29-464B-9455-F2B505018B50}\RP356Trojan.Packed.49Deleted.A008693 3.exeC:\System Volume Information\_restore{BEA71C20-AA29-464B-9455-F2B505018B50}\RP357Trojan.Packed.49Deleted.A008895 0.exeC:\System Volume Information\_restore{BEA71C20-AA29-464B-9455-F2B505018B50}\RP357Trojan.Packed.49Deleted.A009504 7.exeC:\System Volume Information\_restore{BEA71C20-AA29-464B-9455-F2B505018B50}\RP357Trojan.Packed.49Deleted.A009504 8.exeC:\System Volume Information\_restore{BEA71C20-AA29-464B-9455-F2B505018B50}\RP357Trojan.Packed.49Deleted.A009504 9.exeC:\System Volume Information\_restore{BEA71C20-AA29-464B-9455-F2B505018B50}\RP357Trojan.Packed.49Deleted.A009979 3.dllC:\System Volume Information\_restore{BEA71C20-AA29-464B-9455-F2B505018B50}\RP367Trojan.VirtumodDeleted.A0099859 .exeC:\System Volume Information\_restore{BEA71C20-AA29-464B-9455-F2B505018B50}\RP367Trojan.Packed.49Deleted.A009986 0.exeC:\System Volume Information\_restore{BEA71C20-AA29-464B-9455-F2B505018B50}\RP367Trojan.Packed.49Deleted.msdard. dll.badC:\VundoFix BackupsTrojan.VirtumodDeleted.dinsno.dllC:\WINDOWS \system32Trojan.VirtumodWill be cured after reboot.
Logfile of HijackThis v1.99.1
Scan saved at 13:04:36, on 17-6-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Documents and Settings\HILDE.HILDE-BERVOETS\Application Data\tmp7.tmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HILDE.HILDE-BERVOETS\Local Settings\Temporary Internet Files\Content.IE5\G9QBSHUZ\hijackthis[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {2df8e1db-823e-47e7-852d-a17dce06aeec} - C:\WINDOWS\system32\dx7pen.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180615816968
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://downloads.telenet.be/tisp/ols/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: c:\windows\system32\ddabawv.dll
O20 - Winlogon Notify: dinsno - dinsno.dll (file missing)
O20 - Winlogon Notify: dx7pen - C:\WINDOWS\SYSTEM32\dx7pen.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - - C:\Documents and Settings\HILDE.HILDE-BERVOETS\Application Data\tmp7.tmp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Sorry lukt niet, toch bedankt voor de moeite, weet je toevallig hoe je harde schijf kunt formateren met melding:
kan niet formateren gebruikt hulpprogramma's
Dank
Hoi lex11,
niet zo hard bvan stapel lopen en nu al formateren!! We komen er wel uit zonder de SDFix log.
Open HijackThis, klik do a scan only en vink volgende regels aan:
O2 - BHO: (no name) - {2df8e1db-823e-47e7-852d-a17dce06aeec} - C:\WINDOWS\system32\dx7pen.dll
O20 - AppInit_DLLs: c:\windows\system32\ddabawv.dll
O20 - Winlogon Notify: dinsno - dinsno.dll (file missing)
O20 - Winlogon Notify: dx7pen - C:\WINDOWS\SYSTEM32\dx7pen.dll
Sluit alle open vensters, behalve HijackThis en klik op Sluit HijackThis.
Zoek via windows verkenner naar volgende bestanden en verwijder ze indien nog aanwezig:
c:\windows\system32\[b]ddabawv.dll <-- bestand
C:\WINDOWS\SYSTEM32\dx7pen.dll <-- bestand
Doe nog eens een scan met DrWebCureIt!!
Na herstart, post de log van DrWebCureIt en een nieuw hijackThis logje.
Grtz,
Rosty.
msinatq.dllc:\windows\system32Trojan.VirtumodWill be cured after reboot.
