Mededeling

Collapse
No announcement yet.

Spyguardpro ellende

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Spyguardpro ellende

    Hallo,

    Helaas vertoont mijn computer de laatste dagen veel kuren door Spyguardpro ellende welke ik er niet af kan krijgen. Wie kan mij helpen?

    Hierbij mijn log...


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:18:02, on 19-2-2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
    E:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    E:\Program Files\QuickTime\iTunesHelper.exe
    E:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ZoneAlarm\Zone Alarm\zlclient.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\iPod\bin\iPodService.exe
    E:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = q
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://tjem.com/searchbar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.123.254:8080
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [AHQInit] "C:\Program Files\Creative\SBLive\Program\AHQInit.exe"
    O4 - HKLM\..\Run: [AudioHQ] "C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE"
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\QuickTime\iTunesHelper.exe"
    O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\Zone Alarm\zlclient.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MSDisp32] "rundll32.exe" C:\WINDOWS\System32\drvtah.dll,startup
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\spellen\Partypoker\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\spellen\Partypoker\PartyPoker\RunApp.exe
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - E:\spellen\Partypoker\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - E:\spellen\Partypoker\PartyPokerNet\RunPF.exe (file missing)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{100F9F2B-AB03-445D-8093-19C02020A507}: Domain = tjem.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{48E94713-1E22-4D56-9E2E-B9F4B97488FB}: Domain = tjem.com
    O17 - HKLM\System\CS1\Services\Tcpip\..\{100F9F2B-AB03-445D-8093-19C02020A507}: Domain = tjem.com
    O17 - HKLM\System\CS3\Services\Tcpip\..\{100F9F2B-AB03-445D-8093-19C02020A507}: Domain = tjem.com
    O20 - Winlogon Notify: winbug32 - C:\WINDOWS\SYSTEM32\winbug32.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: BlackMoon FTP Service (BMFTP-RELEASE) - Selom Ofori - E:\Program Files\Selom Ofori\BlackMoon FTP Server\FTPService.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MGABGEXE - Unknown owner - C:\WINDOWS\System32\mgabg.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 7923 bytes
    Labels: Geen
    • Citaat
  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu in normale modus opstarten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)
    • Citaat

    Comment

    • #3
      Bedankt voor de hulp!

      Hierbij mijn RVAXO-results:

      ---RVAXO.exe Updated: 2008-02-19---first run---
      Files found:
      C:\WINDOWS\hosts

      Uninstallers:


      Folders Found:


      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------


      En hierbij mijn Deckard's System Scanner log:

      Deckard's System Scanner v20071014.68
      Run by J. Albers on 2008-02-19 23:33:39
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 5 Restore Point(s) --
      10: 2008-02-19 22:33:45 UTC - RP408 - Deckard's System Scanner Restore Point
      9: 2008-02-19 20:26:24 UTC - RP407 - Installed AVG 7.5
      8: 2008-02-19 19:51:52 UTC - RP406 - System Checkpoint
      7: 2008-02-17 21:22:27 UTC - RP405 - System Checkpoint
      6: 2008-02-13 06:56:40 UTC - RP404 - Installed Ad-Aware 2007


      -- First Restore Point --
      1: 2008-02-02 15:30:56 UTC - RP399 - System Checkpoint


      Backed up registry hives.
      Performed disk cleanup.



