Mededeling

Collapse
No announcement yet.

HTJ logje

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • HTJ logje

    Hallo mensen,

    Ik heb een probleem met adware.virtumonde. Mijn virusscanner vindt continu trojans en adware scanners vinden ook steeds infecties. Ik klik steeds op "fix" wat ook lijkt te werken, maar later op de dag komen de infecties gewoon weer terug.

    Symptonen:
    - Popups uit het niets.
    - Traag internet
    - Sommige sites laden gewoon niet.
    - Hotmail wil niet laden in firefox, maar wel in IE. Hij zegt "done" te zijn met laden terwijl ik alleen een blanke pagina zie.

    Software:
    - WinXP
    - Firefox
    - Nod32
    - Adaware2007
    - Spybot
    - Spyware Doctor


    Kan iemand me helpen?


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:19:59 PM, on 5/24/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [BMd39defc0] Rundll32.exe "C:\WINDOWS\system32\rffqrekm.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207780778545
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207781226390
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1AA12E98-173A-4FF0-A1B6-8BE8064EA988}: NameServer = 217.149.196.6,217.149.192.6
    O20 - Winlogon Notify: iifgfFWN - iifgfFWN.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 4615 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.

    • Start Hijackthis en vink alleen de volgende regels aan:
      O4 - HKLM\..\Run: [BMd39defc0] Rundll32.exe "C:\WINDOWS\system32\rffqrekm.dll",s
      O20 - Winlogon Notify: iifgfFWN - iifgfFWN.dll (file missing)

      Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log

    Comment


    • #3
      Hey smeenk, ik heb precies gedaan wat je zei, zonder problemen.

      Log1:

      ---RVAXO.exe Updated: 2008-05-21---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\BMd39defc0.xml
      C:\WINDOWS\BMd39defc0.txt
      C:\WINDOWS\system32\QqXFNqru.ini2
      C:\WINDOWS\pskt.ini
      C:\WINDOWS\system32\clkcnt.txt
      C:\WINDOWS\system32\mcrh.tmp

      Folders Found:

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------


      Log2:

      ======C:\WINDOWS====
      ----a-w 0 2008-05-24 15:59:24 C:\WINDOWS\0.log
      ----a-w 596 2008-05-14 08:13:20 C:\WINDOWS\attach.log
      --s-a-w 2,048 2008-05-24 15:58:55 C:\WINDOWS\bootstat.dat
      ----a-w 265,422 2008-05-15 20:28:17 C:\WINDOWS\DirectX.log
      ----a-w 102,400 2008-05-10 22:45:20 C:\WINDOWS\DUMP45c3.tmp
      ----a-w 102,400 2008-05-14 03:06:58 C:\WINDOWS\DUMP469e.tmp
      ----a-w 102,400 2008-05-10 22:47:15 C:\WINDOWS\DUMP4e20.tmp
      ----a-w 102,400 2008-05-09 00:06:16 C:\WINDOWS\DUMP51d9.tmp
      ----a-w 356,352 2008-05-14 07:11:41 C:\WINDOWS\eSellerateEngine.dll
      ----a-w 19 2008-05-17 01:30:18 C:\WINDOWS\install_Studio10.log
      ----a-w 101,928 2008-05-24 15:54:01 C:\WINDOWS\ntbtlog.txt
      ----a-w 520 2008-05-05 15:59:58 C:\WINDOWS\ODBC.INI
      ----a-w 1,409 2008-04-21 21:22:41 C:\WINDOWS\QTFont.for
      ---ha-w 54,156 2008-05-17 18:28:42 C:\WINDOWS\QTFont.qfn
      ----a-w 12,184 2008-05-24 15:52:27 C:\WINDOWS\SchedLgU.Txt
      ----a-w 149 2008-05-06 22:41:22 C:\WINDOWS\SCXEdit.ini
      ----a-w 577,930 2008-05-15 20:28:17 C:\WINDOWS\setupapi.log
      ----a-w 949 2008-05-20 22:42:31 C:\WINDOWS\system.ini
      ----a-w 1,182 2008-05-17 01:29:51 C:\WINDOWS\VFO.INI
      ----a-w 455 2008-05-14 07:53:32 C:\WINDOWS\VFO.VST
      ----a-w 55 2008-05-14 23:09:48 C:\WINDOWS\videotoaudio.ini
      ----a-w 159 2008-05-24 15:59:17 C:\WINDOWS\wiadebug.log
      ----a-w 49 2008-05-24 15:59:17 C:\WINDOWS\wiaservc.log
      ----a-w 498 2008-05-20 22:42:31 C:\WINDOWS\win.ini
      ----a-w 915,867 2008-05-24 15:52:25 C:\WINDOWS\WindowsUpdate.log
      ----a-w 39,780 2008-05-14 07:37:49 C:\WINDOWS\wmsetup.log
      ----a-w 316,640 2008-05-14 07:37:44 C:\WINDOWS\WMSysPr9.prx

