voor de HTPC .
VundoFix V6.4.2
Checking Java version...
Sun Java not detected
Scan started at 20:14:42 7-6-2007
Listing files found while scanning....
C:\WINDOWS\system32\byxywwt.dll
C:\WINDOWS\system32\daktcyqu.ini
C:\WINDOWS\system32\iifdaax.dll
C:\WINDOWS\system32\iiffcyw.dll
C:\WINDOWS\system32\khfgfcd.dll
C:\WINDOWS\system32\ljjgfcb.dll
C:\WINDOWS\system32\lmllm.bak1
C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\mljhijk.dll
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\ssqqqrs.dll
C:\WINDOWS\system32\ssqronk.dll
C:\WINDOWS\system32\uqyctkad.dll
C:\WINDOWS\system32\urqqnnl.dll
C:\WINDOWS\system32\wvusrqr.dll
C:\WINDOWS\system32\wvutrop.dll
C:\WINDOWS\system32\wvuvuuv.dll
C:\WINDOWS\system32\yaywurs.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\byxywwt.dll
C:\WINDOWS\system32\byxywwt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\daktcyqu.ini
C:\WINDOWS\system32\daktcyqu.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifdaax.dll
C:\WINDOWS\system32\iifdaax.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iiffcyw.dll
C:\WINDOWS\system32\iiffcyw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\khfgfcd.dll
C:\WINDOWS\system32\khfgfcd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjgfcb.dll
C:\WINDOWS\system32\ljjgfcb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmllm.bak1
C:\WINDOWS\system32\lmllm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\system32\lmllm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmllm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljhijk.dll
C:\WINDOWS\system32\mljhijk.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\mllml.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqqqrs.dll
C:\WINDOWS\system32\ssqqqrs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqronk.dll
C:\WINDOWS\system32\ssqronk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\uqyctkad.dll
C:\WINDOWS\system32\uqyctkad.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urqqnnl.dll
C:\WINDOWS\system32\urqqnnl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvusrqr.dll
C:\WINDOWS\system32\wvusrqr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvutrop.dll
C:\WINDOWS\system32\wvutrop.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvuvuuv.dll
C:\WINDOWS\system32\wvuvuuv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yaywurs.dll
C:\WINDOWS\system32\yaywurs.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mljhijk.dll
C:\WINDOWS\system32\mljhijk.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.4.2
Checking Java version...
Sun Java not detected
Scan started at 20:27:13 7-6-2007
Listing files found while scanning....
C:\WINDOWS\system32\mljhijk.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mljhijk.dll
C:\WINDOWS\system32\mljhijk.dll Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 20:43:35, on 7-6-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\iexplore32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\TeamViewer\TeamViewer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DynGate\DynGate.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\BART~1.MED\LOCALS~1\Temp\Rar$EX00.094\ HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TeamViewer] "C:\Program Files\TeamViewer\TeamViewer.exe" -servicehelper
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [InternetExplorer32] C:\WINDOWS\system32\iexplore32.exe
O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\system.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\uqyctkad.dll",realset
O4 - HKLM\..\Run: [j3231039] rundll32 C:\WINDOWS\system32\j3231039.dll sook
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [InternetExplorer32] C:\WINDOWS\system32\iexplore32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Microsoft System Management - Unknown owner - C:\WINDOWS\system32\system.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: TeamViewer Remote Control (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer\TeamViewer.exe" -service (file missing)
DrWeb :
awtsr.dll;c:\windows\system32;Trojan.Virtumod;Will be cured after reboot.;
lmfjaphi.dll;c:\windows\system32;Trojan.Virtumod;W ill be cured after reboot.;
PowerISO37.exe;C:\Documents and Settings\All Users.WINDOWS\Documenten;Trojan.MulDrop.5980;Delet ed.;
lo1[1];C:\Documents and Settings\Bart.MEDIACENTER\Local Settings\Temporary Internet Files\Content.IE5\59729YNL;Trojan.Virtumod;Deleted .;
lo1[1];C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\RE6ZWR0D;Trojan.Virtumod;Deleted .;
A0016444.dll;C:\System Volume Information\_restore{FEED4DFF-D203-45BB-AEC3-F923DDADF58B}\RP45;Trojan.Virtumod;Deleted.;
A0016447.dll;C:\System Volume Information\_restore{FEED4DFF-D203-45BB-AEC3-F923DDADF58B}\RP45;Trojan.Virtumod;Deleted.;
A0016485.exe;C:\System Volume Information\_restore{FEED4DFF-D203-45BB-AEC3-F923DDADF58B}\RP45;Trojan.MulDrop.5980;Deleted.;
mllml.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
uqyctkad.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
awtsr.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;
knvyyihp.exe;C:\WINDOWS\system32;Trojan.Click.2485 ;Deleted.;
lmfjaphi.dll;C:\WINDOWS\system32;Trojan.Virtumod;W ill be cured after reboot.;
Weergegeven resultaten: 1 t/m 10 van 15
Discussie: wolfskin 2 tav Rosty.
