Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

spam & spam

Anoniem
None
12 antwoorden
  • Hoi, ik heb soms als ik op internet zit, terwijl ik op betrouwbare sites surf, last van plotseling opende vensters met daarin drivecleaner of wixawin ofzo. Nu mijn vraag: hoe dit op te lossen?


    Ik heb alvast een logje gemaakt:

    Logfile of HijackThis v1.99.1
    Scan saved at 15:37:06, on 6-6-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Grisoft\AVG Free\avgcc.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temporary Internet Files\Content.IE5\33ZLHJSE\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {35998EBB-32F6-4F7C-8360-73E3052F35C1} - C:\WINDOWS\system32\awvtt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\byfeclcx.dll (file missing)
    O2 - BHO: (no name) - {E5225210-F293-40FE-BB2F-D5A3C7F13C47} - C:\WINDOWS\system32\gebbbbx.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TrayServer] C:\Program Files\Magix\Video Deluxe\TrayServer.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\xqgxpqsx.dll",realset
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Translate with &Babylon - res://D:\Mijn documenten\Erik\Babylon\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: awvtt - C:\WINDOWS\system32\awvtt.dll
    O20 - Winlogon Notify: gebbbbx - C:\WINDOWS\SYSTEM32\gebbbbx.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe

  • Download [b:45e60ec7ed]VirtumundoBegone[/b:45e60ec7ed], sla dit op op je bureaublad.

    Dubbelklik op [b:45e60ec7ed]VirtumundoBeGone.exe[/b:45e60ec7ed] en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.

    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand [b:45e60ec7ed]VBG.TXT[/b:45e60ec7ed], dat nu op je bureaublad staat, hier in je volgende bericht.

    Download:
    Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.

    Er zal een schermpje openen, daarin zullen snel enkele regels voorbijkomen, daarna zal dit scherm vanzelf sluiten, dit is normaal.
    [b:45e60ec7ed]Mogelijk[/b:45e60ec7ed] start er ook een uninstaller van een rogue scanner op, [b:45e60ec7ed]sluit deze niet af[/b:45e60ec7ed] maar volg eventuele aanwijzingen en laat deze zijn werk doen.

