Mededeling

**smeenk** · 28-12-07, 22:11

Download VirtumundoBegone (mirror)
Sla dit op op je bureaublad.

Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
Als de fix klaar is, start je de pc opnieuw op.
Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Download Combofix naar je Bureaublad.
Dubbelklik op Combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

**mafjah** · 29-12-07, 13:04

VBG log:

[12/29/2007, 13:35:09] - VirtumundoBeGone v1.5 ( "C:\DOCUME~1\ASCHWI~1.ASC\LOCALS~1\Temp\Rar$EX00.047\VirtumundoBeGone.exe" )
[12/29/2007, 13:35:12] - Detected System Information:
[12/29/2007, 13:35:12] - Windows Version: 5.1.2600, Service Pack 2
[12/29/2007, 13:35:12] - Current Username: Aschwin (Admin)
[12/29/2007, 13:35:12] - Windows is in NORMAL mode.
[12/29/2007, 13:35:12] - Searching for Browser Helper Objects:
[12/29/2007, 13:35:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/29/2007, 13:35:12] - BHO 2: {4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuardDLBLOCK.CBrowserHelper)
[12/29/2007, 13:35:12] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/29/2007, 13:35:12] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
[12/29/2007, 13:35:12] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/29/2007, 13:35:12] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[12/29/2007, 13:35:12] - BHO 7: {E3F4AE2E-1136-4C18-A209-CBB5B1713CD2} ()
[12/29/2007, 13:35:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/29/2007, 13:35:12] - Checking for HKLM\...\Winlogon\Notify\gebyx
[12/29/2007, 13:35:12] - Key not found: HKLM\...\Winlogon\Notify\gebyx, continuing.
[12/29/2007, 13:35:12] - Finished Searching Browser Helper Objects
[12/29/2007, 13:35:12] - Finishing up...
[12/29/2007, 13:35:12] - Nothing found! Exiting...

*********************************************************
einde
*********************************************************
----------------RVAXO.exe first run-------------

Files found:

C:\WINDOWS\system32\xybeg.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\Fonts\svchost .exe
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Crack.exe
C:\n.bat
C:\winlogon.exe
C:\z.dat
C:\x.dat

Uninstallers Rogue scanners:

Folders Found:

C:\Program Files\Temporary

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

Folders Found:

--------------RVAXO.exe finished----------------

*********************************************************
einde
*********************************************************
ComboFix 07-12-29.5 - Aschwin 2007-12-29 13:49:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1609 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\WINDOWS\ecurit~1
C:\WINDOWS\ecurit~1\?ecurity\
C:\WINDOWS\ecurit~1\javaw .exe
C:\WINDOWS\ppatch~1
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\gebyx.exe
C:\WINDOWS\system32\xybeg.ini
C:\WINDOWS\system32\xybeg.ini2

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-29 ))))))))))))))))))))))))))))))
.

