Mededeling

Collapse
No announcement yet.

Ongewenste sites in beeld

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Ongewenste sites in beeld

    Er komen weer allerlei lege ongewenste IE sites in beeld, soms om de paar seconden. Ook met opstarten zie ik al iets vreemd in beeld komen. Al die antipsyware programma's, virusscanners en al die andere veiligheidssites heb ik bijgewerkt, maar echt helpen doen ze maar een beetje.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:29:41, on 22-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\SiteAdvisor\6261\SAService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\SlimBrowser\sbrowser.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\antiviirus.exe
    C:\Program Files\tmp0.exe
    C:\Program Files\tmp1.exe
    C:\Program Files\tmp2.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/webhp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: gktxaspm - {AE7C2D7A-58B4-4DDD-904F-E089A9514E0F} - C:\WINDOWS\gktxaspm.dll (file missing)
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 8\LaunchList.exe
    O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [KvmSecure.exe] C:\Program Files\KvmSecure\KvmSecure.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O21 - SSODL: gnowmebk - {91AB6BC2-B476-47F3-BCAD-38E785450DB1} - C:\WINDOWS\gnowmebk.dll
    O21 - SSODL: pxgdslro - {AD159890-5F97-44F0-B0EB-54799AE4806A} - C:\WINDOWS\pxgdslro.dll (file missing)
    O21 - SSODL: ChkRom - {73922260-ed6e-48fa-8c54-89af67688425} - C:\WINDOWS\Resources\ChkRom.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

    --
    End of file - 12163 bytes
    Bijgevoegde Bestanden
    Last edited by robertus65; 22-05-08, 22:34.
    Labels: Geen
    • Citaat
  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)
    • Citaat

    Comment

    • #3
      Hier zijn de twee bestandjes die je vroeg.


      ---RVAXO.exe Updated: 2008-05-21---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\BM4ec4749a.xml
      C:\WINDOWS\BM4ec4749a.txt
      C:\WINDOWS\system32\sstwa.ini2
      C:\WINDOWS\pskt.ini
      C:\WINDOWS\gnowmebk.dll
      C:\WINDOWS\mdtgkswr.exe
      C:\WINDOWS\wininit.ini
      C:\WINDOWS\system32\clkcnt.txt
      C:\WINDOWS\system32\mcrh.tmp
      C:\Program Files\antiviirus.exe
      C:\Program Files\tmp0.exe
      C:\Program Files\tmp1.exe
      C:\Program Files\tmp2.exe

      Folders Found:
      C:\WINDOWS\System32\959563

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------



      Deckard's System Scanner v20071014.68
      Run by Eigenaar on 2008-05-23 11:26:34
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------



      -- Last 5 Restore Point(s) --
      14: 2008-05-23 09:07:11 UTC - RP14 - Deckard's System Scanner Restore Point
      13: 2008-05-22 10:19:24 UTC - RP13 - Controlepunt van systeem
      12: 2008-05-20 15:23:05 UTC - RP12 - Controlepunt van systeem
      11: 2008-05-16 07:26:54 UTC - RP11 - Software Distribution Service 3.0
      10: 2008-05-14 05:44:06 UTC - RP10 - Software Distribution Service 3.0


      -- First Restore Point --
      1: 2008-05-01 09:02:21 UTC - RP1 - Controlepunt van systeem


      Backed up registry hives.
      Performed disk cleanup.

      Total Physical Memory: 511 MiB (512 MiB recommended).


