Het is nu vr okt 31, 2014 11:38 am

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles




Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 4 berichten ] 
Auteur Bericht
BerichtGeplaatst: zo jan 25, 2009 3:08 am 
Offline
Lid

Geregistreerd: vr nov 16, 2007 10:17 am
Berichten: 21
Woonplaats: Antwerpen
Hallo,

Ik heb op een of andere manier een hijacker op mijn business pc binnengekregen (maakt folder resycled aan met daarin ntldr.com, en op de root een autorun.inf). Ik meen dat ik die er inmiddels af heb gekregen (met prog FlashDisinfector en handmatig). Als ik nu een scan doe met Exterminate It! en Spybot vinden die geen problemen meer.

Het kwaad is ondertussen reeds geschied : ik kan met IE geen enkele site meer benaderen en zet dit bericht nu op het forum via computer 2.
Ik zie ook dat mijn prullenbak in de takenbalk verdwenen is.

Ik heb met hijackthis een log aangemaakt. Zou u die eens willen bekijken aub en me adviseren wat ik moet doen om het probleem te verhelpen?

Waarvoor reeds bij voorbaat mijn hartelijke dank.
Dirk Wanseele

-------------------
Logfile of HijackThis v1.99.1
Scan saved at 1:23:35, on 25/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cherry\KeyMan\KeyMan.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Belgium Identity Card\beidsystemtray.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Cherry\CDI\cdi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dirk\Bureaublad\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [CherryKeyMan] "C:\Program Files\Cherry\KeyMan\KeyMan.exe"
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.kbc.be
O15 - Trusted Zone: http://*.cbc.be (HKLM)
O15 - Trusted Zone: http://*.cbc.eu (HKLM)
O15 - Trusted Zone: http://www.isabel.be (HKLM)
O15 - Trusted Zone: http://*.isabel.be (HKLM)
O15 - Trusted Zone: http://ugrade.isabel.eu (HKLM)
O15 - Trusted Zone: http://www.isabel.eu (HKLM)
O15 - Trusted Zone: http://*.isabel.eu (HKLM)
O15 - Trusted Zone: http://*.kbc.be (HKLM)
O15 - Trusted Zone: http://*.kbc.com (HKLM)
O15 - Trusted Zone: http://*.kbc.eu (HKLM)
O15 - Trusted Zone: http://*.kbcbankingforbusiness.com (HKLM)
O15 - Trusted Zone: http://*.kbcgroup.eu (HKLM)
O15 - Trusted Zone: http://*.kbcmerchantbanking.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7634515000
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://ccff02.minfin.fgov.be/CCFF_Auth ... apicom.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cherry Device Interface - Cherry, Auerbach Germany, www.cherry.de - C:\Program Files\Cherry\CDI\cdi.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: zo jan 25, 2009 8:44 am 
Offline
Moderator
Avatar gebruiker

Geregistreerd: za jul 14, 2007 10:22 am
Berichten: 11001
Woonplaats: Kapellen (B)
Download Combofix naar je Bureaublad.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.


Omhoog
 Profiel  
 
BerichtGeplaatst: zo jan 25, 2009 11:13 am 
Offline
Lid

Geregistreerd: vr nov 16, 2007 10:17 am
Berichten: 21
Woonplaats: Antwerpen
Hallo,

Een aanvulling op mijn bericht van 25/1. Nadat ik combofix heb laten lopen lijkt het probleem verholpen. Ik stuur jullie hierbij nog een HJT log die gemaakt is NA de combofix en de log van de combofix.
Zouden jullie die voor alle zekerheid nog eens willen bekijken aub en me laten weten of het Hijack probleem inderdaad verholpen is dan wel of ik nog iets extras moet doen?

Bedankt en mvg

Dirk Wanseele
--------------
HJT Log
--------------
Logfile of HijackThis v1.99.1
Scan saved at 10:09:16, on 25/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Cherry\KeyMan\KeyMan.exe
C:\Program Files\Belgium Identity Card\beidsystemtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cherry\CDI\cdi.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Dirk\Bureaublad\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [CherryKeyMan] "C:\Program Files\Cherry\KeyMan\KeyMan.exe"
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.kbc.be
O15 - Trusted Zone: http://*.cbc.be (HKLM)
O15 - Trusted Zone: http://*.cbc.eu (HKLM)
O15 - Trusted Zone: http://www.isabel.be (HKLM)
O15 - Trusted Zone: http://*.isabel.be (HKLM)
O15 - Trusted Zone: http://ugrade.isabel.eu (HKLM)
O15 - Trusted Zone: http://www.isabel.eu (HKLM)
O15 - Trusted Zone: http://*.isabel.eu (HKLM)
O15 - Trusted Zone: http://*.kbc.be (HKLM)
O15 - Trusted Zone: http://*.kbc.com (HKLM)
O15 - Trusted Zone: http://*.kbc.eu (HKLM)
O15 - Trusted Zone: http://*.kbcbankingforbusiness.com (HKLM)
O15 - Trusted Zone: http://*.kbcgroup.eu (HKLM)
O15 - Trusted Zone: http://*.kbcmerchantbanking.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7634515000
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://ccff02.minfin.fgov.be/CCFF_Auth ... apicom.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cherry Device Interface - Cherry, Auerbach Germany, www.cherry.de - C:\Program Files\Cherry\CDI\cdi.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