-
7 June 2007, 22:34 #1Expert
- Geregistreerd
- 5 August 2005
- Locatie
- Turnhout
- Berichten
- 625
- Bedankjes
- 1.107
- Bedankt
- 139 keer in 88 posts
wolfskin 2 tav Rosty.
Laatst gewijzigd door wolfskin; 7 June 2007 om 23:59
-
8 June 2007, 16:40 #2Spyware Slayer
- Geregistreerd
- 19 May 2005
- Locatie
- Zandvliet/ Ledegem
- Berichten
- 4.212
- Bedankjes
- 1.207
- Bedankt
- 2.706 keer in 1.759 posts
Hi wolfskin,
open HijackThis, klik do a scan only en vink volgende regels aan:
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [InternetExplorer32] C:\WINDOWS\system32\iexplore32.exe
O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\system.exe
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\uqyctkad.dll",realset
O4 - HKLM\..\Run: [j3231039] rundll32 C:\WINDOWS\system32\j3231039.dll sook
O4 - HKLM\..\RunServices: [InternetExplorer32] C:\WINDOWS\system32\iexplore32.exe
Sluit alle open vensters, behalve HijackThis, en kliok op Fix Checked. Sluit HijackThis.
Start nu je pc op in VEILIGE MODE.
Tijdens het opstarten hou je de F8-toets ingedrukt tot het opstartmenu verschijnt.
In dit menu kies je de optie "Veilige modus".
Zoek via windows verkenner naar volgende mappen en verwijder ze indien nog aanwezig:
C:\WINDOWS\system32\iexplore32.exe
C:\WINDOWS\system32\system.exe
C:\WINDOWS\system32\uqyctkad.dll
C:\WINDOWS\system32\j3231039.dll
Doe nog eens een scan met DrWebCureIt.
Post de logjes van DrWeb en een nieuw HijackThis log in je volgende antwoord.
-
De volgende gebruiker bedankt Rosty voor deze nuttige post:
wolfskin ( 8 June 2007)
-
8 June 2007, 17:43 #3Expert
- Geregistreerd
- 5 August 2005
- Locatie
- Turnhout
- Berichten
- 625
- Bedankjes
- 1.107
- Bedankt
- 139 keer in 88 posts
De popups en dergelijk blijven komen, als dat belangrijke info zou zijn...
Logfile of HijackThis v1.99.1
Scan saved at 17:38:33, on 8-6-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\TeamViewer\TeamViewer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DynGate\DynGate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TeamViewer] "C:\Program Files\TeamViewer\TeamViewer.exe" -servicehelper
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Microsoft System Management - Unknown owner - C:\WINDOWS\system32\system.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: TeamViewer Remote Control (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer\TeamViewer.exe" -service (file missing)
DrWEB:
awtsr.dll;c:\windows\system32;Trojan.Virtumod;Will be cured after reboot.;
awtsr.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;
-
8 June 2007, 22:53 #4Spyware Slayer
- Geregistreerd
- 19 May 2005
- Locatie
- Zandvliet/ Ledegem
- Berichten
- 4.212
- Bedankjes
- 1.207
- Bedankt
- 2.706 keer in 1.759 posts
Hoi wolfskin,
doe eens het volgende aub:
Ga naar de map c:\hijackthis en klik rechts op het icoontje Hijackthis.exe
Dan neem je Hernoemen en noem je het bvb analyse.exe of wat je maar wil.