HEB PC OPNIEUW OPGESTART MAAR TROJAN BLIJFT BLIJKBAAR
Logfile of HijackThis v1.99.1
Scan saved at 13:37:36, on 18-6-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Documents and Settings\HILDE.HILDE-BERVOETS\Application Data\tmp7.tmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HILDE.HILDE-BERVOETS\Local Settings\Temporary Internet Files\Content.IE5\KHEFK9IJ\hijackthis[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {2df8e1db-823e-47e7-852d-a17dce06aeec} - C:\WINDOWS\system32\MSINatq.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} - C:\WINDOWS\system32\tmp10.tmp.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\pmligf.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180615816968
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://downloads.telenet.be/tisp/ols/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: c:\windows\system32\ddabawv.dll
O20 - Winlogon Notify: dgnnui - dgnnui.dll (file missing)
O20 - Winlogon Notify: MSINatq - C:\WINDOWS\SYSTEM32\MSINatq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - - C:\Documents and Settings\HILDE.HILDE-BERVOETS\Application Data\tmp7.tmp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Hoi lex11,
* Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je bureaublad.
Dubbelklik combofix.exe
Volg de instructies.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix gedaan heeft en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw hijackthislog.
Doe ook nog eens een scan met Vundofix.
Post dan de logjes van Vundofix, combofix en een nieuw HijackThis logje.
VundoFix V6.5.1
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 20:28:56 18-6-2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
ComboFix 07-06-17 - C:\Documents and Settings\HILDE.HILDE-BERVOETS\Bureaublad\ComboFix.exe
"HILDE" - 2007-06-18 20:15:33 - Service Pack 2 NTFS
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))) )))))
C:\WINDOWS\system32\ddabawv.dll
C:\WINDOWS\effdec.dll
C:\WINDOWS\geebca.dll
C:\WINDOWS\opomjj.dll
C:\WINDOWS\rqppqq.dll
C:\WINDOWS\system32\awtqq.exe
C:\WINDOWS\system32\ddccd.exe
C:\WINDOWS\system32\geeba.exe
C:\WINDOWS\system32\geebc.exe
C:\WINDOWS\system32\jkhfg.exe
C:\WINDOWS\system32\pmkhg.exe
C:\WINDOWS\system32\vtutq.exe
C:\WINDOWS\cedffe.ini
C:\WINDOWS\acbeeg.ini
C:\WINDOWS\acbeeg.ini2
C:\WINDOWS\acbeeg.tmp
C:\WINDOWS\jjmopo.ini
C:\WINDOWS\qqppqr.ini
C:\WINDOWS\system32\flddv2.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\tmp1.tmp.exe
C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\tmp10.tmp.exe
C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\tmp15.tmp.exe
C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\tmp16.tmp.exe
C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\tmp3.tmp.exe
C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\tmp4.tmp.exe
C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\tmp5.tmp.exe
C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\tmp6.tmp.exe
C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\tmp7.tmp.exe
C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\tmp8.tmp.exe
C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\tmpA.tmp.exe
C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\tmpA56.tmp.exe
C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\tmpA60.tmp.exe
C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\tmpA61.tmp.exe
C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\tmpB.tmp.exe
C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\tmpD.tmp.exe
C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\tmpF.tmp.exe
C:\DOCUME~1\HILDE~1.HIL\BUREAU~1\internet.lnk
C:\Program Files\outlook
C:\WINDOWS\system32\tmp1.tmp.dll
C:\WINDOWS\system32\tmp123.tmp.dll
C:\WINDOWS\system32\tmp19.tmp.dll
C:\WINDOWS\system32\tmp2.tmp.dll
C:\WINDOWS\system32\tmp215.tmp.dll
C:\WINDOWS\system32\tmp3.tmp.dll
C:\WINDOWS\system32\tmp44.tmp.dll
C:\WINDOWS\system32\tmp4B.tmp.dll
C:\WINDOWS\system32\tmp61.tmp.dll
C:\WINDOWS\system32\tmp7B.tmp.dll
C:\WINDOWS\system32\tmp9.tmp.dll