-------------
Combofix log
-------------
ComboFix 09-01-21.04 - Dirk 2009-01-25 2:57:32.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2031.1566 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Dirk\Bureaublad\ComboFix.exe
AV: BullGuard Antivirus *On-access scanning enabled* (Updated)
FW: BullGuard Firewall *enabled*
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gaopdxqgikmlrr.sys
c:\windows\system32\gaopdxqjcxruwp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


(((((((((((((((((((( Bestanden Gemaakt van 2008-12-25 to 2009-01-25 ))))))))))))))))))))))))))))))
.

2009-01-25 02:38 . 2009-01-04 13:03 2,888,012 -ra------ C:\ComboFix.exe
2009-01-25 00:26 . 2009-01-25 00:26 <DIR> d--hs---- c:\documents and settings\Dirk\UserData
2009-01-25 00:13 . 2009-01-25 00:21 <DIR> d-------- c:\program files\Exterminate It!
2009-01-24 23:39 . 2009-01-24 23:39 1,152 --a------ c:\windows\system32\windrv.sys
2009-01-24 23:38 . 2009-01-24 23:45 <DIR> d-------- c:\program files\SpyNoMore
2009-01-24 23:38 . 2009-01-24 23:38 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-01-21 21:09 . 2009-01-21 22:01 <DIR> d-------- C:\Mijn Opnames
2009-01-21 21:08 . 2009-01-21 21:08 <DIR> d-------- c:\program files\XstreamRadio 3.02
2009-01-20 07:15 . 2009-01-20 07:15 <DIR> d-------- C:\CIEL
2009-01-20 07:15 . 1999-03-22 18:03 94,160 --a------ c:\windows\system32\advpack.dl_
2009-01-12 14:51 . 2009-01-12 14:51 1,215,655 --a------ c:\temp\abclit.zip
2009-01-08 17:00 . 2009-01-08 19:09 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-08 17:00 . 2009-01-08 19:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-08 10:52 . 2009-01-08 10:52 <DIR> d-------- C:\Meubelen
2009-01-07 23:51 . 2009-01-07 23:51 <DIR> d-------- c:\documents and settings\Dirk\Application Data\Malwarebytes
2009-01-07 21:31 . 2009-01-08 17:17 <DIR> d-------- c:\program files\Enigma Software Group
2009-01-04 22:55 . 2009-01-04 22:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-04 22:55 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 22:55 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-04 22:11 . 2009-01-04 22:11 <DIR> d-------- c:\windows\system32\regdacl
2009-01-04 22:11 . 2009-01-07 22:45 90,112 --a------ c:\windows\system32\regdacl.exe
2009-01-04 22:11 . 2009-01-07 22:45 16,384 --a------ c:\windows\system32\restart.exe
2009-01-04 22:11 . 2009-01-07 22:45 4,096 --a------ c:\windows\system32\reboot.exe
2009-01-02 23:28 . 2009-01-02 23:28 <DIR> d-------- c:\documents and settings\Dirk 2\Application Data\Cherry
2009-01-02 23:28 . 2009-01-02 23:28 <DIR> d-------- c:\documents and settings\Dirk 2\Application Data\BullGuard
2009-01-02 23:28 . 2004-08-04 13:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-02 23:27 . 2007-12-14 02:16 <DIR> d--h----- c:\documents and settings\Dirk 2\Sjablonen
2009-01-02 23:27 . 2009-01-02 23:28 <DIR> dr-h----- c:\documents and settings\Dirk 2\Onlangs geopend
2009-01-02 23:27 . 2007-12-14 02:48 <DIR> d--h----- c:\documents and settings\Dirk 2\Netwerkprinteromgeving
2009-01-02 23:27 . 2009-01-02 23:28 <DIR> dr------- c:\documents and settings\Dirk 2\Mijn documenten
2009-01-02 23:27 . 2007-12-14 02:48 <DIR> dr------- c:\documents and settings\Dirk 2\Menu Start
2009-01-02 23:27 . 2009-01-02 23:28 <DIR> dr------- c:\documents and settings\Dirk 2\Favorieten
2009-01-02 23:27 . 2007-12-14 02:48 <DIR> d-------- c:\documents and settings\Dirk 2\Bureaublad
2009-01-02 23:27 . 2009-01-02 23:27 <DIR> d-------- c:\documents and settings\Dirk 2
2009-01-02 18:38 . 2009-01-02 18:38 <DIR> d-------- c:\documents and settings\Dirk\Application Data\Uniblue
2009-01-02 05:23 . 2007-12-14 02:16 <DIR> d--h----- c:\documents and settings\Administrator\Sjablonen
2009-01-02 05:23 . 2007-12-14 02:48 <DIR> d--h----- c:\documents and settings\Administrator\Onlangs geopend
2009-01-02 05:23 . 2007-12-14 02:48 <DIR> d--h----- c:\documents and settings\Administrator\Netwerkprinteromgeving
2009-01-02 05:23 . 2007-12-14 02:48 <DIR> d-------- c:\documents and settings\Administrator\Mijn documenten
2009-01-02 05:23 . 2007-12-14 02:48 <DIR> dr------- c:\documents and settings\Administrator\Menu Start
2009-01-02 05:23 . 2007-12-14 02:48 <DIR> d-------- c:\documents and settings\Administrator\Favorieten
2009-01-02 05:23 . 2009-01-04 22:30 <DIR> d-------- c:\documents and settings\Administrator\Bureaublad
