Mededeling

Collapse
No announcement yet.

Trojaanse paarden, traag, ongewenste pop-ups

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Trojaanse paarden, traag, ongewenste pop-ups

    Hallo,

    sinds gisteren heb ik last van een erg langzame pc (Windows XP). Systemscan liet 8000 Trojaanse paarden zien, ook Spyware en AdWare gedetecteerd (maar zojuist zo goed als ik kon gerepareerd).

    Nu blijf ik bij het opstarten van de pc een foutmelding krijgen ivm met het bestand System32\Wylpsuxc.dll (ontbrekend bestand). Bij gebruik van het internet krijg ik ongewenste sites te zien. (pop-ups en reclame-sites die openen als nieuw venster of nieuw tabblad)

    Ik hoop dat iemand mij kan helpen!
    Onderstaand mijn HijackThis-log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:18:05, on 15-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\TomTom HOME\TomTomHOME.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/nieuwspuntbe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    --
    End of file - 8995 bytes
    Last edited by hillygirl; 15-02-08, 21:19. Reden: update log

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      Hierbij alvast RVAXO-log:

      ---RVAXO.exe Updated: 2008-02-15---first run---
      Files found:
      C:\WINDOWS\system32\sgshetfj.dllbox
      C:\WINDOWS\system32\mlnmp.ini2
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\vbzip10.dll
      C:\WINDOWS\mrofinu1188.exe
      C:\WINDOWS\mrofinu1188.exe.tmp
      C:\WINDOWS\Prefetch\MROFINU1188.EXE-035A0B37.pf
      C:\Documents and Settings\Fab\Mijn documenten\pos???.tmp

      Uninstallers:


      Folders Found:


      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------


      Nu ga ik Combofix doen

      Comment


      • #4
        En hierbij de tweede log:


        ComboFix 08-02-16.2 - Fab 2008-02-16 18:14:30.1 - NTFSx86
        Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.483 [GMT 1:00]
        Gestart vanuit: C:\Documents and Settings\Fab\Bureaublad\ComboFix.exe

        WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
        .

        (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        C:\WINDOWS\system32\pmnlm.dll
        C:\WINDOWS\cookies.ini
        C:\WINDOWS\system32\cxusplyw.ini
        C:\WINDOWS\system32\mlnmp.ini
        C:\WINDOWS\system32\mlnmp.ini2
        C:\WINDOWS\system32\pmnlm.dll
        C:\WINDOWS\system32\qomnoll.dll
        C:\WINDOWS\system32\vtusttq.dll
        C:\WINDOWS\Fonts\-

        .
        (((((((((((((((((((( Bestanden Gemaakt van 2008-01-16 to 2008-02-16 ))))))))))))))))))))))))))))))
        .

        2008-02-16 18:02 . 2008-02-16 18:02 <DIR> d-------- C:\RVAXO
        2008-02-16 17:57 . 2008-02-15 20:22 696,538 --a------ C:\WINDOWS\system32\RVAXO.bat
        2008-02-16 17:57 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
        2008-02-15 20:15 . 2008-02-15 20:15 <DIR> d-------- C:\Program Files\Lavasoft
        2008-02-15 20:15 . 2008-02-15 20:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
        2008-02-15 20:14 . 2008-02-15 20:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
        2008-02-15 20:09 . 2008-02-15 20:09 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
        2008-02-15 20:09 . 2008-02-15 20:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
        2008-02-15 20:03 . 2008-02-15 20:03 <DIR> d-------- C:\Program Files\Trend Micro
        2008-02-15 20:02 . 2008-02-15 20:02 192,544 --a------ C:\Documents and Settings\Fab\Application Data\antivirusinstallfreenm_en[1].exe
        2008-02-15 17:32 . 2008-02-15 17:32 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
        2008-02-15 17:32 . 2008-02-16 17:51 <DIR> d-------- C:\Documents and Settings\Fab\Application Data\AVG7
        2008-02-15 17:31 . 2008-02-15 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
        2008-02-15 17:31 . 2008-02-16 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7

        .
        ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-02-16 17:06 --------- d-----w C:\Documents and Settings\Fab\Application Data\Skype
        2008-01-14 18:42 --------- d-----w C:\Documents and Settings\Fab\Application Data\LinkedIn
        2007-12-26 16:42 --------- d-----w C:\Program Files\Windows Live Safety Center
        2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
        .

        ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        REGEDIT4
        *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B3BCA78-32E0-4B68-AA9F-0C8E6B104F4A}]

        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8622b5c2-b23e-41d9-90dd-4d837e1cf704}]
        C:\WINDOWS\system32\tigxjqkb.dll

        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D8C6014-08C1-4EA9-9B4D-4F1CC005E829}]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
        "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
        "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 16:10 23237416]
        "VoipBuster"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" [ ]
        "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CTHelper"="CTHELPER.EXE" [2005-08-08 07:10 16384 C:\WINDOWS\CTHELPER.EXE]
        "CTxfiHlp"="CTXFIHLP.EXE" [2005-08-08 07:10 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
        "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
        "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248]
        "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
        "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 12:34 122880]
        "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 19:25 49152]
        "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
        "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016]
        "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
        "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
        "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
        "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 14:45 278528]
        "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-12 09:00 1838592]
        "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 15:52 3770024]
        "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-15 17:31 579072]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
        "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-15 17:32 219136]

        C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
        dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2005-11-15 20:20:50 315392]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sgshetfj]
        sgshetfj.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
        "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

        R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-08-08 06:54]
        S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter Driver(Sitecom);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-07-05 22:38]

        .
        **************************************************************************

        catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-02-16 18:20:00
        Windows 5.1.2600 Service Pack 2 NTFS

        scannen van verborgen processen ...

        scannen van verborgen autostart items ...

        scannen van verborgen bestanden ...

        Scan succesvol afgerond
        verborgen bestanden: 0

        **************************************************************************
        .
        ------------------------ Other Running Processes ------------------------
        .
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        C:\WINDOWS\system32\LEXBCES.EXE
        C:\WINDOWS\system32\LEXPPS.EXE
        C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
        C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
        C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
        C:\WINDOWS\system32\CTsvcCDA.EXE
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\iPod\bin\iPodService.exe
        C:\Program Files\Skype\Plugin Manager\skypePM.exe
        C:\Program Files\MSN Messenger\usnsvc.exe
        .
        **************************************************************************
        .
        Voltooingstijd: 2008-02-16 18:26:08 - machine was rebooted
        ComboFix-quarantined-files.txt 2008-02-16 17:25:52
        .
        2008-02-15 21:06:08 --- E O F ---




        Alvast bedankt!!!

        Comment


        • #5
          Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
          Dit zal alles van RVAXO doen verwijderen.

          Download ATF cleaner (mirror)(gemaakt door Atribune)

          Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

          Dubbelklik op ATF cleaner om het programma te starten.
          Op het tabblad "Main", plaats je een vinkje bij Select All.
          Klik op de knop Empty Selected.

          Het volgende doen als je ook FireFox als browser hebt:
          Klik op tabblad "Firefox", plaats een vinkje bij Select All.
          Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
          (dit haalt het vinkje weer weg bij "Firefox saved passwords")
          Klik op de knop Empty Selected.

          Het volgende doen als je ook Opera als browser hebt:
          Klik op tabblad "Opera", plaats een vinkje bij Select All.
          Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
          Klik op de knop Empty Selected.
          Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

          Ga naar Start - Uitvoeren en geef hier het volgende in:
          Combofix /U
          Druk daarna op OK.
          Let op: Er moet een spatie tussen Combofix en /U zitten.

          Dit zal Combofix deïnstalleren.

          Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
          Kijk hier hoe je je systeemherstel moet uitschakelen.
          Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

          Post als laatste nog een nieuw logje van Hijackthis ter controle

          Comment


          • #6
            Alles zojuist uitgevoerd
            Nog geen ongewenste pop-ups gekregen, alleen blijft PC heeeeeeeeeeel traag bij het openen van programma's. Wordt dit veroorzaakt door de SpyBot / Ad Aware / AVG-controles en zo ja, kan ik deze programma's gewoon verwijderen?

