Mededeling

Collapse
No announcement yet.

Last van gebyx.dll trojan en misschien ook wel meer

Collapse
X
  •  
  • Tijd
  • Show
Clear All
new posts

  • Last van gebyx.dll trojan en misschien ook wel meer

    hier is een hijackthis logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:19:57, on 28-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\EH3QPSNR\WLinstaller[1].exe
    C:\Program Files\Windows Live\installer\Dashboard.exe
    C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tweakers.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'Default user')
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197214826828
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 6664 bytes

  • #2
    Download VirtumundoBegone (mirror)
    Sla dit op op je bureaublad.

    Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.


    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      VBG log:

      [12/29/2007, 13:35:09] - VirtumundoBeGone v1.5 ( "C:\DOCUME~1\ASCHWI~1.ASC\LOCALS~1\Temp\Rar$EX00.047\VirtumundoBeGone.exe" )
      [12/29/2007, 13:35:12] - Detected System Information:
      [12/29/2007, 13:35:12] - Windows Version: 5.1.2600, Service Pack 2
      [12/29/2007, 13:35:12] - Current Username: Aschwin (Admin)
      [12/29/2007, 13:35:12] - Windows is in NORMAL mode.
      [12/29/2007, 13:35:12] - Searching for Browser Helper Objects:
      [12/29/2007, 13:35:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
      [12/29/2007, 13:35:12] - BHO 2: {4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuardDLBLOCK.CBrowserHelper)
      [12/29/2007, 13:35:12] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [12/29/2007, 13:35:12] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
      [12/29/2007, 13:35:12] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [12/29/2007, 13:35:12] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [12/29/2007, 13:35:12] - BHO 7: {E3F4AE2E-1136-4C18-A209-CBB5B1713CD2} ()
      [12/29/2007, 13:35:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/29/2007, 13:35:12] - Checking for HKLM\...\Winlogon\Notify\gebyx
      [12/29/2007, 13:35:12] - Key not found: HKLM\...\Winlogon\Notify\gebyx, continuing.
      [12/29/2007, 13:35:12] - Finished Searching Browser Helper Objects
      [12/29/2007, 13:35:12] - Finishing up...
      [12/29/2007, 13:35:12] - Nothing found! Exiting...


      *********************************************************
      einde
      *********************************************************
      ----------------RVAXO.exe first run-------------

      Files found:

      C:\WINDOWS\system32\xybeg.ini2
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\vbzip10.dll
      C:\WINDOWS\Fonts\svchost .exe
      C:\WINDOWS\Fonts\a.zip
      C:\WINDOWS\Fonts\Crack.exe
      C:\n.bat
      C:\winlogon.exe
      C:\z.dat
      C:\x.dat

      Uninstallers Rogue scanners:


      Folders Found:

      C:\Program Files\Temporary

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------


      *********************************************************
      einde
      *********************************************************
      ComboFix 07-12-29.5 - Aschwin 2007-12-29 13:49:37.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1609 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Program Files\Registry Clean Expert\RCHelper.exe
      C:\WINDOWS\ecurit~1
      C:\WINDOWS\ecurit~1\?ecurity\
      C:\WINDOWS\ecurit~1\javaw .exe
      C:\WINDOWS\ppatch~1
      C:\WINDOWS\system32\gebyx.dll
      C:\WINDOWS\system32\gebyx.exe
      C:\WINDOWS\system32\xybeg.ini
      C:\WINDOWS\system32\xybeg.ini2

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-29 ))))))))))))))))))))))))))))))
      .