      -- HijackThis (run as Eigenaar.exe) --------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:28:46, on 23-5-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
      c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      C:\Program Files\McAfee\MPF\MPFSrv.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\SiteAdvisor\6261\SAService.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
      C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
      C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
      C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
      C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
      C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      C:\Program Files\SpywareGuard\sgmain.exe
      C:\Program Files\SpywareGuard\sgbhp.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      C:\Documents and Settings\Eigenaar\Bureaublad\dss.exe
      C:\PROGRA~1\TRENDM~1\HIJACK~1\Eigenaar.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/webhp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
      O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: gktxaspm - {AE7C2D7A-58B4-4DDD-904F-E089A9514E0F} - C:\WINDOWS\gktxaspm.dll (file missing)
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 8\LaunchList.exe
      O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
      O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
      O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
      O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
      O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - HKCU\..\Run: [KvmSecure.exe] C:\Program Files\KvmSecure\KvmSecure.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
      O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O21 - SSODL: ChkRom - {73922260-ed6e-48fa-8c54-89af67688425} - C:\WINDOWS\Resources\ChkRom.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

      --
      End of file - 11703 bytes

      -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

      backup-20080412-091829-640 O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
      backup-20080412-091829-557 O4 - HKLM\..\Run: [BM4ec4749a] Rundll32.exe "C:\WINDOWS\system32\qjjeamvv.dll",s

      -- File Associations -----------------------------------------------------------

      All associations okay.


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
      R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

      S3 GMSIPCI - d:\install\gmsipci.sys (file missing)


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R2 AdobeActiveFileMonitor5.0 (Adobe Active File Monitor V5) - c:\program files\adobe\photoshop elements 5.0\photoshopelementsfileagent.exe


      -- Device Manager: Disabled ----------------------------------------------------

      No disabled devices found.


      -- Scheduled Tasks -------------------------------------------------------------

      2008-04-01 01:00:02 338 --a------ C:\WINDOWS\Tasks\McQcTask.job
      2008-01-09 17:53:48 352 --a------ C:\WINDOWS\Tasks\McDefragTask.job


      -- Files created between 2008-04-23 and 2008-05-23 -----------------------------

      2008-05-23 11:01:26 0 d-------- C:\RVAXO
      2008-05-23 10:55:04 826539 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-05-23 10:55:04 69632 --a------ C:\WINDOWS\system32\remove.exe
      2008-05-23 10:51:40 0 d-------- C:\WINDOWS\pss
      2008-05-22 18:18:40 0 dr-h----- C:\Documents and Settings\Eigenaar\Onlangs geopend
      2008-05-22 17:27:00 0 d-------- C:\Documents and Settings\Eigenaar\Application Data\TmpRecentIcons
      2008-05-22 16:00:59 159744 --a------ C:\WINDOWS\elsq.exe
      2008-05-01 11:53:13 0 d-------- C:\Program Files\Lavasoft
      2008-05-01 11:53:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-05-01 11:23:37 0 d-------- C:\Program Files\Yahoo!
      2008-04-30 09:15:32 0 d--hs---- C:\FOUND.015
      2008-04-24 15:41:26 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
      2008-04-24 15:41:25 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
      2008-04-24 15:41:25 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
      2008-04-24 08:15:48 0 d-------- C:\Documents and Settings\Eigenaar\Application Data\Seven Zip