            Hierbij mijn laatste log:

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 14:53:12, on 17-2-2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16608)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\LEXBCES.EXE
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\system32\LEXPPS.EXE
            C:\WINDOWS\CTHELPER.EXE
            C:\WINDOWS\system32\CTXFIHLP.EXE
            C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
            C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
            C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
            C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
            C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
            C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
            C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
            C:\Program Files\Dell\Media Experience\DMXLauncher.exe
            C:\WINDOWS\system32\dla\tfswctrl.exe
            C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
            C:\Program Files\iTunes\iTunesHelper.exe
            C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
            C:\Program Files\TomTom HOME\TomTomHOME.exe
            C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
            C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\WINDOWS\system32\CTsvcCDA.EXE
            C:\Program Files\MSN Messenger\msnmsgr.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
            C:\Program Files\Skype\Phone\Skype.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
            C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
            C:\Program Files\Skype\Plugin Manager\skypePM.exe
            C:\Program Files\iPod\bin\iPodService.exe
            C:\WINDOWS\system32\wuauclt.exe
            C:\Program Files\MSN Messenger\usnsvc.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/nieuwspuntbe
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
            O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
            O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O2 - BHO: {407fc1e7-38d4-dd09-9d14-e32b2c5b2268} - {8622b5c2-b23e-41d9-90dd-4d837e1cf704} - C:\WINDOWS\system32\tigxjqkb.dll (file missing)
            O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
            O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
            O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
            O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
            O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
            O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
            O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
            O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
            O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
            O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
            O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
            O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
            O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
            O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
            O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
            O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
            O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
            O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
            O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
            O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
            O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
            O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
            O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
            O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
            O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.net/statics/Aurigma/ImageUploader4.cab
            O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
            O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
            O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
            O20 - Winlogon Notify: sgshetfj - sgshetfj.dll (file missing)
            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
            O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
            O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
            O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
            O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

            --
            End of file - 9690 bytes





            Thanx!

            Comment


            • #7
              Wat de reden van de traagheid is kan ik zo 123 niet zeggen.

              Doe dit nog:
              Sluit alle open vensters.
              Start HijackThis nog een keer en plaats een vinkje bij het volgende item:

              O2 - BHO: {407fc1e7-38d4-dd09-9d14-e32b2c5b2268} - {8622b5c2-b23e-41d9-90dd-4d837e1cf704} - C:\WINDOWS\system32\tigxjqkb.dll (file missing)
              O20 - Winlogon Notify: sgshetfj - sgshetfj.dll (file missing)


              Klik daarna op "Fix checked" en sluit HijackThis af.


              Open een kladblokbestand.
              Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

              @ECHO OFF
              IF EXIST log.txt DEL log.txt
              ECHO Deleting files>>log.txt
              FOR %%g in (
              "C:\Documents and Settings\Fab\Application Data\antivirusinstallfreenm_en[1].exe") DO (
              IF EXIST %%g (
              ATTRIB -r -s -h %%g
              DEL %%g
              IF EXIST %%g (
              ECHO %%g not deleted>>log.txt
              ) ELSE (
              ECHO %%g deleted>>log.txt)
              ) ELSE (
              ECHO %%g not found>>log.txt))
              >>log.txt (
              START NOTEPAD.EXE log.txt

              Ga naar Bestand - Opslaan als.
              Bij "Opslaan in" kies je: Bureaublad
              Bij "Bestandsnaam" zet je: del.bat
              Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
              Klik op de knop Opslaan.

              Herstart de computer.

              Dubbelklik op del.bat en post de inhoud van de logfile die opent.

              Vertel of er verbetering is

              Comment


              • #8
                Dit is de logfile:

                Deleting files
                Deleting files
                "C:\Documents and Settings\Fab\Application Data\antivirusinstallfreenm_en[1].exe" deleted


                PC blijft vrij langzaam functioneren, terwijl hij vantevoren juist heel snel was
                t Enige verschil met vorige week is dat ik er nu die AVG 7.5, Spybot en AdAware heb opstaan.