C:\WINDOWS\system32\tmpC3.tmp.dll
C:\WINDOWS\system32\tmpF6.tmp.dll
((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))
2007-06-18 20:15 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-17 11:04 <DIR> d-------- C:\DOCUME~1\HILDE~1.HIL\DoctorWeb
2007-06-17 06:21 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-06-16 20:42 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-06-16 19:46 46,336 --a------ C:\WINDOWS\system32\tmpA61.tmp.dll
2007-06-16 17:40 46,336 --a------ C:\WINDOWS\system32\tmp16.tmp.dll
2007-06-16 16:46 46,336 --a------ C:\WINDOWS\system32\tmpA.tmp.dll
2007-06-16 14:23 46,336 --a------ C:\WINDOWS\system32\tmp6.tmp.dll
2007-06-14 08:12 5,582,848 --a------ C:\DOCUME~1\HILDE~1.HIL\ntuser.dat
2007-06-13 12:25 <DIR> d-------- C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\RegistrySmart
2007-06-13 08:43 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-12 10:57 786,432 --ah----- C:\DOCUME~1\ALEXHI~1.001\ntuser.dat
2007-06-12 10:57 <DIR> dr-h----- C:\DOCUME~1\ALEXHI~1.001\Onlangs geopend
2007-06-12 10:57 <DIR> dr------- C:\DOCUME~1\ALEXHI~1.001\Mijn documenten
2007-06-12 10:57 <DIR> dr------- C:\DOCUME~1\ALEXHI~1.001\Menu Start
2007-06-12 10:57 <DIR> dr------- C:\DOCUME~1\ALEXHI~1.001\Favorieten
2007-06-12 10:57 <DIR> d--h----- C:\DOCUME~1\ALEXHI~1.001\Sjablonen
2007-06-12 10:57 <DIR> d--h----- C:\DOCUME~1\ALEXHI~1.001\Netwerkprinteromgeving
2007-06-12 10:57 <DIR> d-------- C:\DOCUME~1\ALEXHI~1.001\Bureaublad
2007-06-12 06:26 <DIR> d-------- C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\Smart Panel
2007-06-11 18:27 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-06-10 10:57 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-09 19:39 434,252 --a------ C:\WINDOWS\system32\Msvcrtd.dll
2007-06-09 08:01 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-09 08:01 208,248 --a------ C:\WINDOWS\system32\muweb.dll
2007-06-09 07:59 <DIR> d-------- C:\Program Files\Ahead
2007-06-08 18:25 <DIR> d-------- C:\Program Files\ASUS
2007-06-08 14:30 159,744 -ra------ C:\WINDOWS\system32\drivers\Fasttx2k.sys
2007-06-08 14:30 118,784 -ra------ C:\WINDOWS\system32\ptipbmf.dll
2007-06-08 14:09 77,312 -ra------ C:\WINDOWS\system32\drivers\viasraid.sys
2007-06-08 13:55 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-08 13:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Live Toolbar
2007-06-08 13:41 <DIR> d-------- C:\DOCUME~1\HILDE~1.HIL\WINDOWS
2007-06-08 13:37 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2007-06-08 13:37 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2007-06-08 13:37 308,224 --a------ C:\WINDOWS\IsUn0413.exe
2007-06-08 13:37 11,392 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2007-06-08 13:34 <DIR> d-------- C:\Program Files\VIA
2007-06-08 13:30 27,904 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2007-06-08 13:29 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-06-08 09:03 <DIR> d-------- C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\Webroot
2007-06-07 14:06 <DIR> d-------- C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\DriveCleaner Free
2007-06-07 13:56 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-06-07 13:56 <DIR> d-------- C:\Program Files\Common Files\DriveCleaner Free
2007-06-07 13:36 46,336 --a------ C:\WINDOWS\system32\tmp4.tmp.dll
2007-06-07 12:55 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-06-07 12:34 46,336 --a------ C:\WINDOWS\system32\tmp10.tmp.dll
2007-06-07 07:51 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-06-07 07:51 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-06-07 07:51 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-06-07 07:51 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-06-07 07:51 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2007-06-07 07:51 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2007-06-07 07:51 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-06-07 07:51 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-06-07 07:51 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-06-07 07:51 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-06-07 07:51 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-06-06 17:14 <DIR> d-------- C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\Help