2009-01-02 05:23 . 2009-01-02 05:23 <DIR> d-------- c:\documents and settings\Administrator
2009-01-02 05:16 . 2009-01-04 22:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-02 04:22 . 2008-04-14 19:02 116,736 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-01-02 04:20 . 2001-08-17 21:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys
2009-01-02 04:19 . 2001-09-06 21:27 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-01-02 04:18 . 2001-08-17 22:01 241,664 --a--c--- c:\windows\system32\dllcache\tosdvd02.sys
2009-01-02 04:17 . 2001-09-06 18:20 286,432 --a--c--- c:\windows\system32\dllcache\stlnata.sys
2009-01-02 04:16 . 2001-09-06 21:26 252,032 --a--c--- c:\windows\system32\dllcache\sis300iv.dll
2009-01-02 04:15 . 2001-09-06 21:27 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2009-01-02 04:14 . 2001-09-06 20:29 899,594 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-01-02 04:13 . 2008-04-14 19:02 363,520 --a--c--- c:\windows\system32\dllcache\psisdecd.dll
2009-01-02 04:12 . 2001-08-17 22:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2009-01-02 04:11 . 2004-08-04 00:57 132,695 --a--c--- c:\windows\system32\dllcache\netwlan5.sys
2009-01-02 04:10 . 2001-08-17 21:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2009-01-02 04:09 . 2008-04-14 19:02 254,464 --a--c--- c:\windows\system32\dllcache\kdsusd.dll
2009-01-02 04:08 . 2008-04-14 19:02 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2009-01-02 04:07 . 2001-09-06 20:34 907,552 --a--c--- c:\windows\system32\dllcache\hcf_msft.sys
2009-01-02 04:06 . 2001-09-06 21:26 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-01-02 04:05 . 2001-08-17 20:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-01-02 04:04 . 2001-09-06 18:59 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-01-02 04:03 . 2001-09-06 18:55 715,146 --a--c--- c:\windows\system32\dllcache\cbmdmkxx.sys
2009-01-02 04:01 . 2001-09-06 21:26 103,936 --a--c--- c:\windows\system32\dllcache\binlsvc.dll
2009-01-02 04:00 . 2001-08-17 21:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-01-02 03:39 . 2001-08-17 21:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-01-02 03:38 . 2001-09-06 21:26 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2008-12-31 07:02 . 2008-12-31 07:03 <DIR> d-------- C:\Archief IPS
2008-12-29 16:33 . 2009-01-04 21:58 <DIR> d--hs---- c:\windows\system32\twain32
2008-12-29 16:33 . 2008-04-14 18:03 26,112 --a------ c:\windows\system32\stus.exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-25 01:49 --------- d-----w c:\documents and settings\All Users\Application Data\BullGuard
2009-01-20 06:58 --------- d-----w c:\program files\WBOEKHEVOL
2009-01-14 23:41 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-01 21:17 --------- d-----w c:\program files\Portfolio 2000
2008-12-30 12:38 --------- d-----w c:\program files\KBC-Online
2008-12-19 12:18 --------- d-----w c:\program files\MagicDVDRipper
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 09:22 55,504 ----a-w c:\windows\system32\drivers\BdFileSpy.sys
2008-11-24 07:43 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-11-13 07:00 19,784 ----a-w c:\windows\system32\BgOutlookHook.dll
2008-11-13 07:00 14,152 ----a-w c:\windows\system32\lccl.dll
2008-11-13 07:00 14,152 ----a-w c:\windows\system32\client_cc.dll
2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
1999-06-25 08:55 149,504 ----a-w c:\program files\UNWISE.EXE
2008-09-06 10:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008090620080907\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-25_ 2.40.25,95 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 07:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2009-01-25 01:54:04 16,384 ----atw c:\windows\temp\Perflib_Perfdata_174.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-12-21 304464]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-16 1953792]
"CherryKeyMan"="c:\program files\Cherry\KeyMan\KeyMan.exe" [2006-08-02 237620]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-12-21 304464]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"beidsystemtray"="c:\program files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 188416]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-24 136600]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SNM"="c:\program files\SpyNoMore\SNM.exe" [2009-01-24 1064400]