      -- Find3M Report ---------------------------------------------------------------

      2008-04-30 09:57:12 444960 --a------ C:\WINDOWS\system32\perfh013.dat
      2008-04-30 09:57:12 70426 --a------ C:\WINDOWS\system32\perfc013.dat
      2008-04-21 23:47:50 0 d-------- C:\Program Files\TubeSucker
      2008-04-17 22:03:18 0 d-------- C:\Program Files\CCleaner
      2008-04-17 10:43:26 903 --a------ C:\Documents and Settings\Eigenaar\Application Data\DVDSubEdit.ini
      2008-04-16 09:26:44 0 d-------- C:\Documents and Settings\Eigenaar\Application Data\Aegisub
      2008-04-15 14:18:06 0 d-------- C:\Documents and Settings\Eigenaar\Application Data\dvdcss
      2008-04-14 09:05:28 0 d-------- C:\Program Files\SpywareGuard
      2008-04-14 08:46:38 0 d-------- C:\Program Files\SpywareBlaster
      2008-04-12 13:55:16 0 d-------- C:\Program Files\uTorrent
      2008-04-12 13:55:12 0 d-------- C:\Documents and Settings\Eigenaar\Application Data\uTorrent
      2008-04-12 08:29:26 10466 --a------ C:\Program Files\hijackthis.log
      2008-04-12 08:26:18 0 d-------- C:\Program Files\Trend Micro
      2008-04-05 23:06:52 0 d-------- C:\Program Files\VideoLAN
      2008-04-04 22:29:30 0 d-------- C:\Documents and Settings\Eigenaar\Application Data\vlc
      2008-04-02 10:15:08 0 d-------- C:\Program Files\Common Files\xing shared
      2008-03-31 17:17:16 0 d-------- C:\Documents and Settings\Eigenaar\Application Data\SlimBrowser
      2008-03-31 17:17:08 0 d-------- C:\Program Files\SlimBrowser
      2008-03-31 12:33:54 0 d-------- C:\Program Files\SUPERAntiSpyware
      2008-03-31 12:33:54 0 d-------- C:\Documents and Settings\Eigenaar\Application Data\SUPERAntiSpyware.com
      2008-03-31 12:20:36 0 d-------- C:\Documents and Settings\Eigenaar\Application Data\Antispyware
      2008-03-25 14:47:16 0 d-------- C:\Program Files\Belastingdienst


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Cmaudio"="cmicnfg.cpl"
      "@"=""
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [29-10-2003 04:10]
      "SoundMan"="SOUNDMAN.EXE" [27-03-2003 17:34 C:\WINDOWS\SOUNDMAN.EXE]
      "LaunchList"="C:\Program Files\Pinnacle\Studio 8\LaunchList.exe"
      "VOBRegCheck"="C:\WINDOWS\System32\VOBREGCheck.exe" [08-01-2003 22:55]
      "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [05-05-2003 16:55]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 10:50]
      "RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [01-05-2003 18:44]
      "RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [17-07-2003 00:19]
      "RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [15-07-2003 12:36]
      "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [25-07-2002 06:20]
      "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [14-09-2006 07:55]
      "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24-08-2007 07:00]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
      "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03-08-2007 22:33]
      "SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [24-08-2007 22:57]
      "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [30-11-2007 05:42]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 22:16]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 09:03]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13-10-2004 17:24]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04-04-2007 08:53]
      "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [10-02-2005 17:00]
      "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21-05-2008 09:26]
      "KvmSecure.exe"="C:\Program Files\KvmSecure\KvmSecure.exe"

      C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Opstarten\
      OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [24-8-2007 4:45:42]
      SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [29-8-2003 19:05:35]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [30-5-2003 8:32:02]
      hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [6-4-2003 1:06:58]
      hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [6-4-2003 0:37:10]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [21-05-2008 09:26 77824]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
      "ChkRom"= {73922260-ed6e-48fa-8c54-89af67688425} - C:\WINDOWS\Resources\ChkRom.dll [22-05-2008 22:00 14886]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19-04-2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
      @=""

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
      @=""

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
      @="Volume shadow copy"




      -- End of Deckard's System Scanner: finished at 2008-05-23 11:29:40 ------------
      • Citaat

      Comment

      • #4
        Op je C-schijf zou ook dit logje moeten staan: C:\RVAXO-Vfind.log ( het logje C:\RVAXO-results.log staat daar ook)
        Zou je de inhoud van dat logje ook willen posten )
        • Citaat