      2007-12-29 13:47 . 2007-12-29 13:47 <DIR> d-------- C:\RVAXO
      2007-12-29 13:38 . 2007-12-29 00:34 579,934 --a------ C:\WINDOWS\system32\RVAXO.bat
      2007-12-29 13:38 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2007-12-28 22:26 . 2007-12-29 13:50 <DIR> d-------- C:\Program Files\Registry Clean Expert
      2007-12-28 21:52 . 2007-12-28 21:52 <DIR> d-------- C:\Program Files\Trend Micro
      2007-12-28 21:42 . 2007-12-28 21:42 <DIR> d-------- C:\Program Files\CCleaner
      2007-12-28 21:21 . 2007-12-28 21:40 <DIR> d-------- C:\Program Files\SpywareGuard
      2007-12-28 19:50 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
      2007-12-28 19:49 . 2007-12-28 19:49 164 --a------ C:\install.dat
      2007-12-28 19:48 . 2007-12-28 21:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
      2007-12-28 19:42 . 2007-12-28 19:48 <DIR> d-------- C:\Temp
      2007-12-28 19:42 . 2007-12-28 19:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx
      2007-12-28 18:59 . 2007-12-28 18:59 <DIR> d-------- C:\hal
      2007-12-28 18:38 . 2007-12-28 18:38 55,576 --a------ C:\hal.zip
      2007-12-28 18:32 . 2007-12-28 18:32 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
      2007-12-28 18:31 . 2007-12-28 21:38 <DIR> d-------- C:\Program Files\Hitman Pro
      2007-12-28 18:28 . 2007-12-28 19:52 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
      2007-12-28 14:43 . 2007-12-28 18:27 <DIR> d-------- C:\Raxco PerfectDisk 7.0 Build 42+keygen
      2007-12-28 14:09 . 2007-12-28 21:38 <DIR> d-------- C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Application Data\PC Tools
      2007-12-28 14:07 . 2007-12-28 18:27 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
      2007-12-28 14:07 . 2007-12-28 18:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
      2007-12-28 13:38 . 2007-12-28 13:38 <DIR> d-------- C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Incomplete
      2007-12-28 13:34 . 2007-12-28 13:34 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
      2007-12-28 13:22 . 2007-12-28 13:22 <DIR> d-------- C:\Program Files\Lavalys
      2007-12-28 13:20 . 2007-12-28 18:34 <DIR> d-------- C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Application Data\LimeWire
      2007-12-28 13:12 . 2007-12-28 13:18 <DIR> d-------- C:\Program Files\SpeedFan
      2007-12-28 13:12 . 2007-12-28 13:12 45 --a------ C:\WINDOWS\system32\initdebug.nfo
      2007-12-27 08:57 . 2007-12-29 13:28 <DIR> d-------- C:\Program Files\Lineage II
      2007-12-27 08:56 . 2007-12-27 08:56 <DIR> d-------- C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Application Data\InstallShield
      2007-12-26 20:17 . 2007-12-26 19:19 3,998,750,452 --a------ C:\Lineage__II_1st_Throne_Installer.zip
      2007-12-24 17:10 . 2007-12-24 17:10 <DIR> d-------- C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Application Data\Earthsim
      2007-12-24 15:12 . 2007-12-24 15:12 244 --ah----- C:\sqmnoopt00.sqm
      2007-12-24 15:12 . 2007-12-24 15:12 232 --ah----- C:\sqmdata00.sqm
      2007-12-22 13:12 . 2006-02-04 03:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
      2007-12-22 13:12 . 2006-02-04 03:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
      2007-12-21 19:26 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
      2007-12-21 15:36 . 2007-12-21 16:01 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
      2007-12-21 15:35 . 2007-12-21 15:35 <DIR> d-------- C:\WINDOWS\Sun
      2007-12-21 15:35 . 2007-12-21 19:26 <DIR> d-------- C:\Program Files\Java
      2007-12-21 15:34 . 2007-12-21 15:34 <DIR> d-------- C:\Program Files\Common Files\Java
      2007-12-21 14:57 . 2007-12-28 20:43 <DIR> d-------- C:\Program Files\DAEMON Tools
      2007-12-21 14:57 . 2007-12-21 14:57 <DIR> d-------- C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Application Data\DAEMON Tools
      2007-12-20 18:16 . 2007-12-20 18:16 4,096 --a------ C:\WINDOWS\d3dx.dat
      2007-12-18 19:11 . 2007-12-18 19:17 <DIR> d-------- C:\Program Files\id Software
      2007-12-18 19:09 . 2007-12-18 19:09 <DIR> d-------- C:\Program Files\GameSpy
      2007-12-18 19:08 . 2007-12-18 19:08 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
      2007-12-18 18:53 . 2007-12-18 18:53 <DIR> d-------- C:\Program Files\Electronic Arts
      2007-12-17 22:06 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
      2007-12-17 12:48 . 2007-12-18 19:17 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
      2007-12-17 12:48 . 2007-12-18 19:17 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
      2007-12-17 12:48 . 2007-12-18 19:17 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
      2007-12-17 12:48 . 2007-12-18 19:17 22,328 --a------ C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Application Data\PnkBstrK.sys
      2007-12-17 12:48 . 2007-12-18 19:17 331 --a------ C:\WINDOWS\game.ini
      2007-12-17 12:45 . 2007-12-17 12:45 <DIR> d-------- C:\Program Files\Activision
      2007-12-14 20:43 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
      2007-12-14 20:43 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
      2007-12-11 22:21 . 2007-12-11 22:21 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
      2007-12-11 22:21 . 2007-12-12 19:26 4,096 --a------ C:\WINDOWS\system32\crash
      2007-12-11 19:55 . 2007-12-11 19:55 <DIR> d-------- C:\WINDOWS\system32\Futuremark
      2007-12-11 19:55 . 2007-12-11 19:55 <DIR> d-------- C:\Program Files\Futuremark
      2007-12-11 19:55 . 2007-12-11 19:55 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
      2007-12-11 19:55 . 2007-12-11 19:55 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
      2007-12-11 19:55 . 2007-09-07 14:55 27,672 --a------ C:\WINDOWS\system32\drivers\Entech.sys
      2007-12-11 19:55 . 2007-09-07 14:55 12,744 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
      2007-12-11 19:55 . 2007-09-07 14:55 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
      2007-12-11 19:55 . 2001-11-19 20:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
      2007-12-11 19:49 . 2007-12-12 18:59 <DIR> d-------- C:\Program Files\ATITool
      2007-12-11 17:15 . 2007-12-11 17:15 <DIR> d--hs---- C:\WINDOWS\ftpcache
      2007-12-10 21:19 . 2007-12-10 21:19 <DIR> d-------- C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Application Data\InstallShield Installation Information
      2007-12-10 21:14 . 2007-12-10 21:14 <DIR> d-------- C:\Program Files\Unreal Tournament 3
      2007-12-10 20:59 . 2007-12-11 19:50 69 --a------ C:\WINDOWS\NeroDigital.ini
      2007-12-10 00:11 . 2007-12-17 10:04 16,777,216 --a------ C:\WINDOWS\system32\diskbench.tst
      2007-12-09 22:31 . 2007-12-09 22:31 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI
      2007-12-09 20:57 . 2007-11-01 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
      2007-12-09 20:37 . 2007-12-09 20:37 <DIR> d-------- C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Application Data\AdobeUM
      2007-12-09 20:29 . 2007-12-09 20:29 <DIR> d-------- C:\WINDOWS\NV17003092.TMP
      2007-12-09 19:30 . 2007-12-09 19:30 <DIR> d-------- C:\Program Files\MSXML 6.0
      2007-12-09 17:28 . 2007-12-09 17:28 <DIR> d-------- C:\Program Files\MSBuild
      2007-12-09 17:26 . 2007-12-09 19:50 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
      2007-12-09 17:26 . 2007-12-09 17:26 <DIR> d-------- C:\Program Files\Windows Media Connect 2
      2007-12-09 17:26 . 2007-12-09 17:26 <DIR> d-------- C:\Program Files\Reference Assemblies
      2007-12-09 17:26 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
      2007-12-09 17:25 . 2007-12-17 12:48 <DIR> d-------- C:\WINDOWS\system32\LogFiles
      2007-12-09 17:25 . 2007-12-09 17:25 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
      2007-12-09 17:24 . 2007-12-09 17:24 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
      2007-12-09 17:20 . 2007-12-09 17:20 <DIR> d-------- C:\Program Files\Google
      2007-12-09 16:45 . 2007-12-09 16:53 <DIR> d-------- C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Contacts
      2007-12-09 16:40 . 2007-12-09 16:41 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
      2007-12-09 16:39 . 2007-12-28 22:20 <DIR> d-------- C:\Program Files\Windows Live
      2007-12-09 16:39 . 2007-12-28 22:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
      2007-12-09 16:18 . 2007-12-09 16:18 <DIR> d--hs---- C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\UserData
      2007-12-09 16:05 . 2007-12-09 16:05 <DIR> d-------- C:\Program Files\AGEIA Technologies
      2007-12-09 16:04 . 2007-12-28 19:53 <DIR> d--h----- C:\WINDOWS\$hf_mig$
      2007-12-09 16:04 . 2007-12-21 14:51 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
      2007-12-09 16:03 . 2007-12-09 16:03 <DIR> d-------- C:\Program Files\Fraps
      2007-12-09 16:03 . 2007-12-28 18:58 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
      2007-12-09 16:00 . 2007-12-09 16:00 <DIR> d-------- C:\Program Files\UT2004Demo
      2007-12-09 15:58 . 2007-12-09 15:58 <DIR> d-------- C:\Program Files\Microsoft Games
      2007-12-09 15:57 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
      2007-12-09 15:50 . 2007-12-09 15:50 <DIR> d-------- C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Application Data\ATI

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2007-12-09 14:11 737,280 ----a-w C:\WINDOWS\iun6002.exe
      2007-12-09 12:12 --------- d-----w C:\Program Files\microsoft frontpage
      2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
      2007-11-02 05:52 2,644,480 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
      2007-11-02 03:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr .exe" [2007-12-29 13:47]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe"
      "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe"

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

      C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Menu Start\Programma's\Opstarten\
      SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcdaw]
      iifcdaw.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
      path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
      backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk]
      path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Bluetooth Manager.lnk
      backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]
      path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\InterVideo WinCinema Manager.lnk
      backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
      C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
      2005-08-11 04:39 1916928 --a------ C:\Program Files\GameFace Messenger\GameFace.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
      2006-12-08 15:24 3714048 --a------ C:\Program Files\ASUS\AI Booster\OverClk.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      2001-07-09 11:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
      C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

      R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2005-09-27 10:02]
      S3 dump_wmimmc;dump_wmimmc;C:\Program Files\Lineage II\system\GameGuard\dump_wmimmc.sys

      .
      **************************************************************************

      catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-12-29 13:53:46
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2007-12-29 13:54:07 - machine was rebooted
      .
      2007-12-28 21:37:00 --- E O F ---


      *********************************************************
      einde
      *********************************************************

      Comment


      • #4
        Owja dit is mijn nieuwe hijackthis logje, als je hem nodig hebt dan heh :

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 14:10:49, on 29-12-2007
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16574)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\ATKKBService.exe
        C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
        C:\WINDOWS\system32\PnkBstrA.exe
        C:\WINDOWS\system32\PnkBstrB.exe
        C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
        C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
        C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
        C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
        C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
        C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
        C:\Program Files\SpywareGuard\sgmain.exe
        C:\Program Files\SpywareGuard\sgbhp.exe
        C:\WINDOWS\explorer.exe
        C:\WINDOWS\system32\WgaTray.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tweakers.net/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
        O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
        O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe" /background
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - S-1-5-18 Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'SYSTEM')
        O4 - .DEFAULT Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'Default user')
        O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
        O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197214826828
        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
        O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
        O20 - Winlogon Notify: iifcdaw - iifcdaw.dll (file missing)
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
        O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
        O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
        O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
        O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
        O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
        O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

        --
        End of file - 7091 bytes

        Comment


        • #5
          Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
          Dit zal alles van RVAXO doen verwijderen.

          Verwijder de volgende map:
          C:\Qoobox

          Maak dan je prullenbak leeg.