      Entries: 27 (25)
      Directories: 0 Files: 27
      Bytes: 3,057,947 Blocks: 5,983
      ======C:\WINDOWS\system32=====
      --sh--w 1,548,915 2008-05-17 10:49:52 C:\WINDOWS\System32\bavdgyfs.ini
      ----a-w 40 2008-05-14 07:48:13 C:\WINDOWS\System32\blue.SITENAME
      --sh--w 1,498,976 2008-05-21 00:17:38 C:\WINDOWS\System32\cbwrsqct.ini
      ----a-w 125,440 2008-05-15 10:46:57 C:\WINDOWS\System32\ckbslmwv.dll
      ----a-w 43,520 2008-05-10 04:38:20 C:\WINDOWS\System32\CmdLineExt03.dll
      --sh--w 1,490,200 2008-05-20 22:39:28 C:\WINDOWS\System32\daievond.ini
      ------w 114,688 2008-05-21 23:56:33 C:\WINDOWS\System32\dxcxuqbh.dll
      ----a-w 128,000 2008-05-21 23:53:43 C:\WINDOWS\System32\eefuogsh.dll
      ----a-w 114,176 2008-05-19 23:49:53 C:\WINDOWS\System32\FNTCACHE.DAT
      --sh--w 1,555,564 2008-05-14 22:46:38 C:\WINDOWS\System32\fnxiknsh.ini
      --sh--w 1,387,831 2008-05-22 23:57:51 C:\WINDOWS\System32\hbquxcxd.ini
      ----a-w 125,952 2008-05-17 17:41:15 C:\WINDOWS\System32\ifbpscnb.dll
      ----a-w 124,928 2008-05-18 17:43:58 C:\WINDOWS\System32\itwqsdqm.dll
      --sh--w 1,543,292 2008-05-15 13:00:54 C:\WINDOWS\System32\jnbouwiv.ini
      --sh--w 1,466,828 2008-05-18 17:43:45 C:\WINDOWS\System32\lfdvljwg.ini
      --sh--w 1,387,891 2008-05-23 00:02:48 C:\WINDOWS\System32\lwonxjfj.ini
      --sh--w 1,490,080 2008-05-19 23:50:30 C:\WINDOWS\System32\mdrvnrou.ini
      --sh--w 1,489,848 2008-05-19 23:28:59 C:\WINDOWS\System32\oovxqqgs.ini
      ----a-w 86,016 2008-04-27 18:44:41 C:\WINDOWS\System32\OpenAL32.dll
      ----a-w 67,560 2008-05-24 15:57:47 C:\WINDOWS\System32\perfc009.dat
      ----a-w 432,856 2008-05-24 15:57:47 C:\WINDOWS\System32\perfh009.dat
      ----a-w 509,720 2008-05-24 15:57:47 C:\WINDOWS\System32\PerfStringBackup.INI
      ----a-w 124,928 2008-05-18 17:46:26 C:\WINDOWS\System32\qialdoyl.dll
      --sha-w 429,808 2008-05-23 08:36:14 C:\WINDOWS\System32\QqXFNqru.ini
      ----a-w 126,464 2008-05-22 23:56:33 C:\WINDOWS\System32\rffqrekm.dll
      ----a-w 826,539 2008-05-21 10:16:14 C:\WINDOWS\System32\RVAXO.bat
      ----a-w 116,736 2008-05-16 10:48:39 C:\WINDOWS\System32\sfygdvab.dll
      ----atw 12,067 2008-05-10 04:14:42 C:\WINDOWS\System32\SIntf16.dll
      ----atw 17,212 2008-05-10 04:14:42 C:\WINDOWS\System32\SIntf32.dll
      ----atw 21,840 2008-05-10 04:14:42 C:\WINDOWS\System32\SIntfNT.dll
      ----a-w 5 2008-05-14 23:09:48 C:\WINDOWS\System32\SySatm.dat
      ------w 117,248 2008-05-20 23:58:21 C:\WINDOWS\System32\tcqsrwbc.dll
      ----a-w 2,206 2008-05-24 15:53:42 C:\WINDOWS\System32\wpa.dbl
      ----a-w 262,144 2008-04-27 18:44:41 C:\WINDOWS\System32\wrap_oal.dll
      ----a-w 125,952 2008-05-16 10:45:56 C:\WINDOWS\System32\xmtcllej.dll