c:\documents and settings\Dirk\Menu Start\Programma's\Opstarten\
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Portfolio 2000\\Portfolio2000.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 afw;BullGuard Firewall Driver;c:\windows\system32\drivers\Afw.sys [2007-10-29 30872]
R3 AfwCore;Agnitum Firewall Core Driver;c:\windows\system32\drivers\AfwCore.sys [2008-11-13 252568]
R3 Ch2kUSB;Cherry USB Driver for CDI;c:\windows\system32\drivers\Ch2kUSB.sys [2006-06-29 167566]
R3 Ch2kUSBM;Cherry USB Mouse Driver for CDI;c:\windows\system32\drivers\Ch2kUSBm.sys [2006-04-28 72149]
R4 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R4 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [2007-12-23 55504]
R4 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [2004-08-04 14336]
R4 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [2004-08-04 14336]
R4 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [2004-08-04 14336]
R4 eID CRL Service;eID CRL Service;c:\windows\system32\beidservicecrl.exe [2007-02-19 225280]
S3 BGRaSvc;BGRaSvc;c:\program files\BullGuard Ltd\BullGuard\support\bgrasvc.exe [2007-10-31 73728]
S3 Cherry Device Interface;Cherry Device Interface;c:\program files\Cherry\CDI\cdi.exe [2006-06-27 573486]
S3 eID Privacy Service;eID Privacy Service;c:\windows\system32\beidservicepcsc.exe [2007-02-19 331776]
S3 Reconn;BullGuard Email Monitor;c:\program files\BullGuard Ltd\BullGuard\Reconn.sys [2007-10-29 16984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire
.
Inhoud van de 'Gedeelde Taken' map

2009-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7A0815F1-6B65-4e3a-B198-709807B4042A} - {1EC035CE-090E-4AF7-B6DF-AD11C2F0F9C9} - c:\program files\XstreamRadio 3.02\RadioHelper.dll
Trusted Zone: fgov.be\ccff02.minfin
Trusted Zone: kbc.be
Trusted Zone: cbc.be\*
Trusted Zone: cbc.eu\*
Trusted Zone: isabel.be
Trusted Zone: isabel.be\*.IBS6
Trusted Zone: isabel.be\gotoIBS6
Trusted Zone: isabel.be\pki
Trusted Zone: isabel.be\www
Trusted Zone: isabel.eu
Trusted Zone: isabel.eu\ugrade
Trusted Zone: isabel.eu\www
Trusted Zone: kbc.be\*
Trusted Zone: kbc.com\*
Trusted Zone: kbc.eu\*
Trusted Zone: kbcbankingforbusiness.com\*
Trusted Zone: kbcgroup.eu\*
Trusted Zone: kbcmerchantbanking.com\*
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://ccff02.minfin.fgov.be/CCFF_Auth ... apicom.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 02:59:22
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1275210071-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Voltooingstijd: 2009-01-25 3:00:35
ComboFix-quarantined-files.txt 2009-01-25 02:00:34
ComboFix2.txt 2009-01-25 01:41:27

Pre-Run: 4,558,716,928 bytes beschikbaar
Post-Run: 4,559,425,536 bytes beschikbaar

219 --- E O F --- 2009-01-14 23:41:01


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: zo jan 25, 2009 11:20 am 
Offline
Moderator
Avatar gebruiker

Geregistreerd: za jul 14, 2007 10:22 am
Berichten: 11001
Woonplaats: Kapellen (B)
Ziet er goed uit :D

Nog even dit om de resten van de besmetting op te ruimen :

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u
Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download CCleaner.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !


Omhoog
 Profiel  
 
Geef de vorige berichten weer:  Sorteer op  
Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 4 berichten ] 

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles


Wie is er online

Gebruikers op dit forum: Google [Bot] en 1 gast


Je mag geen nieuwe onderwerpen in dit forum plaatsen
Je mag niet antwoorden op een onderwerp in dit forum
Je mag je berichten in dit forum niet wijzigen
Je mag je berichten niet uit dit forum verwijderen
Je mag geen bijlagen toevoegen in dit forum

Ga naar:  
Powered by phpBB® Forum Software © phpBB Group
phpBB.nl Vertaling