        Comment

        • #5
          ======C:\WINDOWS====
          ----a-w 0 2008-05-23 09:02:02 C:\WINDOWS\0.log
          ----a-w 60 2008-05-22 20:18:18 C:\WINDOWS\setupact.log
          ----a-w 0 2008-05-22 20:18:18 C:\WINDOWS\setuperr.log
          --s-a-w 2,048 2008-05-23 09:01:22 C:\WINDOWS\bootstat.dat
          ----a-w 227 2008-05-23 09:00:08 C:\WINDOWS\system.ini
          ----a-w 159,744 2008-05-21 15:43:56 C:\WINDOWS\elsq.exe
          ----a-w 32,590 2008-05-23 08:52:28 C:\WINDOWS\SchedLgU.Txt
          ----a-w 159 2008-05-23 09:02:00 C:\WINDOWS\wiadebug.log
          ----a-w 49 2008-05-23 08:52:28 C:\WINDOWS\wiaservc.log
          ----a-w 716 2008-05-23 09:00:08 C:\WINDOWS\win.ini
          ----a-w 1,140,086 2008-05-23 09:00:16 C:\WINDOWS\WindowsUpdate.log
          ----a-w 116 2008-05-22 17:00:36 C:\WINDOWS\NeroDigital.ini

          Entries: 12 (11)
          Directories: 0 Files: 12
          Bytes: 1,335,795 Blocks: 2,614
          ======C:\WINDOWS\system32=====
          ----a-w 21,623 2008-05-23 09:02:08 C:\WINDOWS\System32\Config.MPF
          ----a-w 1,158 2008-05-23 09:02:34 C:\WINDOWS\System32\wpa.dbl
          ----a-w 16,863,864 2008-05-09 12:35:06 C:\WINDOWS\System32\MRT.exe
          ----a-w 962,544 2008-04-30 07:57:10 C:\WINDOWS\System32\PerfStringBackup.INI
          ----a-w 23,392 2008-05-09 07:24:58 C:\WINDOWS\System32\nscompat.tlb
          ----a-w 16,832 2008-05-09 07:24:58 C:\WINDOWS\System32\amcompat.tlb
          ----a-w 53,608 2008-04-30 07:57:12 C:\WINDOWS\System32\perfc009.dat
          ----a-w 70,426 2008-04-30 07:57:12 C:\WINDOWS\System32\perfc013.dat
          ----a-w 383,254 2008-04-30 07:57:12 C:\WINDOWS\System32\perfh009.dat
          ----a-w 444,960 2008-04-30 07:57:12 C:\WINDOWS\System32\perfh013.dat
          ----a-w 826,539 2008-05-21 10:16:14 C:\WINDOWS\System32\RVAXO.bat

          Entries: 11 (11)
          Directories: 0 Files: 11
          Bytes: 19,668,200 Blocks: 38,420
          ======C:\WINDOWS\system32\drivers=====
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          =======C:\Program Files=====
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          =======C:=====
          --sha-r 211 2008-05-23 09:00:08 C:\boot.ini
          ----a-w 488 2008-05-23 08:31:24 C:\hpfr5550.xml
          --sha-w 805,306,368 2008-05-23 09:01:18 C:\pagefile.sys
          ----a-w 45 2008-04-21 21:57:18 C:\Searches.txt
          ----a-w 95 2008-04-25 12:50:26 C:\temp.m3u
          ----a-w 1,264,779,108 2008-04-24 07:30:18 C:\output.avi
          ----a-w 4,721 2008-05-01 04:58:48 C:\logit.txt
          ----a-w 739 2008-05-23 09:02:56 C:\RVAXO-results.log
          ----a-w 604 2008-05-23 08:56:40 C:\firstrun6.log
          ----a-w 2,421 2008-05-23 09:02:56 C:\RVAXO-Vfind.log

          Entries: 10 (8)
          Directories: 0 Files: 10
          Bytes: 2,070,094,800 Blocks: 4,043,159
          ======C:\Documents and Settings\Eigenaar\Application Data======
          ----a-w 903 2008-04-17 08:43:26 C:\Documents and Settings\Eigenaar\Application Data\DVDSubEdit.ini

          Entries: 1 (1)
          Directories: 0 Files: 1
          Bytes: 903 Blocks: 2
          ======C:\Documents and Settings\Eigenaar======
          ----a-w 79 2008-05-22 16:58:24 C:\Documents and Settings\Eigenaar\default.pls
          --sh--w 288 2008-05-23 09:00:16 C:\Documents and Settings\Eigenaar\ntuser.ini
          ---ha-w 8,388,608 2008-05-23 09:00:16 C:\Documents and Settings\Eigenaar\NTUSER.DAT
          ---ha-w 45,056 2008-05-23 09:02:20 C:\Documents and Settings\Eigenaar\ntuser.dat.LOG

          Entries: 4 (1)
          Directories: 0 Files: 4
          Bytes: 8,434,031 Blocks: 16,474
          ======C:\WINDOWS\Downloaded Program Files====
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          =============
          • Citaat

          Comment

          • #6
            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            ECHO Deleting files>>log.txt
            FOR %%g in (
            C:\WINDOWS\Resources\ChkRom.dll
            C:\WINDOWS\elsq.exe) DO (
            DEL /Q %%gNUCIA
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            REN %%g *NUCIA
            IF EXIST %%gNUCIA (
            ECHO renamed to %%gNUCIA>>log.txt)
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.

            Dubbelklik op del.bat en post de inhoud van de logfile die opent.
            • Citaat

            Comment

            • #7
              Deleting files
              renamed to C:\WINDOWS\Resources\ChkRom.dllNUCIA
              C:\WINDOWS\Resources\ChkRom.dll deleted
              C:\WINDOWS\elsq.exe deleted


              Ik zie overal in elke map een pictogram van desktop.ini en thumbs.db staan. Heeft dit er ook mee te maken en moet ik die verwijderen?
              Ook zijn sommige mappen licht en donker geel geworden.
              Last edited by robertus65; 23-05-08, 16:26.
              • Citaat

              Comment

              • #8
                Herstart je computer eens en dubbelklik dan nog een keer op del.bat
                Post het logje van del.bat

                Post ook en nieuw logje van Hijackthis.

                Verborgen bestanden en mappen worden weergegeven.
                Kijk hier voor info: http://users.pandora.be/marcvn/spyware/1117602.htm
                De truc is om precies de tegenovergestelde bewerking te doen dan die op de website vermeld staat, dan zullen die rare halfdoorzichtige icoontjes weer verdwijnen
                • Citaat

                Comment

                • #9
                  Deleting files
                  C:\WINDOWS\Resources\ChkRom.dll not found
                  C:\WINDOWS\elsq.exe not found




                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 22:02:05, on 23-5-2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\System32\Ati2evxx.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                  C:\WINDOWS\SOUNDMAN.EXE
                  C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
                  C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
                  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
                  C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
                  C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                  C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                  C:\Program Files\McAfee.com\Agent\mcagent.exe
                  C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
                  C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
                  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                  C:\Program Files\Messenger\msmsgs.exe
                  c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                  C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                  C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
                  C:\Program Files\McAfee\MPF\MPFSrv.exe
                  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                  C:\Program Files\SiteAdvisor\6261\SAService.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                  C:\WINDOWS\system32\MsPMSPSv.exe
                  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
                  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
                  C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
                  C:\Program Files\SpywareGuard\sgmain.exe
                  C:\Program Files\SpywareGuard\sgbhp.exe
                  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
                  C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
                  C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                  C:\Program Files\SlimBrowser\sbrowser.exe
                  C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/webhp
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
                  O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
                  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                  O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
                  O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
                  O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
                  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
                  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
                  O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
                  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
                  O3 - Toolbar: gktxaspm - {AE7C2D7A-58B4-4DDD-904F-E089A9514E0F} - C:\WINDOWS\gktxaspm.dll (file missing)
                  O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                  O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 8\LaunchList.exe
                  O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
                  O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
                  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                  O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
                  O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
                  O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
                  O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
                  O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
                  O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                  O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
                  O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
                  O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
                  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                  O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
                  O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                  O4 - HKCU\..\Run: [KvmSecure.exe] C:\Program Files\KvmSecure\KvmSecure.exe
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                  O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
                  O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
                  O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                  O4 - Global Startup: hpoddt01.exe.lnk = ?
                  O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                  O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                  O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
                  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                  O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
                  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
                  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
                  O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                  O21 - SSODL: ChkRom - {73922260-ed6e-48fa-8c54-89af67688425} - C:\WINDOWS\Resources\ChkRom.dll (file missing)
                  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
                  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
                  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                  O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                  O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                  O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                  O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                  O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
                  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                  O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