      Entries: 35 (24)
      Directories: 0 Files: 35
      Bytes: 18,915,470 Blocks: 36,955
      ======C:\WINDOWS\system32\drivers=====
      Entries: 0 (0)
      Directories: 0 Files: 0
      Bytes: 0 Blocks: 0
      =======C:\Program Files=====
      Entries: 0 (0)
      Directories: 0 Files: 0
      Bytes: 0 Blocks: 0
      =======C:=====
      ----a-w 95 2008-05-14 07:37:23 C:\AUTOEXEC.BAT
      --sh--w 211 2008-05-20 22:42:31 C:\boot.ini
      ----a-w 386 2008-05-24 15:57:30 C:\firstrun6.log
      --sha-w 2,145,386,496 2008-05-24 15:58:43 C:\pagefile.sys
      ----a-w 521 2008-05-24 15:59:56 C:\RVAXO-results.log
      ----a-w 5,449 2008-05-24 15:59:56 C:\RVAXO-Vfind.log

      Entries: 6 (4)
      Directories: 0 Files: 6
      Bytes: 2,145,393,158 Blocks: 4,190,224
      ======C:\Documents and Settings\Sigurd\Application Data======
      Entries: 0 (0)
      Directories: 0 Files: 0
      Bytes: 0 Blocks: 0
      ======C:\Documents and Settings\Sigurd======
      ---ha-w 5,242,880 2008-05-24 15:58:02 C:\Documents and Settings\Sigurd\NTUSER.DAT
      ---ha-w 28,672 2008-05-24 15:59:52 C:\Documents and Settings\Sigurd\ntuser.dat.LOG
      --sh--w 178 2008-05-24 15:52:24 C:\Documents and Settings\Sigurd\ntuser.ini

      Entries: 3 (0)
      Directories: 0 Files: 3
      Bytes: 5,271,730 Blocks: 10,297
      ======C:\WINDOWS\Downloaded Program Files====
      Entries: 0 (0)
      Directories: 0 Files: 0
      Bytes: 0 Blocks: 0
      =============



      Bedankt voor je hulp to zo ver

      Comment


      • #4
        Open een kladblokbestand.
        Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

        @ECHO OFF
        IF EXIST log.txt DEL log.txt
        ECHO Deleting files>>log.txt
        FOR %%g in (
        C:\WINDOWS\DUMP45c3.tmp
        C:\WINDOWS\DUMP469e.tmp
        C:\WINDOWS\DUMP4e20.tmp
        C:\WINDOWS\DUMP51d9.tmp
        C:\WINDOWS\System32\bavdgyfs.ini
        C:\WINDOWS\System32\cbwrsqct.ini
        C:\WINDOWS\System32\ckbslmwv.dll
        C:\WINDOWS\System32\daievond.ini
        C:\WINDOWS\System32\dxcxuqbh.dll
        C:\WINDOWS\System32\eefuogsh.dll
        C:\WINDOWS\System32\fnxiknsh.ini
        C:\WINDOWS\System32\hbquxcxd.ini
        C:\WINDOWS\System32\ifbpscnb.dll
        C:\WINDOWS\System32\itwqsdqm.dll
        C:\WINDOWS\System32\jnbouwiv.ini
        C:\WINDOWS\System32\lfdvljwg.ini
        C:\WINDOWS\System32\lwonxjfj.ini
        C:\WINDOWS\System32\mdrvnrou.ini
        C:\WINDOWS\System32\oovxqqgs.ini
        C:\WINDOWS\System32\qialdoyl.dll
        C:\WINDOWS\System32\QqXFNqru.ini
        C:\WINDOWS\System32\rffqrekm.dll
        C:\WINDOWS\System32\sfygdvab.dll
        C:\WINDOWS\System32\SySatm.dat
        C:\WINDOWS\System32\tcqsrwbc.dll
        C:\WINDOWS\System32\xmtcllej.dll) DO (
        DEL /Q %%gNUCIA
        IF EXIST %%g (
        ATTRIB -r -s -h %%g
        DEL %%g
        REN %%g *NUCIA
        IF EXIST %%gNUCIA (
        ECHO renamed to %%gNUCIA>>log.txt)
        IF EXIST %%g (
        ECHO %%g not deleted>>log.txt
        ) ELSE (
        ECHO %%g deleted>>log.txt)
        ) ELSE (
        ECHO %%g not found>>log.txt))
        START NOTEPAD.EXE log.txt