Post dan een nieuw logje van HijackThis (die je hernoemt hebt), hier in uw volgende antwoord.
Grtz,
Rosty.
-
De volgende gebruiker bedankt Rosty voor deze nuttige post:
wolfskin ( 9 June 2007)
-
9 June 2007, 00:07 #5Expert
- Geregistreerd
- 5 August 2005
- Locatie
- Turnhout
- Berichten
- 625
- Bedankjes
- 1.107
- Bedankt
- 139 keer in 88 posts
Bij deze,
Logfile of HijackThis v1.99.1
Scan saved at 0:05:58, on 9-6-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\TeamViewer\TeamViewer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DynGate\DynGate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\haaihjak.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {0EDFFBC3-E360-4ADB-A448-95AB76AC9B58} - C:\WINDOWS\system32\awtsr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {A2339A9B-D1F4-4084-9EEE-B9F5CB487527} - C:\WINDOWS\system32\ddcyyya.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {B5F6EBB4-AE95-4E1F-AEB0-2F7A73F625C2} - (no file)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TeamViewer] "C:\Program Files\TeamViewer\TeamViewer.exe" -servicehelper
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\praonspj.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awtsr - C:\WINDOWS\system32\awtsr.dll
O20 - Winlogon Notify: ddcyyya - C:\WINDOWS\SYSTEM32\ddcyyya.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Microsoft System Management - Unknown owner - C:\WINDOWS\system32\system.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: TeamViewer Remote Control (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer\TeamViewer.exe" -service (file missing)
-
9 June 2007, 09:15 #6Spyware Slayer
- Geregistreerd
- 19 May 2005
- Locatie
- Zandvliet/ Ledegem
- Berichten
- 4.212
- Bedankjes
- 1.207
- Bedankt
- 2.706 keer in 1.759 posts
Hi wolfskin,
het is inderdaad een lastige hoor!!
Verwijder eens de vorige versie van Vundofix!
1. Ga naar start -- uitvoeren en typ: sc stop TeamViewer
2. Ga naar start -- uitvoeren en typ: sc delete TeamViewer
download VundoFix.zip en sla hem op je bureaublad op.
[list][*]Dubbelklik VundoFix.zip en pak het uit naar je C:\ schijf[*]Kopieer de instructies en sla ze in een kladblokbestand op, om precies te weten wat je moet doen, want je mag zo geen andere vensters open hebben.- Alle ander vensters moeten gesloten zijn tijdens deze fix!
- Als het programma start vertelt het je dat je , een actieve internetverbinding moet hebben, en vertelt je een toets te drukken, hetgeen je ook doet als je internetverbinding actief is
en klik do a scan only en vink volgende regels aan:
O2 - BHO: (no name) - {0EDFFBC3-E360-4ADB-A448-95AB76AC9B58} - C:\WINDOWS\system32\awtsr.dll
O2 - BHO: (no name) - {A2339A9B-D1F4-4084-9EEE-B9F5CB487527} - C:\WINDOWS\system32\ddcyyya.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {B5F6EBB4-AE95-4E1F-AEB0-2F7A73F625C2} - (no file)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [TeamViewer] "C:\Program Files\TeamViewer\TeamViewer.exe" -servicehelper
O20 - Winlogon Notify: awtsr - C:\WINDOWS\system32\awtsr.dll
O20 - Winlogon Notify: ddcyyya - C:\WINDOWS\SYSTEM32\ddcyyya.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: TeamViewer Remote Control (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer\TeamViewer.exe" -service (file missing)
Sluit alle open vensters, behalve HijackThis en Klik op Fix Checked. Sluit HijackTHis.