2007-12-29 13:47 . 2007-12-29 13:47 <DIR> d-------- C:\RVAXO
2007-12-29 13:38 . 2007-12-29 00:34 579,934 --a------ C:\WINDOWS\system32\RVAXO.bat
2007-12-29 13:38 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-12-28 22:26 . 2007-12-29 13:50 <DIR> d-------- C:\Program Files\Registry Clean Expert
2007-12-28 21:52 . 2007-12-28 21:52 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-28 21:42 . 2007-12-28 21:42 <DIR> d-------- C:\Program Files\CCleaner
2007-12-28 21:21 . 2007-12-28 21:40 <DIR> d-------- C:\Program Files\SpywareGuard
2007-12-28 19:50 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-28 19:49 . 2007-12-28 19:49 164 --a------ C:\install.dat
2007-12-28 19:48 . 2007-12-28 21:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-12-28 19:42 . 2007-12-28 19:48 <DIR> d-------- C:\Temp
2007-12-28 19:42 . 2007-12-28 19:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx
2007-12-28 18:59 . 2007-12-28 18:59 <DIR> d-------- C:\hal
2007-12-28 18:38 . 2007-12-28 18:38 55,576 --a------ C:\hal.zip
2007-12-28 18:32 . 2007-12-28 18:32 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2007-12-28 18:31 . 2007-12-28 21:38 <DIR> d-------- C:\Program Files\Hitman Pro
2007-12-28 18:28 . 2007-12-28 19:52 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-28 14:43 . 2007-12-28 18:27 <DIR> d-------- C:\Raxco PerfectDisk 7.0 Build 42+keygen
2007-12-28 14:09 . 2007-12-28 21:38 <DIR> d-------- C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Application Data\PC Tools
2007-12-28 14:07 . 2007-12-28 18:27 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
2007-12-28 14:07 . 2007-12-28 18:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
2007-12-28 13:38 . 2007-12-28 13:38 <DIR> d-------- C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Incomplete
2007-12-28 13:34 . 2007-12-28 13:34 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-12-28 13:22 . 2007-12-28 13:22 <DIR> d-------- C:\Program Files\Lavalys
2007-12-28 13:20 . 2007-12-28 18:34 <DIR> d-------- C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Application Data\LimeWire
2007-12-28 13:12 . 2007-12-28 13:18 <DIR> d-------- C:\Program Files\SpeedFan
2007-12-28 13:12 . 2007-12-28 13:12 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2007-12-27 08:57 . 2007-12-29 13:28 <DIR> d-------- C:\Program Files\Lineage II
2007-12-27 08:56 . 2007-12-27 08:56 <DIR> d-------- C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Application Data\InstallShield
2007-12-26 20:17 . 2007-12-26 19:19 3,998,750,452 --a------ C:\Lineage__II_1st_Throne_Installer.zip
2007-12-24 17:10 . 2007-12-24 17:10 <DIR> d-------- C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Application Data\Earthsim
2007-12-24 15:12 . 2007-12-24 15:12 244 --ah----- C:\sqmnoopt00.sqm
2007-12-24 15:12 . 2007-12-24 15:12 232 --ah----- C:\sqmdata00.sqm
2007-12-22 13:12 . 2006-02-04 03:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2007-12-22 13:12 . 2006-02-04 03:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-12-21 19:26 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-21 15:36 . 2007-12-21 16:01 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-12-21 15:35 . 2007-12-21 15:35 <DIR> d-------- C:\WINDOWS\Sun
2007-12-21 15:35 . 2007-12-21 19:26 <DIR> d-------- C:\Program Files\Java
2007-12-21 15:34 . 2007-12-21 15:34 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-21 14:57 . 2007-12-28 20:43 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-12-21 14:57 . 2007-12-21 14:57 <DIR> d-------- C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Application Data\DAEMON Tools
2007-12-20 18:16 . 2007-12-20 18:16 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-12-18 19:11 . 2007-12-18 19:17 <DIR> d-------- C:\Program Files\id Software
2007-12-18 19:09 . 2007-12-18 19:09 <DIR> d-------- C:\Program Files\GameSpy
2007-12-18 19:08 . 2007-12-18 19:08 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2007-12-18 18:53 . 2007-12-18 18:53 <DIR> d-------- C:\Program Files\Electronic Arts
2007-12-17 22:06 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-17 12:48 . 2007-12-18 19:17 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-12-17 12:48 . 2007-12-18 19:17 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-12-17 12:48 . 2007-12-18 19:17 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-17 12:48 . 2007-12-18 19:17 22,328 --a------ C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Application Data\PnkBstrK.sys
2007-12-17 12:48 . 2007-12-18 19:17 331 --a------ C:\WINDOWS\game.ini
2007-12-17 12:45 . 2007-12-17 12:45 <DIR> d-------- C:\Program Files\Activision
2007-12-14 20:43 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-14 20:43 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-11 22:21 . 2007-12-11 22:21 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2007-12-11 22:21 . 2007-12-12 19:26 4,096 --a------ C:\WINDOWS\system32\crash
2007-12-11 19:55 . 2007-12-11 19:55 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-12-11 19:55 . 2007-12-11 19:55 <DIR> d-------- C:\Program Files\Futuremark
2007-12-11 19:55 . 2007-12-11 19:55 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-12-11 19:55 . 2007-12-11 19:55 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-12-11 19:55 . 2007-09-07 14:55 27,672 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-12-11 19:55 . 2007-09-07 14:55 12,744 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2007-12-11 19:55 . 2007-09-07 14:55 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
2007-12-11 19:55 . 2001-11-19 20:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-12-11 19:49 . 2007-12-12 18:59 <DIR> d-------- C:\Program Files\ATITool
2007-12-11 17:15 . 2007-12-11 17:15 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-12-10 21:19 . 2007-12-10 21:19 <DIR> d-------- C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Application Data\InstallShield Installation Information
2007-12-10 21:14 . 2007-12-10 21:14 <DIR> d-------- C:\Program Files\Unreal Tournament 3
2007-12-10 20:59 . 2007-12-11 19:50 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-10 00:11 . 2007-12-17 10:04 16,777,216 --a------ C:\WINDOWS\system32\diskbench.tst
2007-12-09 22:31 . 2007-12-09 22:31 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI
2007-12-09 20:57 . 2007-11-01 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-12-09 20:37 . 2007-12-09 20:37 <DIR> d-------- C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Application Data\AdobeUM
2007-12-09 20:29 . 2007-12-09 20:29 <DIR> d-------- C:\WINDOWS\NV17003092.TMP
2007-12-09 19:30 . 2007-12-09 19:30 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-09 17:28 . 2007-12-09 17:28 <DIR> d-------- C:\Program Files\MSBuild
2007-12-09 17:26 . 2007-12-09 19:50 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-12-09 17:26 . 2007-12-09 17:26 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-09 17:26 . 2007-12-09 17:26 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-12-09 17:26 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-12-09 17:25 . 2007-12-17 12:48 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-09 17:25 . 2007-12-09 17:25 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-09 17:24 . 2007-12-09 17:24 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-12-09 17:20 . 2007-12-09 17:20 <DIR> d-------- C:\Program Files\Google
2007-12-09 16:45 . 2007-12-09 16:53 <DIR> d-------- C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Contacts
2007-12-09 16:40 . 2007-12-09 16:41 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-09 16:39 . 2007-12-28 22:20 <DIR> d-------- C:\Program Files\Windows Live
2007-12-09 16:39 . 2007-12-28 22:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2007-12-09 16:18 . 2007-12-09 16:18 <DIR> d--hs---- C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\UserData
2007-12-09 16:05 . 2007-12-09 16:05 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-12-09 16:04 . 2007-12-28 19:53 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-12-09 16:04 . 2007-12-21 14:51 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-09 16:03 . 2007-12-09 16:03 <DIR> d-------- C:\Program Files\Fraps
2007-12-09 16:03 . 2007-12-28 18:58 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-12-09 16:00 . 2007-12-09 16:00 <DIR> d-------- C:\Program Files\UT2004Demo
2007-12-09 15:58 . 2007-12-09 15:58 <DIR> d-------- C:\Program Files\Microsoft Games
2007-12-09 15:57 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-12-09 15:50 . 2007-12-09 15:50 <DIR> d-------- C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Application Data\ATI