      -- HijackThis (run as J. Albers.exe) -------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:35:34, on 19-2-2008
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\WINDOWS\System32\CTsvcCDA.EXE
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\Spyware Terminator\sp_rsser.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\System32\devldr32.exe
      C:\WINDOWS\System32\MsPMSPSv.exe
      C:\Program Files\Creative\ShareDLL\CtNotify.exe
      C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
      C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
      C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
      C:\Program Files\Creative\ShareDLL\MediaDet.Exe
      C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
      E:\Program Files\QuickTime\qttask.exe
      E:\Program Files\QuickTime\iTunesHelper.exe
      E:\Program Files\Winamp\winampa.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\ZoneAlarm\Zone Alarm\zlclient.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\System32\RUNDLL32.EXE
      C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Documents and Settings\J. Albers\Desktop\dss.exe
      E:\PROGRA~1\HIJACK~1\J. Albers.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = q
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://tjem.com/searchbar.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.123.254:8080
      R3 - Default URLSearchHook is missing
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
      O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
      O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
      O4 - HKLM\..\Run: [AHQInit] "C:\Program Files\Creative\SBLive\Program\AHQInit.exe"
      O4 - HKLM\..\Run: [AudioHQ] "C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE"
      O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
      O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
      O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
      O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\QuickTime\iTunesHelper.exe"
      O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\Zone Alarm\zlclient.exe"
      O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\spellen\Partypoker\PartyPoker\RunApp.exe
      O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\spellen\Partypoker\PartyPoker\RunApp.exe
      O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - E:\spellen\Partypoker\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - E:\spellen\Partypoker\PartyPokerNet\RunPF.exe (file missing)
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{100F9F2B-AB03-445D-8093-19C02020A507}: Domain = tjem.com
      O17 - HKLM\System\CCS\Services\Tcpip\..\{48E94713-1E22-4D56-9E2E-B9F4B97488FB}: Domain = tjem.com
      O17 - HKLM\System\CS1\Services\Tcpip\..\{100F9F2B-AB03-445D-8093-19C02020A507}: Domain = tjem.com
      O17 - HKLM\System\CS3\Services\Tcpip\..\{100F9F2B-AB03-445D-8093-19C02020A507}: Domain = tjem.com
      O20 - Winlogon Notify: winbug32 - winbug32.dll (file missing)
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: BlackMoon FTP Service (BMFTP-RELEASE) - Selom Ofori - E:\Program Files\Selom Ofori\BlackMoon FTP Server\FTPService.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: MGABGEXE - Unknown owner - C:\WINDOWS\System32\mgabg.exe (file missing)
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

      --
      End of file - 8575 bytes

      -- File Associations -----------------------------------------------------------

      .scr - unable to read key


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys
      R1 sp_rsdrv2 (Spyware Terminator Driver 2) - c:\windows\system32\drivers\sp_rsdrv2.sys
      R3 DumaNT - c:\windows\system32\drivers\dumant.sys <Not Verified; Windows (R) 2000 DDK provider; Stereo Helper Driver>

      S3 A3AB (D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)) - c:\windows\system32\drivers\a3ab.sys <Not Verified; D-Link Corporation; D-Link Wireless Network adapter>
      S3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>
      S3 ****Fmn - d:\program files\bulletproof\g6 ftp server
      S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
      S3 HACKTRCR - c:\windows\system32\drivers\hcktrc22.sys (file missing)
      S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
      S3 WFsys (WinFox Control I/O Driver) - c:\windows\system32\drivers\wfsys.sys <Not Verified; Leadtek Research Inc.; WinFox Control I/O Driver>
      S3 WlanUIG (Sitecom 802.11g WL-107 Driver) - c:\windows\system32\drivers\wlanuig.sys (file missing)


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>

      S2 MGABGEXE - c:\windows\system32\mgabg.exe (file missing)
      S3 BMFTP-RELEASE (BlackMoon FTP Service) - e:\program files\selom ofori\blackmoon ftp server\ftpservice.exe <Not Verified; Selom Ofori; BlackMoon FTP Server>


      -- Device Manager: Disabled ----------------------------------------------------

      No disabled devices found.