          Download ATF cleaner (mirror)(gemaakt door Atribune)

          Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

          Dubbelklik op ATF cleaner om het programma te starten.
          Op het tabblad "Main", plaats je een vinkje bij Select All.
          Klik op de knop Empty Selected.

          Het volgende doen als je ook FireFox als browser hebt:
          Klik op tabblad "Firefox", plaats een vinkje bij Select All.
          Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
          (dit haalt het vinkje weer weg bij "Firefox saved passwords")
          Klik op de knop Empty Selected.

          Het volgende doen als je ook Opera als browser hebt:
          Klik op tabblad "Opera", plaats een vinkje bij Select All.
          Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
          Klik op de knop Empty Selected.
          Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

          Ga naar Start - Uitvoeren en geef hier het volgende in:
          Combofix /U
          Druk daarna op OK.
          Let op: Er moet een spatie tussen Combofix en /U zitten.

          Dit zal Combofix deïnstalleren.

          Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
          Kijk hier hoe je je systeemherstel moet uitschakelen.
          Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

          Post als laatste nog een nieuw logje van Hijackthis ter controle en vertel of er nog problemen zijn

          Comment


          • #6
            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 19:33:15, on 1-1-2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16574)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\ATKKBService.exe
            C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
            C:\Program Files\Common Files\LightScribe\LSSrvc.exe
            C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
            C:\WINDOWS\system32\PnkBstrA.exe
            C:\WINDOWS\system32\PnkBstrB.exe
            C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
            C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
            C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
            C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
            C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
            C:\Program Files\Analog Devices\Core\smax4pnp.exe
            C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
            C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
            C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
            C:\Program Files\DAEMON Tools\daemon.exe
            C:\Program Files\SpywareGuard\sgmain.exe
            C:\Program Files\SpywareGuard\sgbhp.exe
            C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
            C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
            C:\Program Files\Download Manager\DLM.exe
            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tweakers.net/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
            O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
            O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
            O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
            O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
            O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
            O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
            O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
            O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
            O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
            O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
            O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
            O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197214826828
            O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
            O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
            O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
            O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
            O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
            O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
            O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
            O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
            O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
            O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
            O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
            O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
            O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
            O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
            O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

            --
            End of file - 8070 bytes

            Comment


            • #7
              Deze regel mag nog weg:
              O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

              Voor de rest ziet het er weer goed uit

              Comment


              • #8
                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 23:39:19, on 1-1-2008
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                Boot mode: Normal

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\Ati2evxx.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\WINDOWS\ATKKBService.exe
                C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
                C:\WINDOWS\system32\PnkBstrA.exe
                C:\WINDOWS\system32\PnkBstrB.exe
                C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
                C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
                C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
                C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
                C:\WINDOWS\system32\Ati2evxx.exe
                C:\WINDOWS\Explorer.EXE
                C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
                C:\Program Files\Analog Devices\Core\smax4pnp.exe
                C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
                C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
                C:\Program Files\DAEMON Tools\daemon.exe
                C:\Program Files\SpywareGuard\sgmain.exe
                C:\Program Files\SpywareGuard\sgbhp.exe
                C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                C:\Program Files\Download Manager\DLM.exe
                C:\Program Files\Windows Live\Messenger\usnsvc.exe
                C:\Program Files\Internet Explorer\iexplore.exe
                C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tweakers.net/
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
                O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
                O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
                O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
                O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
                O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
                O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
                O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
                O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
                O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
                O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197214826828
                O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
                O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
                O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
                O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
                O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
                O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
                O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
                O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
                O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
                O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

                --
                End of file - 8010 bytes


                *********************************************************
                einde
                *********************************************************

                Dus als het goed is, moeten er nu geen slechte dingen meer in zitten en kan dit logje naar de opgeloste sectie worden verplaatst.

                Comment


                • #9
                  Logje is schoon hoor

                  Comment

                  Sorry, you are not authorized to view this page
                  Working...
                  X
                  😀
                  🥰
                  🤢
                  😎
                  😡
                  👍
                  👎