2007-06-05 18:29 <DIR> d-------- C:\DOCUME~1\KAROLI~1.001\APPLIC~1\Google
2007-06-04 06:22 <DIR> d-------- C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\U3
2007-06-03 16:42 <DIR> d-------- C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\ArcSoft
2007-06-03 15:39 <DIR> d-------- C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\NeroVision
2007-06-03 14:23 131,072 --a------ C:\WINDOWS\system32\Epcmlib.dll
2007-06-03 14:21 212,480 --a------ C:\WINDOWS\pcdlib32.dll
2007-06-03 14:21 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-06-03 14:19 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2007-06-03 14:19 73,216 --a------ C:\WINDOWS\ADE.DLL
2007-06-03 14:18 75,501 --a------ C:\WINDOWS\system32\EBPMON24.DLL
2007-06-03 14:18 64,000 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2007-06-03 14:18 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2007-06-03 14:18 31,744 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2007-06-03 14:15 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2007-06-03 14:15 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
2007-06-03 14:15 22,528 --a------ C:\WINDOWS\system32\esccmd.dll
2007-06-03 14:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-06-03 14:15 <DIR> d-------- C:\Program Files\EPSON
2007-06-03 14:00 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-06-03 14:00 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-06-03 09:07 1,310,720 --ah----- C:\DOCUME~1\KAROLI~1.001\ntuser.dat
2007-06-03 09:07 <DIR> dr-h----- C:\DOCUME~1\KAROLI~1.001\Onlangs geopend
2007-06-03 09:07 <DIR> dr------- C:\DOCUME~1\KAROLI~1.001\Mijn documenten
2007-06-03 09:07 <DIR> dr------- C:\DOCUME~1\KAROLI~1.001\Menu Start
2007-06-03 09:07 <DIR> dr------- C:\DOCUME~1\KAROLI~1.001\Favorieten
2007-06-03 09:07 <DIR> d--h----- C:\DOCUME~1\KAROLI~1.001\Sjablonen
2007-06-03 09:07 <DIR> d--h----- C:\DOCUME~1\KAROLI~1.001\Netwerkprinteromgeving
2007-06-03 09:07 <DIR> d-------- C:\DOCUME~1\KAROLI~1.001\Bureaublad
2007-06-01 21:57 <DIR> d-------- C:\DOCUME~1\EVELIE~1.000\APPLIC~1\Google
2007-06-01 08:25 <DIR> d-------- C:\DOCUME~1\KAROLI~1.000\APPLIC~1\Google
2007-06-01 08:18 1,048,576 --ah----- C:\DOCUME~1\KAROLI~1.000\NTUSER.DAT
2007-06-01 08:18 <DIR> d-------- C:\DOCUME~1\KAROLI~1.000\Sjablonen
2007-06-01 08:18 <DIR> d-------- C:\DOCUME~1\KAROLI~1.000\Favorieten
2007-06-01 06:50 <DIR> d-------- C:\DOCUME~1\HILDE~1.HIL\APPLIC~1\Google
2007-06-01 06:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google
2007-06-01 06:23 <DIR> d-------- C:\Program Files\MSN Messenger
2007-05-31 21:03 <DIR> d-------- C:\DOCUME~1\EVELIE~1.000\APPLIC~1\MSN6
2007-05-31 21:00 1,310,720 --ah----- C:\DOCUME~1\EVELIE~1.000\ntuser.dat
2007-05-31 21:00 <DIR> dr-h----- C:\DOCUME~1\EVELIE~1.000\Onlangs geopend
2007-05-31 21:00 <DIR> dr------- C:\DOCUME~1\EVELIE~1.000\Mijn documenten
2007-05-31 21:00 <DIR> dr------- C:\DOCUME~1\EVELIE~1.000\Menu Start
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
2007-06-12 18:44:46 60,216 ----a-w C:\WINDOWS\system32\perfc013.dat
2007-06-12 18:44:46 380,250 ----a-w C:\WINDOWS\system32\perfh013.dat
2007-06-09 17:46:12 -------- d-----w C:\Program Files\Incomplete
2007-06-09 06:13:12 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-08 16:42:38 -------- d-----w C:\Program Files\Google
2007-06-08 11:56:17 -------- d-----w C:\Program Files\Windows Live Toolbar
2007-06-03 12:21:17 -------- d-----w C:\Program Files\Smart Panel
2007-05-31 14:11:06 -------- d-----w C:\Program Files\Movie Maker
2007-05-31 14:10:50 -------- d-----w C:\Program Files\Windows NT
2007-05-31 12:50:45 -------- d--h--w C:\Program Files\WindowsUpdate
2007-05-31 12:19:55 -------- d-----w C:\Program Files\Telenet EasyCare