      -- Files created between 2008-01-19 and 2008-02-19 -----------------------------

      2008-02-19 23:29:06 0 d-------- C:\RVAXO
      2008-02-19 23:27:18 705776 --a------ C:\WINDOWS\System32\RVAXO.bat
      2008-02-19 23:27:18 69632 --a------ C:\WINDOWS\System32\remove.exe
      2008-02-19 21:34:28 0 d-------- C:\Documents and Settings\J. Albers\Application Data\AVG7
      2008-02-19 21:28:10 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
      2008-02-19 21:26:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-02-13 07:56:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-02-13 07:56:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-02-12 23:10:26 138624 --a------ C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
      2008-02-12 22:59:25 0 d-------- C:\Documents and Settings\J. Albers\Application Data\Spyware Terminator
      2008-02-12 22:59:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
      2008-02-12 22:59:20 0 d-------- C:\Program Files\Spyware Terminator
      2008-02-12 20:55:05 164 --a------ C:\install.dat
      2008-02-12 20:38:17 0 d-------- C:\Program Files\XoftSpySE


      -- Find3M Report ---------------------------------------------------------------

      2008-02-13 07:56:41 0 d-------- C:\Program Files\Lavasoft
      2008-02-13 07:56:00 0 d-------- C:\Program Files\Common Files
      2008-01-14 11:40:02 0 d-------- C:\Documents and Settings\J. Albers\Application Data\Sun
      2008-01-12 08:57:43 4212 ---h----- C:\WINDOWS\System32\zllictbl.dat
      2007-12-26 10:04:04 0 d-------- C:\Program Files\Java
      2007-12-24 14:13:38 0 d-------- C:\Program Files\SonicWallES
      2007-12-24 14:13:38 0 d-------- C:\Documents and Settings\J. Albers\Application Data\MailFrontier


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "UpdReg"="C:\WINDOWS\Updreg.exe" [11-05-2000 09:00]
      "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [04-10-2001 09:00]
      "NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [09-07-2001 10:50]
      "Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [30-08-1999 09:55]
      "AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [10-05-2001 17:49]
      "AudioHQ"="C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" [18-08-2001 01:01]
      "IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [12-06-2001 09:20]
      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe" [26-11-2002 02:38]
      "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe" [04-06-2002 18:57]
      "NvCplDaemon"="RUNDLL32.exe" [18-08-2001 13:00 C:\WINDOWS\system32\rundll32.exe]
      "nwiz"="nwiz.exe" [22-10-2006 12:22 C:\WINDOWS\system32\nwiz.exe]
      "QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [27-04-2007 08:41]
      "iTunesHelper"="E:\Program Files\QuickTime\iTunesHelper.exe" [27-04-2007 10:25]
      "WinampAgent"="E:\Program Files\Winamp\winampa.exe" [14-05-2007 23:22]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 01:11]
      "ZoneAlarm Client"="C:\Program Files\ZoneAlarm\Zone Alarm\zlclient.exe" [14-11-2007 16:05]
      "NvMediaCenter"="RUNDLL32.exe" [18-08-2001 13:00 C:\WINDOWS\system32\rundll32.exe]
      "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [12-02-2008 22:59]
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [19-02-2008 21:35]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19-01-2007 11:54]
      "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [29-08-2002 11:41]

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
      "RunNarrator"=Narrator.exe

      C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
      Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [9-12-2002 19:41:22]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [7-2-2001 5:52:04]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      @=

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbug32]
      winbug32.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
      @="Volume shadow copy"




      -- End of Deckard's System Scanner: finished at 2008-02-19 23:36:20 ------------
      • Citaat

      Comment

      • #4
        Ga naar Start - Uitvoeren en geef daar het volgende in:
        sc delete MGABGEXE
        Druk daarna op OK.

        Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = q
        R3 - Default URLSearchHook is missing
        O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - E:\spellen\Partypoker\PartyPokerNet\RunPF.exe (file missing)
        O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - E:\spellen\Partypoker\PartyPokerNet\RunPF.exe (file missing)
        O20 - Winlogon Notify: winbug32 - winbug32.dll (file missing)
        Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO doen verwijderen.


        Download ATF cleaner (mirror)(gemaakt door Atribune)

        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

        Dubbelklik op ATF cleaner om het programma te starten.
        Op het tabblad "Main", plaats je een vinkje bij Select All.
        Klik op de knop Empty Selected.

        Het volgende doen als je ook FireFox als browser hebt:
        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
        Klik op de knop Empty Selected.

        Het volgende doen als je ook Opera als browser hebt:
        Klik op tabblad "Opera", plaats een vinkje bij Select All.
        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        Klik op de knop Empty Selected.
        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
        Kijk hier hoe je je systeemherstel moet uitschakelen.
        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

        Post als laatste nog een nieuw logje van Hijackthis ter controle
        • Citaat

        Comment

        • #5
          Beste Smeenk,

          Hierbij weer mijn logfile, wederom bedankt voor de inspectie!
          Is die Tjem.com verder geen probleem?

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 16:05:33, on 23-2-2008
          Platform: Windows XP SP1 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          C:\WINDOWS\Explorer.EXE
          C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          C:\WINDOWS\System32\CTsvcCDA.EXE
          C:\WINDOWS\System32\nvsvc32.exe
          C:\Program Files\Spyware Terminator\sp_rsser.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\System32\devldr32.exe
          C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
          C:\Program Files\Creative\ShareDLL\CtNotify.exe
          C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
          C:\WINDOWS\System32\MsPMSPSv.exe
          C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
          C:\Program Files\Creative\ShareDLL\MediaDet.Exe
          C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
          E:\Program Files\QuickTime\qttask.exe
          E:\Program Files\QuickTime\iTunesHelper.exe
          E:\Program Files\Winamp\winampa.exe
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          C:\Program Files\ZoneAlarm\Zone Alarm\zlclient.exe
          C:\WINDOWS\System32\RUNDLL32.EXE
          C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
          C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
          C:\Program Files\MSN Messenger\MsnMsgr.Exe
          C:\WINDOWS\System32\ctfmon.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\WINDOWS\system32\ZoneLabs\vsmon.exe
          C:\WINDOWS\System32\wuauclt.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          E:\Program Files\HijackThis\J. Albers.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://tjem.com/searchbar.html
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.123.254:8080
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
          O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
          O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
          O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
          O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
          O4 - HKLM\..\Run: [AHQInit] "C:\Program Files\Creative\SBLive\Program\AHQInit.exe"
          O4 - HKLM\..\Run: [AudioHQ] "C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE"
          O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
          O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
          O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
          O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
          O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\QuickTime\iTunesHelper.exe"
          O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\Zone Alarm\zlclient.exe"
          O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
          O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
          O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
          O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
          O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
          O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
          O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
          O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - E:\spellen\Partypoker\PartyPokerNet\RunPF.exe (file missing)
          O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - E:\spellen\Partypoker\PartyPokerNet\RunPF.exe (file missing)
          O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
          O17 - HKLM\System\CCS\Services\Tcpip\..\{100F9F2B-AB03-445D-8093-19C02020A507}: Domain = tjem.com
          O17 - HKLM\System\CCS\Services\Tcpip\..\{48E94713-1E22-4D56-9E2E-B9F4B97488FB}: Domain = tjem.com
          O17 - HKLM\System\CS1\Services\Tcpip\..\{100F9F2B-AB03-445D-8093-19C02020A507}: Domain = tjem.com
          O17 - HKLM\System\CS3\Services\Tcpip\..\{100F9F2B-AB03-445D-8093-19C02020A507}: Domain = tjem.com
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          O23 - Service: BlackMoon FTP Service (BMFTP-RELEASE) - Selom Ofori - E:\Program Files\Selom Ofori\BlackMoon FTP Server\FTPService.exe
          O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
          O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
          O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

          --
          End of file - 8099 bytes
          • Citaat

          Comment

          • #6
            Ik had je nog willen vragen of tjem.com van je zelf is

            Doe het volgende maar eens:
            Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
            R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://tjem.com/searchbar.html
            O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - E:\spellen\Partypoker\PartyPokerNet\RunPF.exe (file missing)
            O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - E:\spellen\Partypoker\PartyPokerNet\RunPF.exe (file missing)
            O17 - HKLM\System\CCS\Services\Tcpip\..\{100F9F2B-AB03-445D-8093-19C02020A507}: Domain = tjem.com
            O17 - HKLM\System\CCS\Services\Tcpip\..\{48E94713-1E22-4D56-9E2E-B9F4B97488FB}: Domain = tjem.com
            O17 - HKLM\System\CS1\Services\Tcpip\..\{100F9F2B-AB03-445D-8093-19C02020A507}: Domain = tjem.com
            O17 - HKLM\System\CS3\Services\Tcpip\..\{100F9F2B-AB03-445D-8093-19C02020A507}: Domain = tjem.com
            Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