        Ga naar Bestand - Opslaan als.
        Bij "Opslaan in" kies je: Bureaublad
        Bij "Bestandsnaam" zet je: del.bat
        Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
        Klik op de knop Opslaan.

        Dubbelklik op del.bat en post de inhoud van de logfile die opent.

        Comment


        • #5
          Zo te zien is dat gelukt:

          Deleting files
          C:\WINDOWS\DUMP45c3.tmp deleted
          C:\WINDOWS\DUMP469e.tmp deleted
          C:\WINDOWS\DUMP4e20.tmp deleted
          C:\WINDOWS\DUMP51d9.tmp deleted
          C:\WINDOWS\System32\bavdgyfs.ini deleted
          C:\WINDOWS\System32\cbwrsqct.ini deleted
          C:\WINDOWS\System32\ckbslmwv.dll deleted
          C:\WINDOWS\System32\daievond.ini deleted
          C:\WINDOWS\System32\dxcxuqbh.dll deleted
          C:\WINDOWS\System32\eefuogsh.dll deleted
          C:\WINDOWS\System32\fnxiknsh.ini deleted
          C:\WINDOWS\System32\hbquxcxd.ini deleted
          C:\WINDOWS\System32\ifbpscnb.dll deleted
          C:\WINDOWS\System32\itwqsdqm.dll deleted
          C:\WINDOWS\System32\jnbouwiv.ini deleted
          C:\WINDOWS\System32\lfdvljwg.ini deleted
          C:\WINDOWS\System32\lwonxjfj.ini deleted
          C:\WINDOWS\System32\mdrvnrou.ini deleted
          C:\WINDOWS\System32\oovxqqgs.ini deleted
          C:\WINDOWS\System32\qialdoyl.dll deleted
          C:\WINDOWS\System32\QqXFNqru.ini deleted
          C:\WINDOWS\System32\rffqrekm.dll deleted
          C:\WINDOWS\System32\sfygdvab.dll deleted
          C:\WINDOWS\System32\SySatm.dat deleted
          C:\WINDOWS\System32\tcqsrwbc.dll deleted
          C:\WINDOWS\System32\xmtcllej.dll deleted


          What's next?

          Comment


          • #6
            Doe dit nog:

            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Post dan nog een logje van Hijackthis ter controle.

            Groeten smeenk

            Comment


            • #7
              Ok, ook dat is allemaal gelukt. HJT Log:

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 7:10:02 PM, on 5/24/2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16640)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\csrss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
              C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
              C:\Program Files\Spyware Doctor\pctsTray.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
              C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
              C:\Program Files\Spyware Doctor\pctsAuxs.exe
              C:\Program Files\Spyware Doctor\pctsSvc.exe
              C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\wdfmgr.exe
              C:\WINDOWS\System32\alg.exe
              C:\WINDOWS\system32\wbem\wmiprvse.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
              O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
              O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
              O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
              O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207780778545
              O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207781226390
              O17 - HKLM\System\CCS\Services\Tcpip\..\{1AA12E98-173A-4FF0-A1B6-8BE8064EA988}: NameServer = 217.149.196.6,217.149.192.6
              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
              O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
              O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
              O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
              O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
              O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
              O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

              --
              End of file - 4389 bytes

              Comment


              • #8
                Het ziet er weer prima uit

                Comment


                • #9
                  Geweldig! dankjewel voor de goede service

                  Comment


                  • #10
                    Graag gedaan hoor

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X