                Zal ook nog een Hijack-logje posten:

                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 19:28:15, on 17-2-2008
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                Boot mode: Normal

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\Ati2evxx.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                C:\WINDOWS\Explorer.EXE
                C:\WINDOWS\CTHELPER.EXE
                C:\WINDOWS\system32\CTXFIHLP.EXE
                C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
                C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
                C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
                C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
                C:\Program Files\Dell\Media Experience\DMXLauncher.exe
                C:\WINDOWS\system32\dla\tfswctrl.exe
                C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
                C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                C:\Program Files\iTunes\iTunesHelper.exe
                C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                C:\Program Files\TomTom HOME\TomTomHOME.exe
                C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                C:\WINDOWS\system32\ctfmon.exe
                C:\Program Files\MSN Messenger\msnmsgr.exe
                C:\Program Files\Skype\Phone\Skype.exe
                C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                C:\WINDOWS\system32\LEXBCES.EXE
                C:\WINDOWS\system32\LEXPPS.EXE
                C:\WINDOWS\system32\spoolsv.exe
                C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                C:\WINDOWS\system32\CTsvcCDA.EXE
                C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                C:\WINDOWS\system32\svchost.exe
                C:\Program Files\Skype\Plugin Manager\skypePM.exe
                C:\Program Files\iPod\bin\iPodService.exe
                C:\Program Files\Internet Explorer\IEXPLORE.EXE
                C:\Program Files\MSN Messenger\usnsvc.exe
                C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
                C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
                C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/nieuwspuntbe
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
                O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
                O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
                O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
                O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
                O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
                O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
                O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
                O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
                O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
                O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
                O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
                O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
                O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
                O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
                O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
                O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
                O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
                O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
                O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
                O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
                O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.net/statics/Aurigma/ImageUploader4.cab
                O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
                O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
                O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
                O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
                O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
                O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

                --
                End of file - 9552 bytes


                Thanx voor alle hulp!!

                Comment


                • #9
                  Je zou Ad-aware en Spybot zo kunnen instellen dat ze niet op de achtergrond draaien als Windows gestart wordt.
                  AVG je virusscanner moet op de achtergrond draaien, anders heb je geen actieve bescherming

                  Je zou ook dit even kunnen proberen:
                  Download Dial-a-fix-2006 en pak beide bestanden in hun eigen map uit naar je Bureaublad.
                  • In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe
                    In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all).
                    Klik daarna op "GO" en laat de tool alle instellingen terugzetten.
                    Sluit dit venster na afloop door onderaan op "Exit" te klikken.

                  Meld of dat verbetering geeft.

                  Comment


                  • #10
                    AdAware en Spybot ben ik niet vertrouwd mee, ik zag niet zo 123 waar ik de instellingen kan wijzigen

                    Dial a fix heb ik gedaan, daarna opnieuw opgestart. Voor afsluiten kreeg ik 3 errors:
                    - dwwin.exe: initialisatie mislukt
                    - een error over de google toolbar
                    - een hele lange error die te maken had met acrobat reader (kon er helaas geen screenshot van maken)

                    Maar de ongewenste internetsites zijn verdwenen! Enige probleem is nog die traagheid.

                    Comment


                    • #11
                      Probeer de volgende stappen eens die op deze webpagina staan:

                      Comment


                      • #12
                        Done. En opnieuw opgestart: geen errors meer! (Joepi! Eindelijk!)

                        Traagheid is gebleven, en volgens mij tocht grotendeels te wijten aan Spybot, want die zie ik in Taakbeheer onder "TeaTimer.exe" heel actief zijn.

                        Comment


                        • #13
                          Verwijder deze regel met Hijackthis:
                          O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

                          Herstart je computer en vertel of er verbetering is

                          Comment


                          • #14
                            regel verwijderd, scheelt al een klein beetje
                            ik ga t ff een dagje aankijken en zien waar, of en hoe er nog problemen optreden

                            superbedankt voor alle hulp tot nu toe!

                            Comment


                            • #15
                              Ik hoor het dan wel

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X