Zoek via windows verkenner naar volgende bestand en verwijder indien aanwezig:
C:\Program Files\TeamViewer\TeamViewer.exe
Herstart je computer en post de logjes van vundofix en een nieuw HijackThis logje.Laatst gewijzigd door Rosty; 9 June 2007 om 09:40 Reden: opmaak
-
De volgende gebruiker bedankt Rosty voor deze nuttige post:
wolfskin ( 9 June 2007)
-
9 June 2007, 17:31 #7Expert
- Geregistreerd
- 5 August 2005
- Locatie
- Turnhout
- Berichten
- 625
- Bedankjes
- 1.107
- Bedankt
- 139 keer in 88 posts
hier hetzelfde Rosty, moet ik die teamviewer verwijderen, is een progje dat ik regelmatig gebruik.
En idem als andere post, vundofix.zip kan ik niet zo direct terugvinden...
Thanks
-
9 June 2007, 17:42 #8Spyware Slayer
- Geregistreerd
- 19 May 2005
- Locatie
- Zandvliet/ Ledegem
- Berichten
- 4.212
- Bedankjes
- 1.207
- Bedankt
- 2.706 keer in 1.759 posts
Van mij moet je dat niet verwijderen, maar het word als gevaarlijk weergegeven bij mijn opzoekwerk.
-
9 June 2007, 19:22 #9Expert
- Geregistreerd
- 5 August 2005
- Locatie
- Turnhout
- Berichten
- 625
- Bedankjes
- 1.107
- Bedankt
- 139 keer in 88 posts
Ook hier heb ik die teamviewer er nog niet afgedaan.
Hier ook niet alle 02-BHO... bestandjes kon ik aanvinken bij hijackthis.
Die vundo gaf geen logje aan??!! is dat normaal.?
Logfile of HijackThis v1.99.1
Scan saved at 19:17:57, on 9-6-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\TeamViewer\TeamViewer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DynGate\DynGate.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\haaihjak.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {317923CF-CCD2-4B63-8570-3CD5467FB17F} - C:\WINDOWS\system32\awtsq.dll
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\galkvhyj.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TeamViewer] "C:\Program Files\TeamViewer\TeamViewer.exe" -servicehelper
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\praonspj.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awtsq - C:\WINDOWS\system32\awtsq.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Microsoft System Management - Unknown owner - C:\WINDOWS\system32\system.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: TeamViewer Remote Control (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer\TeamViewer.exe" -service (file missing)
-
9 June 2007, 22:07 #10Spyware Slayer
- Geregistreerd
- 19 May 2005
- Locatie
- Zandvliet/ Ledegem
- Berichten
- 4.212
- Bedankjes
- 1.207
- Bedankt
- 2.706 keer in 1.759 posts
Hi wolfskin,
print deze instructies uit of sla ze op in kladblok, je zal de pc moeten herstarten tijdens de fix.
Download SDFix en klik op "uitvoeren".
Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).
Nog niet gebruiken.
Herstart de pc in de veilige modus.
Safe mode for Windows XP
Herstart de computer
Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter
Dubbelklik de map SDFix en dubbelklik op RunThis.bat om het script te starten.
Typ Y en klik enter om het schoonmaakproces te starten.
Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te beëindigen en je bureaubladiconen weer te laden.
Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
* Download Combofix naar je bureaublad.
Dubbelklik combofix.exe
Volg de instructies.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix gedaan heeft en na herstart, zal de log combofix.txt openen.
Open HijackThis en klik do a scan only en vink volgende regels aan:
O2 - BHO: (no name) - {317923CF-CCD2-4B63-8570-3CD5467FB17F} - C:\WINDOWS\system32\awtsq.dll
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\galkvhyj.dll
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\praonspj.dll",realset
O20 - Winlogon Notify: awtsq - C:\WINDOWS\system32\awtsq.dll
Sluit alle open vensters, behalve Hijackthis, en klik op Fix Checked. Sluit HijackThis.
Herstart je PC en post de logjes van SDFix, Combofix en een nieuw HijackThis logje.
-
De volgende gebruiker bedankt Rosty voor deze nuttige post:
wolfskin (10 June 2007)
Discussie informatie
Users Browsing this Thread
Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)
Regels voor berichten
- Copyright © 2004 - 2019, Minatica.be
-
Powered by vBulletin®, versie 4.2.2
Copyright © 2024 vBulletin Solutions, Inc. - Design door Gert Bangels
Favorieten/bladwijzers