    Daarna de [b:45e60ec7ed]PC herstarten[/b:45e60ec7ed] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken.
    Zoek daarna even het volgende bestand op C:\[b:45e60ec7ed]RVAXO-results.log[/b:45e60ec7ed]
    Dubbelklik dit bestand, het zal als een logje openen, post de inhoud in je volgende bericht tesamen met een logje van HijackThis.
  • [06/07/2007, 9:16:18] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Gebruier\Bureaublad\VirtumundoBeGone.exe" )
    [06/07/2007, 9:16:22] - Detected System Information:
    [06/07/2007, 9:16:22] - Windows Version: 5.1.2600, Service Pack 2
    [06/07/2007, 9:16:22] - Current Username: Gebruier (Admin)
    [06/07/2007, 9:16:22] - Windows is in NORMAL mode.
    [06/07/2007, 9:16:22] - Searching for Browser Helper Objects:
    [06/07/2007, 9:16:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [06/07/2007, 9:16:22] - BHO 2: {615CC55A-FEC5-407A-8F80-E57AC154B804} ()
    [06/07/2007, 9:16:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/07/2007, 9:16:22] - Checking for HKLM\…\Winlogon\Notify\awvtt
    [06/07/2007, 9:16:22] - Found: HKLM\…\Winlogon\Notify\awvtt - This is probably Virtumundo.
    [06/07/2007, 9:16:22] - Assigning {615CC55A-FEC5-407A-8F80-E57AC154B804} MSEvents Object
    [06/07/2007, 9:16:22] - BHO list has been changed! Starting over…
    [06/07/2007, 9:16:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [06/07/2007, 9:16:22] - BHO 2: {615CC55A-FEC5-407A-8F80-E57AC154B804} (MSEvents Object)
    [06/07/2007, 9:16:22] - ALERT: Found MSEvents Object!
    [06/07/2007, 9:16:22] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/07/2007, 9:16:22] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [06/07/2007, 9:16:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/07/2007, 9:16:22] - No filename found. Continuing.
    [06/07/2007, 9:16:22] - BHO 5: {92A444D2-F945-4dd9-89A1-896A6C2D8D22} ()
    [06/07/2007, 9:16:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/07/2007, 9:16:22] - Checking for HKLM\…\Winlogon\Notify\jocvndtg
    [06/07/2007, 9:16:22] - Key not found: HKLM\…\Winlogon\Notify\jocvndtg, continuing.
    [06/07/2007, 9:16:22] - BHO 6: {E5225210-F293-40FE-BB2F-D5A3C7F13C47} ()
    [06/07/2007, 9:16:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/07/2007, 9:16:22] - Checking for HKLM\…\Winlogon\Notify\gebbbbx
    [06/07/2007, 9:16:22] - Found: HKLM\…\Winlogon\Notify\gebbbbx - This is probably Virtumundo.
    [06/07/2007, 9:16:22] - Assigning {E5225210-F293-40FE-BB2F-D5A3C7F13C47} MSEvents Object
    [06/07/2007, 9:16:22] - BHO list has been changed! Starting over…
    [06/07/2007, 9:16:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [06/07/2007, 9:16:22] - BHO 2: {615CC55A-FEC5-407A-8F80-E57AC154B804} (MSEvents Object)
    [06/07/2007, 9:16:22] - ALERT: Found MSEvents Object!
    [06/07/2007, 9:16:22] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/07/2007, 9:16:22] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [06/07/2007, 9:16:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/07/2007, 9:16:22] - No filename found. Continuing.
    [06/07/2007, 9:16:22] - BHO 5: {92A444D2-F945-4dd9-89A1-896A6C2D8D22} ()
    [06/07/2007, 9:16:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/07/2007, 9:16:22] - Checking for HKLM\…\Winlogon\Notify\jocvndtg
    [06/07/2007, 9:16:22] - Key not found: HKLM\…\Winlogon\Notify\jocvndtg, continuing.
    [06/07/2007, 9:16:22] - BHO 6: {E5225210-F293-40FE-BB2F-D5A3C7F13C47} (MSEvents Object)
    [06/07/2007, 9:16:22] - ALERT: Found MSEvents Object!
    [06/07/2007, 9:16:22] - Finished Searching Browser Helper Objects
    [06/07/2007, 9:16:22] - *** Detected MSEvents Object
    [06/07/2007, 9:16:22] - Trying to remove MSEvents Object…
    [06/07/2007, 9:16:23] - Terminating Process: IEXPLORE.EXE
    [06/07/2007, 9:16:23] - Terminating Process: RUNDLL32.EXE
    [06/07/2007, 9:16:23] - Disabling Automatic Shell Restart
    [06/07/2007, 9:16:23] - Terminating Process: EXPLORER.EXE
    [06/07/2007, 9:16:24] - Suspending the NT Session Manager System Service
    [06/07/2007, 9:16:24] - Terminating Windows NT Logon/Logoff Manager
    [06/07/2007, 9:16:24] - Re-enabling Automatic Shell Restart
    [06/07/2007, 9:16:24] - File to disable: C:\WINDOWS\system32\awvtt.dll
    [06/07/2007, 9:16:24] - Renaming C:\WINDOWS\system32\awvtt.dll -> C:\WINDOWS\system32\awvtt.dll.vir
    [06/07/2007, 9:16:24] - File successfully renamed!
    [06/07/2007, 9:16:24] - Removing HKLM\…\Browser Helper Objects\{615CC55A-FEC5-407A-8F80-E57AC154B804}
    [06/07/2007, 9:16:24] - Removing HKCR\CLSID\{615CC55A-FEC5-407A-8F80-E57AC154B804}
    [06/07/2007, 9:16:24] - Adding Kill Bit for ActiveX for GUID: {615CC55A-FEC5-407A-8F80-E57AC154B804}
    [06/07/2007, 9:16:24] - Deleting ATLEvents/MSEvents Registry entries
    [06/07/2007, 9:16:24] - Removing HKLM\…\Winlogon\Notify\awvtt
    [06/07/2007, 9:16:24] - Searching for Browser Helper Objects:
    [06/07/2007, 9:16:24] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [06/07/2007, 9:16:24] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/07/2007, 9:16:24] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [06/07/2007, 9:16:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/07/2007, 9:16:24] - No filename found. Continuing.
    [06/07/2007, 9:16:24] - BHO 4: {92A444D2-F945-4dd9-89A1-896A6C2D8D22} ()
    [06/07/2007, 9:16:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/07/2007, 9:16:24] - Checking for HKLM\…\Winlogon\Notify\jocvndtg
    [06/07/2007, 9:16:24] - Key not found: HKLM\…\Winlogon\Notify\jocvndtg, continuing.
    [06/07/2007, 9:16:24] - BHO 5: {E5225210-F293-40FE-BB2F-D5A3C7F13C47} (MSEvents Object)
    [06/07/2007, 9:16:24] - ALERT: Found MSEvents Object!
    [06/07/2007, 9:16:24] - Finished Searching Browser Helper Objects
    [06/07/2007, 9:16:24] - *** Detected MSEvents Object
    [06/07/2007, 9:16:24] - Trying to remove MSEvents Object…
    [06/07/2007, 9:16:25] - Terminating Process: IEXPLORE.EXE
    [06/07/2007, 9:16:25] - Terminating Process: RUNDLL32.EXE
    [06/07/2007, 9:16:25] - Disabling Automatic Shell Restart
    [06/07/2007, 9:16:25] - Terminating Process: EXPLORER.EXE
    [06/07/2007, 9:16:25] - Suspending the NT Session Manager System Service
    [06/07/2007, 9:16:25] - Terminating Windows NT Logon/Logoff Manager
    [06/07/2007, 9:16:25] - Re-enabling Automatic Shell Restart
    [06/07/2007, 9:16:25] - File to disable: C:\WINDOWS\system32\gebbbbx.dll
    [06/07/2007, 9:16:25] - Renaming C:\WINDOWS\system32\gebbbbx.dll -> C:\WINDOWS\system32\gebbbbx.dll.vir
    [06/07/2007, 9:16:25] - File successfully renamed!
    [06/07/2007, 9:16:25] - Removing HKLM\…\Browser Helper Objects\{E5225210-F293-40FE-BB2F-D5A3C7F13C47}
    [06/07/2007, 9:16:26] - Removing HKCR\CLSID\{E5225210-F293-40FE-BB2F-D5A3C7F13C47}
    [06/07/2007, 9:16:26] - Adding Kill Bit for ActiveX for GUID: {E5225210-F293-40FE-BB2F-D5A3C7F13C47}
    [06/07/2007, 9:16:26] - Deleting ATLEvents/MSEvents Registry entries
    [06/07/2007, 9:16:26] - Removing HKLM\…\Winlogon\Notify\gebbbbx
    [06/07/2007, 9:16:26] - Searching for Browser Helper Objects:
    [06/07/2007, 9:16:26] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [06/07/2007, 9:16:26] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/07/2007, 9:16:26] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [06/07/2007, 9:16:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/07/2007, 9:16:26] - No filename found. Continuing.
    [06/07/2007, 9:16:26] - BHO 4: {92A444D2-F945-4dd9-89A1-896A6C2D8D22} ()
    [06/07/2007, 9:16:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/07/2007, 9:16:26] - Checking for HKLM\…\Winlogon\Notify\jocvndtg
    [06/07/2007, 9:16:26] - Key not found: HKLM\…\Winlogon\Notify\jocvndtg, continuing.
    [06/07/2007, 9:16:26] - Finished Searching Browser Helper Objects
    [06/07/2007, 9:16:26] - Finishing up…
    [06/07/2007, 9:16:26] - A restart is needed.
    [06/07/2007, 9:16:28] - Attempting to Restart via STOP error (Blue Screen!)

    ———————————–

    —————-RemoveVideoActiveXObject.exe first run————-

    Files found:

    C:\WINDOWS\system32\awvtt.dll.vir
    C:\WINDOWS\system32\gebbbbx.dll.vir
    C:\WINDOWS\system32\ttvwa.ini2
    C:\WINDOWS\system32\ttvwa.bak1
    C:\WINDOWS\system32\ttvwa.bak2
    C:\Documents and Settings\Gebruier\Local Settings\Temp\AutoRun.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temp\closedbgout.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temp\eauninstall.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temp\enableirsocketutil.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temp\iplus_setup.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temp\mgxfonts.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temp\protect.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temp\SendStats.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temp\Setup.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temp\SimCity 4_uninst.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temp\bye31.tmp\Disk1\setup.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temp\DivC.tmp\DivXInstaller.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temp\NeroDemo12550\NeroBar.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temp\NeroDemo12550\SetupX.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temp\NeroDemo12550\Toolbar.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temp\NeroDemo12550\Redist\WindowsInstaller-KB884016-v2-x86.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temp\NeroDemo12550\Redist\wmfdist.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temp\NeroDemo12550\Redist\wmfdist95.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temp\NeroDemo12550\Redist\DirectX\dxsetup.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temp\NeroDemo12550\Setup\NeroDelTmp.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temp\apmbmhnk.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\AutoRunGUI.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\binkw32.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\Core.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\Engine.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\IFC23.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\ihnpbcfw.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\InfoWindow.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\khtprhxv.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\msvci70.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\msvci70d.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\msvcirt.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\msvcp70.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\msvcp70d.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\msvcp71.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\msvcp71d.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\MSVCR70.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\MSVCR70d.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\MSVCR71.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\MSVCR71d.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\MSVCRt.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\ogg.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\ogg_d.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\protect.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\UbiStats.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\vorbis.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\vorbisfile.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\vorbisfile_d.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\vorbis_d.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\Window.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\ismp002\win32ppk.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\isp10.tmp\_Setup.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\isp2F.tmp\_Setup.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\Nero Web\Apatch.DLL
    C:\Documents and Settings\Gebruier\Local Settings\Temp\Nero Web\Unrar.DLL
    C:\Documents and Settings\Gebruier\Local Settings\Temp\NeroDemo12550\Redist\AReadyLB_Nero.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\NeroDemo12550\Redist\DirectX\DSETUP.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\NeroDemo12550\Redist\DirectX\dsetup32.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\NeroDemo12550\Setup\eulaver.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\NeroDemo12550\Setup\NPS.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp
    ro.tmp\AdvrCntr2.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp
    ro.tmp\ShellManager.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp
    ro.tmp\ShellManager10E2D762.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\CTCabEx.DLL
    C:\Documents and Settings\Gebruier\Local Settings\Temp\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\isrt.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\SetSoftSize.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\_IsRes.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\_IsUser.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\CTCabEx.DLL
    C:\Documents and Settings\Gebruier\Local Settings\Temp\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\isrt.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\SetSoftSize.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\_IsRes.dll
    C:\Documents and Settings\Gebruier\Local Settings\Temp\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\_IsUser.dll

    Uninstallers Rogue scanners:


    Folders Found:


    ————–RemoveVideoActiveXObject.exe last run—————

    Files found:


    Uninstallers Rogue scanners:


    Folders Found:

    ———————————————————–


    Logfile of HijackThis v1.99.1
    Scan saved at 15:16:54, on 7-6-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temporary Internet Files\Content.IE5\33ZLHJSE\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - C:\WINDOWS\system32\jocvndtg.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TrayServer] C:\Program Files\Magix\Video Deluxe\TrayServer.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Translate with &Babylon - res://D:\Mijn documenten\Erik\Babylon\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe




  • Doe de volgende stappen:

    1. Download ATF cleaner (gemaakt door Atribune)
    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:eff58ad4e3]Select All[/b:eff58ad4e3].
    Klik op de knop [b:eff58ad4e3]Empty Selected[/b:eff58ad4e3].

    Het volgende doen als je ook FireFox als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:eff58ad4e3]Select All[/b:eff58ad4e3].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
    Klik op de knop [b:eff58ad4e3]Empty Selected[/b:eff58ad4e3].

    Het volgende doen als je ook Opera als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij [b:eff58ad4e3]Select All[/b:eff58ad4e3].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:eff58ad4e3]Empty Selected[/b:eff58ad4e3].
    Ga naar het tabblad "Main" en klik op de knop [b:eff58ad4e3]Exit[/b:eff58ad4e3] om het programma af te sluiten.

    2. Download [b:eff58ad4e3]Dr.Web CureIt[/b:eff58ad4e3] naar je bureaublad:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    3. Start de computer in veilige modus.

    4. Dubbelklik [b:eff58ad4e3]drweb-cureit.exe[/b:eff58ad4e3] en sta het toe om de express scan te starten.
    Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    Eenmaal de korte scan is beeïndigd, Klik [b:eff58ad4e3]Options[/b:eff58ad4e3] > Change Settings
    Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
    Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
    Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    Klik daarna de [b:eff58ad4e3]groene pijl[/b:eff58ad4e3] rechts om de scan te starten.
    Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
    Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:eff58ad4e3]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:eff58ad4e3]
    Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:eff58ad4e3]Move incurable[/b:eff58ad4e3] zoals je zal zien in volgende afbeelding:
    [img:eff58ad4e3]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:eff58ad4e3]
    Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
    Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:eff58ad4e3]file[/b:eff58ad4e3] en kies [b:eff58ad4e3]save report list[/b:eff58ad4e3]. Bewaar de log op je bureaublad.
    Sluit daarna Dr.Web Cureit.

    5. [b:eff58ad4e3]Herstart[/b:eff58ad4e3] je computer in normale modus!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
    Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post tesamen met een logje van Hijackthis ;)
  • Logfile of HijackThis v1.99.1
    Scan saved at 17:35:48, on 7-6-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temporary Internet Files\Content.IE5\SPAQH437\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - C:\WINDOWS\system32\jocvndtg.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TrayServer] C:\Program Files\Magix\Video Deluxe\TrayServer.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Translate with &Babylon - res://D:\Mijn documenten\Erik\Babylon\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe

    VBAOL11.CHM\html/olobjAddressEntries.htm C:\Program Files\Microsoft Office\OFFICE11\1043\VBAOL11.CHM Modification of VBS.Petik
    VBAOL11.CHM C:\Program Files\Microsoft Office\OFFICE11\1043 Archive contains infected objects Moved.
    A0029470.exe C:\System Volume Information\_restore{E3D3D755-EBBC-485E-AA46-BBA58B42640F}\RP132 Trojan.DownLoader.22411 Deleted.
    A0029473.exe C:\System Volume Information\_restore{E3D3D755-EBBC-485E-AA46-BBA58B42640F}\RP132 Trojan.MulDrop.6428 Deleted.
    A0029686.dll C:\System Volume Information\_restore{E3D3D755-EBBC-485E-AA46-BBA58B42640F}\RP133 Trojan.Virtumod Deleted.
    A0029828.dll C:\System Volume Information\_restore{E3D3D755-EBBC-485E-AA46-BBA58B42640F}\RP133 Trojan.Virtumod Deleted.
    A0029829.dll C:\System Volume Information\_restore{E3D3D755-EBBC-485E-AA46-BBA58B42640F}\RP133 Trojan.Click.2485 Deleted.
    A0029963.dll C:\System Volume Information\_restore{E3D3D755-EBBC-485E-AA46-BBA58B42640F}\RP133 Trojan.Click.2485 Deleted.
    A0029965.dll C:\System Volume Information\_restore{E3D3D755-EBBC-485E-AA46-BBA58B42640F}\RP133 Trojan.Virtumod Deleted.
    A0029966.dll C:\System Volume Information\_restore{E3D3D755-EBBC-485E-AA46-BBA58B42640F}\RP133 Trojan.Virtumod Deleted.
    A0029979.dll C:\System Volume Information\_restore{E3D3D755-EBBC-485E-AA46-BBA58B42640F}\RP133 Trojan.Click.2485 Deleted.
    A0032058.dll C:\System Volume Information\_restore{E3D3D755-EBBC-485E-AA46-BBA58B42640F}\RP133 Trojan.Virtumod Deleted.
    A0032059.dll C:\System Volume Information\_restore{E3D3D755-EBBC-485E-AA46-BBA58B42640F}\RP133 Trojan.Virtumod Deleted.
    bytiqiob.exe C:\WINDOWS\system32 Trojan.Click.2485 Deleted.
    ekaljokx.exe C:\WINDOWS\system32 Trojan.Click.2485 Deleted.
    mkbgjsse.exe C:\WINDOWS\system32 Trojan.Click.2485 Deleted.
    mujboscx.exe C:\WINDOWS\system32 Trojan.Click.2485 Deleted.
    ppqbowgv.exe C:\WINDOWS\system32 Trojan.Click.2485 Deleted.
    vhnrsgvv.exe C:\WINDOWS\system32 Trojan.Click.2485 Deleted.
    xqgxpqsx.dll C:\WINDOWS\system32 Trojan.Virtumod Deleted.
    ynvlcibx.exe C:\WINDOWS\system32 Trojan.Click.2485 Deleted.