                  --
                  End of file - 11732 bytes
                  • Citaat

                  Comment

                  • #10
                    Start Hijackthis en vink alleen de volgende regels aan:
                    O3 - Toolbar: gktxaspm - {AE7C2D7A-58B4-4DDD-904F-E089A9514E0F} - C:\WINDOWS\gktxaspm.dll (file missing)
                    O4 - HKCU\..\Run: [KvmSecure.exe] C:\Program Files\KvmSecure\KvmSecure.exe
                    O21 - SSODL: ChkRom - {73922260-ed6e-48fa-8c54-89af67688425} - C:\WINDOWS\Resources\ChkRom.dll (file missing)
                    Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

                    Herstart je computer.

                    Post na de herstart een nieuw logje van Hijackthis en vertel of er nog problemen zijn
                    • Citaat

                    Comment

                    • #11
                      Ik heb geen last meer van die IE sites.


                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 9:00:55, on 24-5-2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\System32\Ati2evxx.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      C:\WINDOWS\system32\Ati2evxx.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                      C:\WINDOWS\SOUNDMAN.EXE
                      C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
                      C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
                      C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
                      C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
                      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                      C:\Program Files\McAfee.com\Agent\mcagent.exe
                      C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
                      C:\Program Files\Messenger\msmsgs.exe
                      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                      c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                      c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                      C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                      C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
                      C:\Program Files\McAfee\MPF\MPFSrv.exe
                      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
                      C:\Program Files\SiteAdvisor\6261\SAService.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\MsPMSPSv.exe
                      C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
                      C:\Program Files\SpywareGuard\sgmain.exe
                      C:\Program Files\SpywareGuard\sgbhp.exe
                      C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
                      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
                      C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
                      C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                      C:\Program Files\SlimBrowser\sbrowser.exe
                      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/webhp
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
                      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
                      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
                      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
                      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                      O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
                      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
                      O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
                      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
                      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
                      O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
                      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
                      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                      O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 8\LaunchList.exe
                      O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
                      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
                      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                      O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
                      O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
                      O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
                      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
                      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
                      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                      O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
                      O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
                      O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
                      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
                      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                      O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
                      O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
                      O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
                      O4 - Global Startup: hpoddt01.exe.lnk = ?
                      O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
                      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                      O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
                      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
                      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
                      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
                      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
                      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
                      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                      O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
                      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                      O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

                      --
                      End of file - 11395 bytes
                      • Citaat

                      Comment

                      • #12
                        Doe dit nog:

                        Download ATF cleaner (mirror)(gemaakt door Atribune)

                        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                        Dubbelklik op ATF cleaner om het programma te starten.
                        Op het tabblad "Main", plaats je een vinkje bij Select All.
                        Klik op de knop Empty Selected.

                        Het volgende doen als je ook FireFox als browser hebt:
                        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                        Klik op de knop Empty Selected.

                        Het volgende doen als je ook Opera als browser hebt:
                        Klik op tabblad "Opera", plaats een vinkje bij Select All.
                        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        Klik op de knop Empty Selected.
                        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                        Kijk hier hoe je je systeemherstel moet uitschakelen.
                        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                        Dan denk ik dat alles weer OK is.

                        Groeten smeenk
                        • Citaat

                        Comment

                        • #13
                          Het ziet er weer nomaal uit, bedankt.
                          • Citaat

                          Comment

                          • #14
                            Graag gedaan hoor
                            • Citaat

                            Comment

                            Vorige template Volgende
                            Sorry, you are not authorized to view this page
                            Working...
                            X