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-09 14:11 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-09 12:12 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-02 05:52 2,644,480 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-11-02 03:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr .exe" [2007-12-29 13:47]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe"

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

C:\Documents and Settings\Aschwin.ASCHWINCOMPUTER\Menu Start\Programma's\Opstarten\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcdaw]
iifcdaw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
2005-08-11 04:39 1916928 --a------ C:\Program Files\GameFace Messenger\GameFace.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
2006-12-08 15:24 3714048 --a------ C:\Program Files\ASUS\AI Booster\OverClk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 11:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2005-09-27 10:02]
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\Lineage II\system\GameGuard\dump_wmimmc.sys

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 13:53:46
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-12-29 13:54:07 - machine was rebooted
.
2007-12-28 21:37:00 --- E O F ---

*********************************************************
einde
*********************************************************

**mafjah** · 29-12-07, 13:25

Owja dit is mijn nieuwe hijackthis logje, als je hem nodig hebt dan heh

:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:10:49, on 29-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tweakers.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197214826828
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: iifcdaw - iifcdaw.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7091 bytes

**smeenk** · 30-12-07, 17:51

Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
Dit zal alles van RVAXO doen verwijderen.

Verwijder de volgende map:
C:\Qoobox

Maak dan je prullenbak leeg.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix deïnstalleren.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Post als laatste nog een nieuw logje van Hijackthis ter controle en vertel of er nog problemen zijn

**mafjah** · 01-01-08, 18:33

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:15, on 1-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Download Manager\DLM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tweakers.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197214826828
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8070 bytes

**smeenk** · 01-01-08, 21:47

Deze regel mag nog weg:
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

Voor de rest ziet het er weer goed uit

**mafjah** · 01-01-08, 22:41

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:39:19, on 1-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Download Manager\DLM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tweakers.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197214826828
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8010 bytes

*********************************************************
einde
*********************************************************

Dus als het goed is, moeten er nu geen slechte dingen meer in zitten en kan dit logje naar de opgeloste sectie worden verplaatst.

**smeenk** · 02-01-08, 10:27

Logje is schoon hoor

Mededeling

Last van gebyx.dll trojan en misschien ook wel meer

Last van gebyx.dll trojan en misschien ook wel meer

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment