Mededeling

Collapse
No announcement yet.

Last van spyware!

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Last van spyware!

    Hallo,

    Deze pc is gescand dmv hitmanpro en avg maar blijft toch last houden van spyware.
    Hier het hijacklog en alvast bedankt voor de reacties erop.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:50:06, on 26-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\regsvr32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: sg_ie_monitor.ie_monitor - {49300144-B971-4A4A-AAAF-97881CC7B06A} - (no file)
    O2 - BHO: ContextEnhancer - {4C6C4BA2-1646-0F3A-1FAE-B393C162C92E} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O2 - BHO: (no name) - {bf32319e-1dd1-11b2-937f-e7d61c6e90b5} - C:\WINDOWS\gfohipwt.dll
    O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
    O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - marwin32.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKLM\..\Run: [rmxofoxy] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\rmxofoxy.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7193] command /c del "C:\WINDOWS\2020search2.dll_tobedeleted"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2613] cmd /c del "C:\WINDOWS\2020search2.dll_tobedeleted"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7641] command /c del "C:\WINDOWS\mspphe.dll_tobedeleted"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4944] cmd /c del "C:\WINDOWS\mspphe.dll_tobedeleted"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3271] command /c del "C:\WINDOWS\2020search.dll_tobedeleted"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4485] cmd /c del "C:\WINDOWS\2020search.dll_tobedeleted"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6964] command /c del "C:\WINDOWS\system32\WER8274.DLL_tobedeleted"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1636] cmd /c del "C:\WINDOWS\system32\WER8274.DLL_tobedeleted"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9222] command /c del "C:\WINDOWS\system32\MSIXU.DLL_tobedeleted"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3386] cmd /c del "C:\WINDOWS\system32\MSIXU.DLL_tobedeleted"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3061] command /c del "C:\WINDOWS\2020search2.dll_tobedeleted"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5212] cmd /c del "C:\WINDOWS\2020search2.dll_tobedeleted"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1539] command /c del "C:\WINDOWS\mspphe.dll_tobedeleted"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2714] cmd /c del "C:\WINDOWS\mspphe.dll_tobedeleted"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2451] command /c del "C:\WINDOWS\2020search.dll_tobedeleted"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8731] cmd /c del "C:\WINDOWS\2020search.dll_tobedeleted"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6302] command /c del "C:\WINDOWS\system32\WER8274.DLL_tobedeleted"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3875] cmd /c del "C:\WINDOWS\system32\WER8274.DLL_tobedeleted"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5108] command /c del "C:\WINDOWS\system32\MSIXU.DLL_tobedeleted"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4432] cmd /c del "C:\WINDOWS\system32\MSIXU.DLL_tobedeleted"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-21-1757981266-926492609-725345543-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Marjolein')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-21-1757981266-926492609-725345543-1006 Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Marjolein')
    O4 - S-1-5-21-1757981266-926492609-725345543-1006 User Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Marjolein')
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189092827546
    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe (file missing)
    O23 - Service: CcEvtSvc - Unknown owner - C:\WINDOWS\System32\CcEvtSvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 12738 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.

    • Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
      O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
      O2 - BHO: sg_ie_monitor.ie_monitor - {49300144-B971-4A4A-AAAF-97881CC7B06A} - (no file)
      O2 - BHO: ContextEnhancer - {4C6C4BA2-1646-0F3A-1FAE-B393C162C92E} - (no file)
      O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
      O2 - BHO: (no name) - {bf32319e-1dd1-11b2-937f-e7d61c6e90b5} - C:\WINDOWS\gfohipwt.dll
      O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
      O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - marwin32.dll (file missing)
      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe (file missing)
      O23 - Service: CcEvtSvc - Unknown owner - C:\WINDOWS\System32\CcEvtSvc.exe (file missing)

      Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      Hallo Smeenk,

      Alvast bedankt dat je mij hiermee wilt helpen!
      Hier het logje van DSS.

      Deckard's System Scanner v20071014.68
      Run by Jeroen on 2008-03-26 23:33:48
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 5 Restore Point(s) --
      61: 2008-03-26 22:33:54 UTC - RP194 - Deckard's System Scanner Restore Point
      60: 2008-03-26 11:18:43 UTC - RP193 - Geïnstalleerd: TuneUp Utilities 2008
      59: 2008-03-26 11:08:47 UTC - RP192 - Verwijderd: Norton Security Scan
      58: 2008-03-26 11:07:54 UTC - RP191 - Verwijderd: Caretaker Antispam 1.5.4
      57: 2008-03-25 15:18:13 UTC - RP190 - Controlepunt van systeem


      -- First Restore Point --
      1: 2008-01-15 13:11:49 UTC - RP134 - Controlepunt van systeem


      Backed up registry hives.
      Performed disk cleanup.

      Total Physical Memory: 511 MiB (512 MiB recommended).


      -- HijackThis (run as Jeroen.exe) ----------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:34:43, on 26-3-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\WINDOWS\system32\RunDll32.exe
      C:\WINDOWS\system32\regsvr32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Documents and Settings\Jeroen\Bureaublad\dss.exe
      C:\PROGRA~1\TRENDM~1\HIJACK~1\Jeroen.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: sg_ie_monitor.ie_monitor - {49300144-B971-4A4A-AAAF-97881CC7B06A} - (no file)
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
      O2 - BHO: (no name) - {bf32319e-1dd1-11b2-937f-e7d61c6e90b5} - C:\WINDOWS\gfohipwt.dll (file missing)
      O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
      O4 - HKLM\..\Run: [rmxofoxy] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\rmxofoxy.dll"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189092827546
      O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
      O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe (file missing)
      O23 - Service: CcEvtSvc - Unknown owner - C:\WINDOWS\System32\CcEvtSvc.exe (file missing)
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
      O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

      --
      End of file - 10055 bytes

      -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

      backup-20080326-232142-144 O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
      backup-20080326-232142-189 O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
      backup-20080326-232142-337 O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe (file missing)
      backup-20080326-232142-342 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      backup-20080326-232142-387 O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - marwin32.dll (file missing)
      backup-20080326-232142-409 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
      backup-20080326-232142-492 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
      backup-20080326-232142-496 O2 - BHO: (no name) - {bf32319e-1dd1-11b2-937f-e7d61c6e90b5} - C:\WINDOWS\gfohipwt.dll
      backup-20080326-232142-512 O23 - Service: CcEvtSvc - Unknown owner - C:\WINDOWS\System32\CcEvtSvc.exe (file missing)
      backup-20080326-232142-584 O2 - BHO: sg_ie_monitor.ie_monitor - {49300144-B971-4A4A-AAAF-97881CC7B06A} - (no file)
      backup-20080326-232142-629 O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      backup-20080326-232142-759 O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
      backup-20080326-232142-877 O2 - BHO: ContextEnhancer - {4C6C4BA2-1646-0F3A-1FAE-B393C162C92E} - (no file)
      backup-20080326-232142-957 O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)

      -- File Associations -----------------------------------------------------------

      All associations okay.


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R1 mchInjDrv (madCodeHook DLL injection driver) - c:\windows\system32\drivers\mchinjdrv.sys

      S1 ctredrv.sys - c:\windows\system32\drivers\ctredrv.sys (file missing)
      S3 eeCtrl (Symantec Eraser Control driver) - c:\program files\common files\symantec shared\eengine\eectrl.sys (file missing)
      S3 EraserUtilDrv10741 - c:\program files\common files\symantec shared\eengine\eraserutildrv10741.sys (file missing)


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      S2 CbEvtSvc - c:\windows\system32\cbevtsvc.exe -k netsvcs (file missing)
      S2 CcEvtSvc - c:\windows\system32\ccevtsvc.exe -k netsvcs (file missing)


      -- Device Manager: Disabled ----------------------------------------------------

      No disabled devices found.


      -- Scheduled Tasks -------------------------------------------------------------

      2008-03-26 12:19:46 396 --a------ C:\WINDOWS\Tasks\Easy Onderhoud.job


      -- Files created between 2008-02-26 and 2008-03-26 -----------------------------

      2008-03-26 23:26:59 0 d-------- C:\RVAXO
      2008-03-26 23:23:28 759339 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-03-26 23:23:28 69632 --a------ C:\WINDOWS\system32\remove.exe
      2008-03-26 13:50:05 0 d-------- C:\Documents and Settings\Jeroen\Application Data\Lavasoft
      2008-03-26 13:38:00 0 d-------- C:\Program Files\Trend Micro
      2008-03-26 12:19:37 0 d-------- C:\Documents and Settings\Jeroen\Application Data\TuneUp Software
      2008-03-26 12:19:04 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
      2008-03-26 12:18:47 0 d-------- C:\Program Files\TuneUp Utilities 2008
      2008-03-26 12:17:57 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-03-26 12:15:18 0 d-------- C:\Documents and Settings\Jeroen\Application Data\U3
      2008-03-26 11:44:02 0 d--h----- C:\Documents and Settings\Administrator\Sjablonen
      2008-03-26 11:44:02 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
      2008-03-26 11:44:02 0 d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
      2008-03-26 11:44:02 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
      2008-03-26 11:44:02 0 d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
      2008-03-26 11:44:02 0 d--h----- C:\Documents and Settings\Administrator\NetHood
      2008-03-26 11:44:02 0 d-------- C:\Documents and Settings\Administrator\Mijn documenten
      2008-03-26 11:44:02 0 dr------- C:\Documents and Settings\Administrator\Menu Start
      2008-03-26 11:44:02 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
      2008-03-26 11:44:02 0 d-------- C:\Documents and Settings\Administrator\Favorieten
      2008-03-26 11:44:02 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
      2008-03-26 11:44:02 0 d-------- C:\Documents and Settings\Administrator\Bureaublad
      2008-03-26 11:44:02 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
      2008-03-26 11:44:02 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
      2008-03-26 11:43:56 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
      2008-03-24 16:55:17 0 d-------- C:\Program Files\Win_Performance
      2008-03-23 12:43:22 151552 --a------ C:\Documents and Settings\LocalService\Application Data\869715802.exe
      2008-03-23 09:17:23 3806230 --a------ C:\WINDOWS\VaB0J6fH6p.exe
      2008-03-23 09:16:16 88064 --a------ C:\Documents and Settings\All Users\Application Data\rmxofoxy.dll
      2008-03-23 09:16:08 185344 --a------ C:\WINDOWS\xwjwxwfu.dll
      2008-03-23 09:16:08 0 d-------- C:\WINDOWS\wjafcvrn
      2008-03-23 09:16:08 0 d-------- C:\WINDOWS\PerfInfo
      2008-03-23 09:16:03 43008 --a------ C:\WINDOWS\ytedkvmd.exe
      2008-03-23 07:28:14 9216 --a------ C:\WINDOWS\mssvr.exe
      2008-03-22 19:49:04 0 d-------- C:\Program Files\180search assistant
      2008-03-22 07:22:11 19968 --a------ C:\WINDOWS\voiceip.dll
      2008-03-22 07:22:11 32000 --a------ C:\WINDOWS\swin32.dll
      2008-03-22 07:22:11 26112 --a------ C:\WINDOWS\cdsm32.dll
      2008-03-22 07:22:11 0 d-------- C:\Program Files\stc
      2008-03-22 07:22:10 14848 --a------ C:\WINDOWS\bjam.dll
      2008-03-22 07:22:08 23808 --a------ C:\WINDOWS\180ax.exe
      2008-03-22 07:22:06 8192 --a------ C:\WINDOWS\system32\MSNSA32.dll
      2008-03-22 07:22:06 9472 --a------ C:\WINDOWS\saiemod.dll
      2008-03-22 07:22:06 24064 --a------ C:\WINDOWS\msapasrc.dll
      2008-03-22 07:22:06 8704 --a------ C:\WINDOWS\msa64chk.dll
      2008-03-22 07:22:05 29952 --a------ C:\WINDOWS\system32\SIPSPI32.dll
      2008-03-22 07:22:05 21760 --a------ C:\WINDOWS\system32\shdocpe.dll
      2008-03-22 07:22:05 27904 --a------ C:\WINDOWS\system32\ntnut32.exe
      2008-03-22 07:22:05 13312 --a------ C:\WINDOWS\shdocpl.dll
      2008-03-22 07:22:05 21248 --a------ C:\WINDOWS\shdocpe.dll
      2008-03-22 07:22:05 10496 --a------ C:\WINDOWS\ntnut.exe
      2008-03-22 07:22:04 22272 --a------ C:\WINDOWS\winsb.dll
      2008-03-22 07:22:04 10240 --a------ C:\WINDOWS\browserad.dll
      2008-03-22 07:22:04 10752 --a------ C:\WINDOWS\aviwrap32.dll
      2008-03-22 07:22:04 12544 --a------ C:\WINDOWS\avisynthex32.dll
      2008-03-22 07:22:04 9984 --a------ C:\WINDOWS\avifile32.dll
      2008-03-22 07:22:04 21504 --a------ C:\WINDOWS\autodisc32.dll
      2008-03-22 07:22:04 23808 --a------ C:\WINDOWS\audiosrv32.dll
      2008-03-22 07:22:04 0 d-------- C:\Program Files\Sysmnt
      2008-03-22 07:22:03 32000 --a------ C:\WINDOWS\ati2dvag32.dll
      2008-03-22 07:22:03 14848 --a------ C:\WINDOWS\ati2dvaa32.dll
      2008-03-22 07:22:03 16896 --a------ C:\WINDOWS\athprxy32.dll
      2008-03-22 07:22:03 25600 --a------ C:\WINDOWS\asycfilt32.dll
      2008-03-22 07:22:03 8704 --a------ C:\WINDOWS\asferror32.dll
      2008-03-22 07:22:03 31488 --a------ C:\WINDOWS\apphelp32.dll
      2008-03-22 07:22:02 11520 --a------ C:\WINDOWS\changeurl_30.dll
      2008-03-22 07:12:04 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
      2008-03-22 07:12:04 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
      2008-03-22 07:12:00 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
      2008-03-22 07:11:59 0 dr------- C:\Documents and Settings\LocalService\Favorieten
      2008-03-22 07:11:58 4 --a------ C:\WINDOWS\system32\winfrun32.bin
      2008-03-21 17:32:14 151552 --a------ C:\Documents and Settings\LocalService\Application Data\951192718.exe
      2008-03-13 18:27:28 0 d-------- C:\Documents and Settings\Jeroen\Application Data\skypePM
      2008-03-08 19:35:56 0 d-------- C:\Documents and Settings\Jeroen\Application Data\Skype
      2008-03-07 14:27:12 0 d-------- C:\Documents and Settings\Wubbels\Application Data\skypePM
      2008-03-07 14:27:12 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
      2008-03-07 14:19:59 0 d-------- C:\Documents and Settings\Wubbels\Application Data\Skype
      2008-03-07 14:19:11 0 d-------- C:\Program Files\Skype
      2008-03-07 14:19:11 0 d-------- C:\Program Files\Common Files\Skype
      2008-03-07 14:18:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
      2008-03-03 09:04:14 691545 --a------ C:\WINDOWS\unins000.exe
      2008-03-03 09:04:14 2555 --a------ C:\WINDOWS\unins000.dat
      2008-02-29 15:11:06 0 d-------- C:\Program Files\Common Files\Symantec Shared
      2008-02-28 16:52:53 0 d-------- C:\Documents and Settings\Jeroen\Shared
      2008-02-28 16:52:52 0 d-------- C:\Documents and Settings\Jeroen\Incomplete
      2008-02-28 16:52:10 0 d-------- C:\Documents and Settings\Jeroen\Application Data\LimeWire


      -- Find3M Report ---------------------------------------------------------------

      2008-03-26 23:28:12 0 d-------- C:\Program Files\Hitman Pro
      2008-03-26 13:49:56 0 d-------- C:\Program Files\SpywareBlaster
      2008-03-26 12:17:57 0 d-------- C:\Program Files\Common Files
      2008-03-26 12:10:52 0 d-------- C:\Documents and Settings\Jeroen\Application Data\AVG7
      2008-03-22 19:49:56 0 d-------- C:\Program Files\Spyware Doctor
      2008-03-22 17:49:50 0 d-------- C:\Program Files\Java
      2008-03-21 13:44:06 0 d-------- C:\Documents and Settings\Jeroen\Application Data\Adobe
      2008-03-13 18:50:44 0 d-------- C:\Program Files\LimeWire
      2008-03-04 17:17:09 0 --a------ C:\WINDOWS\mfont.dat
      2008-02-25 06:47:56 0 d-------- C:\Program Files\Boerderij Tycoon
      2008-02-17 16:19:10 0 d-------- C:\Program Files\Windows Media Connect 2


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49300144-B971-4A4A-AAAF-97881CC7B06A}]

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf32319e-1dd1-11b2-937f-e7d61c6e90b5}]
      C:\WINDOWS\gfohipwt.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 10:50]
      "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [08-12-2003 16:35]
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [21-12-2007 14:03]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12-02-2004 12:38]
      "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12-05-2004 14:18]
      "Cmaudio"="cmicnfg.cpl"
      "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [30-01-2007 13:41]
      "rmxofoxy"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\rmxofoxy.dll"

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 13:00]
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19-01-2007 11:54]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [25-09-2007 14:10]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13-10-2004 17:24]

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
      "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

      C:\Documents and Settings\Jeroen\Menu Start\Programma's\Opstarten\
      OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26-10-2006 19:24:54]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14-12-2004 3:44:06]
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [28-5-2004 21:31:38]
      Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [28-5-2004 22:06:36]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
      "Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved]
      @="Driver Group"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
      @="Service"

      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      UxTuneUp


      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
      AutoRun\command- G:\LaunchU3.exe -a




      -- End of Deckard's System Scanner: finished at 2008-03-26 23:35:28 ------------



      Hier het logje van RVAXO.

      ---RVAXO.exe Updated: 2008-03-26---first run---
      Uninstallers:

      Files found:
      C:\regxpcom.exe

      Folders Found:
      C:\Program Files\PlayMP3z
      C:\Program Files\ContextEnhancer
      C:\Program Files\FBrowserAdvisor

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------


      En hier het nieuwe hijackthis logje.

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:41:18, on 26-3-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\WINDOWS\system32\RunDll32.exe
      C:\WINDOWS\system32\regsvr32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\WINDOWS\notepad.exe
      C:\WINDOWS\notepad.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: sg_ie_monitor.ie_monitor - {49300144-B971-4A4A-AAAF-97881CC7B06A} - (no file)
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
      O2 - BHO: (no name) - {bf32319e-1dd1-11b2-937f-e7d61c6e90b5} - C:\WINDOWS\gfohipwt.dll (file missing)
      O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
      O4 - HKLM\..\Run: [rmxofoxy] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\rmxofoxy.dll"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189092827546
      O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
      O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe (file missing)
      O23 - Service: CcEvtSvc - Unknown owner - C:\WINDOWS\System32\CcEvtSvc.exe (file missing)
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
      O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

      --
      End of file - 10113 bytes

      Comment


      • #4
        Open een kladblokbestand.
        Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

        @ECHO OFF
        IF EXIST log.txt DEL log.txt
        ren "C:\Documents and Settings\All Users\Application Data\rmxofoxy.dll" rmxofoxy.bak
        rd /s /q "C:\Program Files\Win_Performance"
        rd /s /q "C:\Program Files\Sysmnt"
        rd /s /q C:\WINDOWS\wjafcvrn
        rd /s /q C:\WINDOWS\PerfInfo
        rd /s /q "C:\Program Files\stc"
        sc delete CbEvtSvc
        sc delete CcEvtSvc
        sc delete mchInjDrv
        ECHO Deleting files>>log.txt
        FOR %%g in (
        c:\windows\system32\drivers\mchinjdrv.sys
        "C:\Program Files\Win_Performance"
        "C:\Documents and Settings\LocalService\Application Data\869715802.exe"
        C:\WINDOWS\VaB0J6fH6p.exe
        "C:\Documents and Settings\All Users\Application Data\rmxofoxy.dll"
        "C:\Documents and Settings\All Users\Application Data\rmxofoxy.bak"
        C:\WINDOWS\xwjwxwfu.dll
        C:\WINDOWS\wjafcvrn
        C:\WINDOWS\PerfInfo
        C:\WINDOWS\ytedkvmd.exe
        C:\WINDOWS\mssvr.exe
        C:\Program Files\180search assistant
        C:\WINDOWS\voiceip.dll
        C:\WINDOWS\swin32.dll
        C:\WINDOWS\cdsm32.dll
        "C:\Program Files\stc"
        C:\WINDOWS\bjam.dll
        C:\WINDOWS\180ax.exe
        C:\WINDOWS\system32\MSNSA32.dll
        C:\WINDOWS\saiemod.dll
        C:\WINDOWS\msapasrc.dll
        C:\WINDOWS\msa64chk.dll
        C:\WINDOWS\system32\SIPSPI32.dll
        C:\WINDOWS\system32\shdocpe.dll
        C:\WINDOWS\system32\ntnut32.exe
        C:\WINDOWS\shdocpl.dll
        C:\WINDOWS\shdocpe.dll
        C:\WINDOWS\ntnut.exe
        C:\WINDOWS\winsb.dll
        C:\WINDOWS\browserad.dll
        C:\WINDOWS\aviwrap32.dll
        C:\WINDOWS\avisynthex32.dll
        C:\WINDOWS\avifile32.dll
        C:\WINDOWS\autodisc32.dll
        C:\WINDOWS\audiosrv32.dll
        "C:\Program Files\Sysmnt"
        C:\WINDOWS\ati2dvag32.dll
        C:\WINDOWS\ati2dvaa32.dll
        C:\WINDOWS\athprxy32.dll
        C:\WINDOWS\asycfilt32.dll
        C:\WINDOWS\asferror32.dll
        C:\WINDOWS\apphelp32.dll
        C:\WINDOWS\changeurl_30.dll
        C:\WINDOWS\system32\winfrun32.bin
        "C:\Documents and Settings\LocalService\Application Data\951192718.exe") DO (
        IF EXIST %%g (
        ATTRIB -r -s -h %%g
        DEL %%g
        IF EXIST %%g (
        ECHO %%g not deleted>>log.txt
        ) ELSE (
        ECHO %%g deleted>>log.txt)
        ) ELSE (
        ECHO %%g not found>>log.txt))
        START NOTEPAD.EXE log.txt

        Ga naar Bestand - Opslaan als.
        Bij "Opslaan in" kies je: Bureaublad
        Bij "Bestandsnaam" zet je: del.bat
        Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
        Klik op de knop Opslaan.

        Dubbelklik op del.bat en post de inhoud van de logfile die opent.

        Herstart je computer en post dan ook een nieuw logje van Deckard's System Scanner

        Comment


        • #5
          Goedemorgen Smeenk,

          Bij het opnieuw opstarten na het uitvoeren van del.bat kwam de pc met een melding:

          RegSvr32
          Het in het geheugen laaden van de bibliotheek (C:\Docuents and Settings\All Users\Applicatin Data\rmxofoxy.dll)is mislukt - Kan opgegeven mdule niet vinden.

          Hier het log txt van del.bat:

          Deleting files
          c:\windows\system32\drivers\mchinjdrv.sys deleted
          "C:\Program Files\Win_Performance" not found
          "C:\Documents and Settings\LocalService\Application Data\869715802.exe" deleted
          C:\WINDOWS\VaB0J6fH6p.exe deleted
          "C:\Documents and Settings\All Users\Application Data\rmxofoxy.dll" not found
          "C:\Documents and Settings\All Users\Application Data\rmxofoxy.bak" not deleted
          C:\WINDOWS\xwjwxwfu.dll deleted
          C:\WINDOWS\wjafcvrn not found
          C:\WINDOWS\PerfInfo not found
          C:\WINDOWS\ytedkvmd.exe deleted
          C:\WINDOWS\mssvr.exe deleted
          C:\Program not found
          Files\180search not found
          assistant not found
          C:\WINDOWS\voiceip.dll deleted
          C:\WINDOWS\swin32.dll deleted
          C:\WINDOWS\cdsm32.dll deleted
          "C:\Program Files\stc" not found
          C:\WINDOWS\bjam.dll deleted
          C:\WINDOWS\180ax.exe deleted
          C:\WINDOWS\system32\MSNSA32.dll deleted
          C:\WINDOWS\saiemod.dll deleted
          C:\WINDOWS\msapasrc.dll deleted
          C:\WINDOWS\msa64chk.dll deleted
          C:\WINDOWS\system32\SIPSPI32.dll deleted
          C:\WINDOWS\system32\shdocpe.dll deleted
          C:\WINDOWS\system32\ntnut32.exe deleted
          C:\WINDOWS\shdocpl.dll deleted
          C:\WINDOWS\shdocpe.dll deleted
          C:\WINDOWS\ntnut.exe deleted
          C:\WINDOWS\winsb.dll deleted
          C:\WINDOWS\browserad.dll deleted
          C:\WINDOWS\aviwrap32.dll deleted
          C:\WINDOWS\avisynthex32.dll deleted
          C:\WINDOWS\avifile32.dll deleted
          C:\WINDOWS\autodisc32.dll deleted
          C:\WINDOWS\audiosrv32.dll deleted
          "C:\Program Files\Sysmnt" not found
          C:\WINDOWS\ati2dvag32.dll deleted
          C:\WINDOWS\ati2dvaa32.dll deleted
          C:\WINDOWS\athprxy32.dll deleted
          C:\WINDOWS\asycfilt32.dll deleted
          C:\WINDOWS\asferror32.dll deleted
          C:\WINDOWS\apphelp32.dll deleted
          C:\WINDOWS\changeurl_30.dll deleted
          C:\WINDOWS\system32\winfrun32.bin deleted
          "C:\Documents and Settings\LocalService\Application Data\951192718.exe" deleted


          En hier het nieuwe logje van Dss.

          Deckard's System Scanner v20071014.68
          Run by Jeroen on 2008-03-27 08:54:34
          Computer is in Normal Mode.
          --------------------------------------------------------------------------------

          Total Physical Memory: 511 MiB (512 MiB recommended).


          -- HijackThis (run as Jeroen.exe) ----------------------------------------------

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 8:54:42, on 27-3-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16608)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
          C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
          C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
          C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
          C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
          C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
          C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
          C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
          C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
          C:\WINDOWS\system32\RunDll32.exe
          C:\WINDOWS\system32\regsvr32.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\MSN Messenger\msnmsgr.exe
          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
          C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
          C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Documents and Settings\Jeroen\Bureaublad\dss.exe
          C:\PROGRA~1\TRENDM~1\HIJACK~1\Jeroen.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
          O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
          O2 - BHO: sg_ie_monitor.ie_monitor - {49300144-B971-4A4A-AAAF-97881CC7B06A} - (no file)
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
          O2 - BHO: (no name) - {bf32319e-1dd1-11b2-937f-e7d61c6e90b5} - C:\WINDOWS\gfohipwt.dll (file missing)
          O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
          O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
          O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
          O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
          O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
          O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
          O4 - HKLM\..\Run: [rmxofoxy] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\rmxofoxy.dll"
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
          O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
          O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
          O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
          O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
          O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189092827546
          O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
          O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
          O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
          O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
          O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
          O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
          O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
          O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
          O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
          O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
          O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

          --
          End of file - 9924 bytes

          -- Files created between 2008-02-27 and 2008-03-27 -----------------------------

          2008-03-26 23:26:59 0 d-------- C:\RVAXO
          2008-03-26 23:23:28 759339 --a------ C:\WINDOWS\system32\RVAXO.bat
          2008-03-26 23:23:28 69632 --a------ C:\WINDOWS\system32\remove.exe
          2008-03-26 13:50:05 0 d-------- C:\Documents and Settings\Jeroen\Application Data\Lavasoft
          2008-03-26 13:38:00 0 d-------- C:\Program Files\Trend Micro
          2008-03-26 12:19:37 0 d-------- C:\Documents and Settings\Jeroen\Application Data\TuneUp Software
          2008-03-26 12:19:04 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
          2008-03-26 12:18:47 0 d-------- C:\Program Files\TuneUp Utilities 2008
          2008-03-26 12:17:57 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
          2008-03-26 12:15:18 0 d-------- C:\Documents and Settings\Jeroen\Application Data\U3
          2008-03-26 11:44:02 0 d--h----- C:\Documents and Settings\Administrator\Sjablonen
          2008-03-26 11:44:02 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
          2008-03-26 11:44:02 0 d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
          2008-03-26 11:44:02 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
          2008-03-26 11:44:02 0 d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
          2008-03-26 11:44:02 0 d--h----- C:\Documents and Settings\Administrator\NetHood
          2008-03-26 11:44:02 0 d-------- C:\Documents and Settings\Administrator\Mijn documenten
          2008-03-26 11:44:02 0 dr------- C:\Documents and Settings\Administrator\Menu Start
          2008-03-26 11:44:02 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
          2008-03-26 11:44:02 0 d-------- C:\Documents and Settings\Administrator\Favorieten
          2008-03-26 11:44:02 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
          2008-03-26 11:44:02 0 d-------- C:\Documents and Settings\Administrator\Bureaublad
          2008-03-26 11:44:02 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
          2008-03-26 11:44:02 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
          2008-03-26 11:43:56 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
          2008-03-22 19:49:04 0 d-------- C:\Program Files\180search assistant
          2008-03-22 07:12:04 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
          2008-03-22 07:12:04 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
          2008-03-22 07:12:00 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
          2008-03-22 07:11:59 0 dr------- C:\Documents and Settings\LocalService\Favorieten
          2008-03-13 18:27:28 0 d-------- C:\Documents and Settings\Jeroen\Application Data\skypePM
          2008-03-08 19:35:56 0 d-------- C:\Documents and Settings\Jeroen\Application Data\Skype
          2008-03-07 14:27:12 0 d-------- C:\Documents and Settings\Wubbels\Application Data\skypePM
          2008-03-07 14:27:12 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
          2008-03-07 14:19:59 0 d-------- C:\Documents and Settings\Wubbels\Application Data\Skype
          2008-03-07 14:19:11 0 d-------- C:\Program Files\Skype
          2008-03-07 14:19:11 0 d-------- C:\Program Files\Common Files\Skype
          2008-03-07 14:18:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
          2008-03-03 09:04:14 691545 --a------ C:\WINDOWS\unins000.exe
          2008-03-03 09:04:14 2555 --a------ C:\WINDOWS\unins000.dat
          2008-02-29 15:11:06 0 d-------- C:\Program Files\Common Files\Symantec Shared
          2008-02-28 16:52:53 0 d-------- C:\Documents and Settings\Jeroen\Shared
          2008-02-28 16:52:52 0 d-------- C:\Documents and Settings\Jeroen\Incomplete
          2008-02-28 16:52:10 0 d-------- C:\Documents and Settings\Jeroen\Application Data\LimeWire


          -- Find3M Report ---------------------------------------------------------------

          2008-03-27 08:53:25 0 d-------- C:\Program Files\Hitman Pro
          2008-03-27 08:46:10 0 d-------- C:\Documents and Settings\Jeroen\Application Data\AVG7
          2008-03-26 13:49:56 0 d-------- C:\Program Files\SpywareBlaster
          2008-03-26 12:17:57 0 d-------- C:\Program Files\Common Files
          2008-03-22 19:49:56 0 d-------- C:\Program Files\Spyware Doctor
          2008-03-22 17:49:50 0 d-------- C:\Program Files\Java
          2008-03-21 13:44:06 0 d-------- C:\Documents and Settings\Jeroen\Application Data\Adobe
          2008-03-13 18:50:44 0 d-------- C:\Program Files\LimeWire
          2008-03-04 17:17:09 0 --a------ C:\WINDOWS\mfont.dat
          2008-02-25 06:47:56 0 d-------- C:\Program Files\Boerderij Tycoon
          2008-02-17 16:19:10 0 d-------- C:\Program Files\Windows Media Connect 2


          -- Registry Dump ---------------------------------------------------------------

          *Note* empty entries & legit default entries are not shown


          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49300144-B971-4A4A-AAAF-97881CC7B06A}]

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf32319e-1dd1-11b2-937f-e7d61c6e90b5}]
          C:\WINDOWS\gfohipwt.dll

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
          "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 10:50]
          "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [08-12-2003 16:35]
          "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [21-12-2007 14:03]
          "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12-02-2004 12:38]
          "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12-05-2004 14:18]
          "Cmaudio"="cmicnfg.cpl"
          "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [30-01-2007 13:41]
          "rmxofoxy"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\rmxofoxy.dll"

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 13:00]
          "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19-01-2007 11:54]
          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [25-09-2007 14:10]
          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13-10-2004 17:24]

          [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
          "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

          C:\Documents and Settings\Jeroen\Menu Start\Programma's\Opstarten\
          OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26-10-2006 19:24:54]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14-12-2004 3:44:06]
          HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [28-5-2004 21:31:38]
          Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [28-5-2004 22:06:36]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
          "Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved]
          @="Driver Group"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
          @="Service"

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
          UxTuneUp


          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
          AutoRun\command- G:\LaunchU3.exe -a




          -- End of Deckard's System Scanner: finished at 2008-03-27 08:55:07 ------------

          Comment


          • #6
            Schakel Spybot's TeaTimer even uit, omdat deze de fix in de weg kan zitten:
            - Start Spybot
            - Ga naar Mode > selecteer Advanced Mode
            - Ga naar Tools en klik op het Resident-icoon in de lijst
            - Haal het vinkje weg bij Resident TeaTimer en klik OK
            - Herstart de computer

            Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
            Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.
            Als de computer schoon is, kun je TeaTimer weer aan zetten

            Start Hijackthis en plaats alleen een vinkje voor de volgende regels:
            R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
            F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
            O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
            O2 - BHO: sg_ie_monitor.ie_monitor - {49300144-B971-4A4A-AAAF-97881CC7B06A} - (no file)
            O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
            O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
            O2 - BHO: (no name) - {bf32319e-1dd1-11b2-937f-e7d61c6e90b5} - C:\WINDOWS\gfohipwt.dll (file missing)
            O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
            O4 - HKLM\..\Run: [rmxofoxy] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\rmxofoxy.dll"
            O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

            Probeer deze regels te verwijderen met behulp van de knop "Fix checked".

            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            sc delete ctredrv.sys
            rd /s /q "C:\Program Files\180search assistant"
            ren C:\WINDOWS\system32\sbwltbxa.exe sbwltbxa.bak
            ECHO Deleting files>>log.txt
            FOR %%g in (
            C:\WINDOWS\system32\sbwltbxa.bak
            C:\WINDOWS\system32\sbwltbxa.exe
            "C:\Documents and Settings\All Users\Application Data\rmxofoxy.bak"
            "C:\Program Files\180search assistant") DO (
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.

            Dubbelklik op del.bat en post de inhoud van de logfile die opent.

            Herstart je computer en post dan ook een nieuw logje van Hijackthis

            Comment


            • #7
              Hallo Smeenk,
              Ik krijg nu bij het opstarten een venster van spyboth?

              hier het logje van del.bat:

              Deleting files
              C:\WINDOWS\system32\sbwltbxa.bak not found
              C:\WINDOWS\system32\sbwltbxa.exe not found
              "C:\Documents and Settings\All Users\Application Data\rmxofoxy.bak" deleted
              "C:\Program Files\180search assistant" not found


              En hier hijackthis logje:

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 10:55:20, on 27-3-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16608)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
              C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
              C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
              C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
              C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
              C:\WINDOWS\system32\RunDll32.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\MSN Messenger\msnmsgr.exe
              C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              C:\Program Files\Messenger\msmsgs.exe
              C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
              C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
              C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
              C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
              C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
              C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
              C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
              C:\Program Files\Common Files\LightScribe\LSSrvc.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
              C:\WINDOWS\system32\wuauclt.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
              O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
              O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
              O2 - BHO: (no name) - {49300144-B971-4A4A-AAAF-97881CC7B06A} - (no file)
              O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
              O2 - BHO: (no name) - {bf32319e-1dd1-11b2-937f-e7d61c6e90b5} - (no file)
              O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
              O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
              O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
              O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
              O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
              O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
              O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
              O4 - HKLM\..\Run: [rmxofoxy] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\rmxofoxy.dll"
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
              O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
              O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
              O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
              O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
              O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
              O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
              O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
              O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
              O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
              O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189092827546
              O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
              O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
              O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
              O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
              O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
              O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
              O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
              O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
              O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
              O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
              O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
              O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
              O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

              --
              End of file - 9947 bytes

              Comment


              • #8
                Start Hijackthis en plaats alleen een vinkje voor de volgende regels:
                R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
                F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
                O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
                O2 - BHO: sg_ie_monitor.ie_monitor - {49300144-B971-4A4A-AAAF-97881CC7B06A} - (no file)
                O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
                O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
                O2 - BHO: (no name) - {bf32319e-1dd1-11b2-937f-e7d61c6e90b5} - C:\WINDOWS\gfohipwt.dll (file missing)
                O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
                O4 - HKLM\..\Run: [rmxofoxy] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\rmxofoxy.dll"
                O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

                Probeer deze regels te verwijderen met behulp van de knop "Fix checked".

                Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
                Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.

                Herstart je computer en post dan ook een nieuw logje van Hijackthis.

                Comment


                • #9
                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 11:48:28, on 27-3-2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
                  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
                  C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
                  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
                  C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                  C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
                  C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
                  C:\WINDOWS\system32\RunDll32.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\MSN Messenger\msnmsgr.exe
                  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                  C:\Program Files\Messenger\msmsgs.exe
                  C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
                  C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
                  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                  O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                  O2 - BHO: (no name) - {49300144-B971-4A4A-AAAF-97881CC7B06A} - (no file)
                  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
                  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
                  O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
                  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
                  O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                  O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
                  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                  O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
                  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                  O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                  O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                  O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
                  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189092827546
                  O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
                  O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
                  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                  O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
                  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
                  O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
                  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
                  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
                  O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
                  O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

                  --
                  End of file - 9372 bytes

                  Comment


                  • #10
                    Ik denk dat Hitman Pro er voor zorgt dat die regels niet weg willen.
                    Zou je Hitman Pro eens volledig willen verwijderen?

                    Probeer daarna eens de volgende regels te verwijderen met Hijackthis:
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
                    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
                    O2 - BHO: (no name) - {49300144-B971-4A4A-AAAF-97881CC7B06A} - (no file)


                    Herstart je computer en post daarna nog een nieuw logje van Hijackthis.

                    Comment


                    • #11
                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 12:26:30, on 27-3-2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
                      C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
                      C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
                      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                      C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
                      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
                      C:\WINDOWS\system32\RunDll32.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\MSN Messenger\msnmsgr.exe
                      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      C:\Program Files\Messenger\msmsgs.exe
                      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                      C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
                      C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
                      C:\WINDOWS\system32\wuauclt.exe
                      C:\Program Files\Internet Explorer\iexplore.exe
                      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
                      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
                      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
                      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
                      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
                      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                      O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
                      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                      O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
                      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                      O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
                      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189092827546
                      O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
                      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
                      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
                      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
                      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
                      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                      O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

                      --
                      End of file - 8590 bytes

                      Comment


                      • #12
                        Schoon

                        Doe dit nog:

                        Download ATF cleaner (mirror)(gemaakt door Atribune)

                        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                        Dubbelklik op ATF cleaner om het programma te starten.
                        Op het tabblad "Main", plaats je een vinkje bij Select All.
                        Klik op de knop Empty Selected.

                        Het volgende doen als je ook FireFox als browser hebt:
                        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                        Klik op de knop Empty Selected.

                        Het volgende doen als je ook Opera als browser hebt:
                        Klik op tabblad "Opera", plaats een vinkje bij Select All.
                        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        Klik op de knop Empty Selected.
                        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                        Kijk hier hoe je je systeemherstel moet uitschakelen.
                        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                        Zijn alle problemen nu voorbij?

                        Comment


                        • #13
                          Smeenk mag ik je hartelijk danken hiervoor er zijn geen problemen meer!!!
                          Een vraagje hoe kan ik alle progjes die je hebt aangebracht op het bureaublad verwijderen.gewoon naar de prullenbak slepen?

                          Comment


                          • #14
                            Nog een vraagje kan ik hitman pro wel weer er op installeren??

                            Comment


                            • #15
                              Graag gedaan hoor

                              Open de map RVAXO en dubbelklik op Uninstall.cmd
                              Dit zal alles van RVAXO doen verwijderen.

                              De overige bestanden mag je zo verwijderen.
                              Oorspronkelijk geplaatst door scenic Bekijk Berichten
                              Nog een vraagje kan ik hitman pro wel weer er op installeren??
                              Als jij het een goed programma vindt, dan zet je hem er maar weer opnieuw op.
                              Last edited by smeenk; 27-03-08, 14:08.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X