2007-05-31 12:19:03 -------- d-----w C:\Program Files\Common Files\Motive
2007-05-26 16:37:16 -------- d-----w C:\Program Files\Motive
2007-05-02 18:45:37 -------- d-----w C:\Program Files\Virtools Web Player 3.5
2007-05-02 18:45:37 -------- d-----w C:\Program Files\Virtools Web Player 2.1
2007-05-02 18:13:10 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-04-25 14:22:52 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 16:13]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\com(2)]
com(2).dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dgnnui]
dgnnui.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MSINatq]
MSINatq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\ddabawv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Telenet EasyCare.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Telenet EasyCare.lnk
backup=C:\WINDOWS\pss\Telenet EasyCare.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^VIA RAID TOOL.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\VIA RAID TOOL.lnk
backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe
Contents of the 'Scheduled Tasks' folder
2007-06-14 04:46:01 C:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job
************************************************** ************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-18 20:20:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
Completion time: 2007-06-18 20:21:39 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-18 20:21
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 20:38:03, on 18-6-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HILDE.HILDE-BERVOETS\Local Settings\Temporary Internet Files\Content.IE5\EZWFAXEZ\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180615816968
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://downloads.telenet.be/tisp/ols/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: c:\windows\system32\ddabawv.dll
O20 - Winlogon Notify: com(2) - com(2).dll (file missing)
O20 - Winlogon Notify: dgnnui - dgnnui.dll (file missing)
O20 - Winlogon Notify: MSINatq - MSINatq.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\HILDE.HILDE-BERVOETS\Application Data\tmp7.tmp.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Hoi lex11,
ziet er al beter uit.
Download OTMoveIt.exe (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe) en plaats het op je bureaublad:
Start OTMoveIt door dubbel te klikken op OTMoveIt.exe
In het linkerpaneel, waar het zegt: Paste List of Files/Folders to be Moved ,kopieer en plak je onderstaand gedeelte:
c:\windows\system32\ddabawv.dll
Klik daarna op de knop MoveIt onderaan.
Wanneer voltooid zal het een log aanmaken (********_******.log -- de * staat voor datum en tijd) in de volgende map: C:\_OTMoveIt\MovedFiles.
Post de inhoud daarvan in je volgende bericht
Open HijackThsi , klik do a scan only en plaats een vinkje naast volgende regels:
O20 - AppInit_DLLs: c:\windows\system32\ddabawv.dll
O20 - Winlogon Notify: com(2) - com(2).dll (file missing)
O20 - Winlogon Notify: dgnnui - dgnnui.dll (file missing)
O20 - Winlogon Notify: MSINatq - MSINatq.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
Sluit alle open vensters, behalve HijackThis, en klik op Fix Checked Sluit HijackThis.
Herstart je PC en post de log van Otmoveit en een nieuw HijackThis logje.
Logfile of HijackThis v1.99.1
Scan saved at 7:27:55, on 20-6-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HILDE.HILDE-BERVOETS\Local Settings\Temporary Internet Files\Content.IE5\EZWFAXEZ\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180615816968
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\HILDE.HILDE-BERVOETS\Application Data\tmp7.tmp.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Otmoveit.exe
File/Folder c:\windows\system32\ddabawv.dll not found.
Created on 06-20-2007 07:20:15
Kan niet uitvoeren
Hallo lex11,
dit ziet er goed uit hoor. Hoe werkt alles nu?
Van harte dank, doe zo verder !!
Heb geen probleem meer ondervonden.
:good::good::good::good::good:
|
|