            Ga naar het Configuratiescherm en klik op "Netwerkverbindingen". Rechtsklik op je standaard verbinding en kies "Eigenschappen".
            Klik op het tabblad "Algemeen" en dubbelklik op "Internet-Protocol (TCP/IP)". Selecteer "Automatisch een DNS-serveradres laten toewijzen".
            Ga naar Start – Uitvoeren en tik in "cmd"
            Druk op enter.
            Daarna tik je in: ipconfig /flushdns
            Druk op enter.
            Sluit het venster.

            Herstart je PC, post een nieuw logje van Hijackthis en vertel of er nog problemen zijn
            • Citaat

            Comment

            • #7
              Volgens mij is ie weer "schoon" want hij werkt weer prima!

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 21:08:14, on 25-2-2008
              Platform: Windows XP SP1 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
              C:\WINDOWS\Explorer.EXE
              C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
              C:\WINDOWS\System32\CTsvcCDA.EXE
              C:\WINDOWS\System32\nvsvc32.exe
              C:\Program Files\Spyware Terminator\sp_rsser.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\ZoneLabs\vsmon.exe
              C:\WINDOWS\System32\devldr32.exe
              C:\Program Files\Creative\ShareDLL\CtNotify.exe
              C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
              C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
              C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
              C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
              C:\Program Files\Creative\ShareDLL\MediaDet.Exe
              E:\Program Files\QuickTime\qttask.exe
              E:\Program Files\QuickTime\iTunesHelper.exe
              E:\Program Files\Winamp\winampa.exe
              C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
              C:\Program Files\ZoneAlarm\Zone Alarm\zlclient.exe
              C:\WINDOWS\System32\MsPMSPSv.exe
              C:\WINDOWS\System32\RUNDLL32.EXE
              C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
              C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
              C:\Program Files\MSN Messenger\MsnMsgr.Exe
              C:\WINDOWS\System32\ctfmon.exe
              C:\Program Files\iPod\bin\iPodService.exe
              C:\WINDOWS\System32\wuauclt.exe
              C:\Program Files\Internet Explorer\iexplore.exe
              E:\Program Files\HijackThis\J. Albers.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
              R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.123.254:8080
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
              O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
              O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
              O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
              O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
              O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
              O4 - HKLM\..\Run: [AHQInit] "C:\Program Files\Creative\SBLive\Program\AHQInit.exe"
              O4 - HKLM\..\Run: [AudioHQ] "C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE"
              O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
              O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
              O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
              O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
              O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\QuickTime\iTunesHelper.exe"
              O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
              O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\Zone Alarm\zlclient.exe"
              O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
              O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
              O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
              O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
              O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
              O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
              O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
              O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
              O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
              O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
              O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
              O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
              O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
              O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
              O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
              O23 - Service: BlackMoon FTP Service (BMFTP-RELEASE) - Selom Ofori - E:\Program Files\Selom Ofori\BlackMoon FTP Server\FTPService.exe
              O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
              O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
              O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
              O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

              --
              End of file - 7311 bytes
              • Citaat

              Comment

              • #8
                Logje ziet er inderdaad schoon uit

                Misschien een keer SP2 installeren en alle beveiligingsupdates:
                Access Denied
                http://www.microsoft.com/netherlands/windowsxp/sp2/default.aspx


                Een Windows die onvoldoende gepatcht is wordt namelijk snel opnieuw geïnfecteerd met malware
                • Citaat

                Comment

                Vorige template Volgende
                Sorry, you are not authorized to view this page
                Working...
                X