  • Download [b:99c995cbdf]Combofix[/b:99c995cbdf] naar je bureaublad.
    Dubbelklik [b:99c995cbdf]combofix.exe[/b:99c995cbdf]
    Volg de instructies.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix gedaan heeft en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    Groeten smeenk ;)
  • "Gebruier" - 2007-06-09 7:17:30 Service Pack 2 NTFS
    ComboFix 07-06-3B - Running from: "C:\Documents and Settings\Gebruier\Bureaublad\"


    ((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 )))))))))))))))))))))))))))))))


    2007-06-07 15:47 <DIR> d——– C:\DOCUME~1\Gebruier\DoctorWeb
    2007-06-07 15:14 32,888 –a—— C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
    2007-06-07 15:14 <DIR> d——– C:\WINDOWS\system32\RVAXO
    2007-06-06 19:05 55,316 –a—— C:\WINDOWS\system32\jocvndtg.dll
    2007-06-03 21:29 <DIR> d——– C:\Program Files\Total Video Converter
    2007-06-03 18:10 <DIR> d——– C:\Program Files\GPL MPEG Decoder
    2007-05-31 23:43 <DIR> d——– C:\Program Files\Common Files\Download Manager
    2007-05-31 08:44 823,296 –a—— C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-31 08:44 823,296 –a—— C:\WINDOWS\system32\divx_xx07.dll
    2007-05-31 08:44 802,816 –a—— C:\WINDOWS\system32\divx_xx11.dll
    2007-05-31 08:44 740,442 –a—— C:\WINDOWS\system32\DivX.dll


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-06 19:00:06 ——– d—–w C:\DOCUME~1\Gebruier\APPLIC~1\LimeWire
    2007-06-06 18:44:39 ——– d—–w C:\DOCUME~1\Gebruier\APPLIC~1\U3
    2007-06-06 16:55:11 188 —-a-w C:\WINDOWS\system32\eDataSecurity.dat
    2007-06-05 14:06:43 ——– d—–w C:\Program Files\DivX
    2007-06-03 19:29:29 ——– d—–w C:\DOCUME~1\Gebruier\APPLIC~1\uTorrent
    2007-06-01 07:28:18 ——– d—–w C:\Program Files\Winamp
    2007-05-31 06:45:07 524,288 —-a-w C:\WINDOWS\system32\DivXsm.exe
    2007-05-30 21:03:25 ——– d—–w C:\DOCUME~1\Gebruier\APPLIC~1\Babylon
    2007-05-17 13:12:25 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2007-05-04 18:50:08 ——– d—–w C:\Program Files\QuickTime
    2007-04-29 20:58:50 ——– d—–w C:\DOCUME~1\Gebruier\APPLIC~1\ArcSoft
    2007-04-29 20:55:26 ——– d—–w C:\Program Files\Web Products
    2007-04-29 20:55:26 ——– d—–w C:\Program Files\Registration
    2007-04-29 20:55:25 ——– d—–w C:\Program Files\ui
    2007-04-29 20:55:22 ——– d—–w C:\Program Files\SysAlbum
    2007-04-29 20:55:20 ——– d—–w C:\Program Files\Texture
    2007-04-29 20:55:17 ——– d—–w C:\Program Files\shapes
    2007-04-29 20:55:17 ——– d—–w C:\Program Files\Samples
    2007-04-29 20:55:16 ——– d—–w C:\Program Files\Edges
    2007-04-29 20:55:16 ——– d—–w C:\Program Files\animation
    2007-04-29 20:55:16 ——– d—–w C:\Program Files\albums
    2007-04-29 20:55:15 ——– d—–w C:\Program Files\Web
    2007-04-29 20:55:15 ——– d—–w C:\Program Files\Greeting
    2007-04-29 20:55:11 ——– d—–w C:\Program Files\Frames
    2007-04-29 20:54:59 ——– d—–w C:\Program Files\Fantasy
    2007-04-29 20:54:46 ——– d—–w C:\Program Files\Calendar
    2007-04-23 00:15:29 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-04-23 00:15:18 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
    2007-04-23 00:15:18 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
    2007-04-23 00:02:34 73,728 —-a-w C:\WINDOWS\system32\dpl100.dll
    2007-04-23 00:02:34 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2007-04-23 00:02:33 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-04-23 00:02:31 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-04-23 00:02:31 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2007-04-23 00:02:31 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2007-04-23 00:02:31 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2007-04-23 00:02:31 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2007-04-23 00:01:47 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-04-23 00:01:46 124,472 —-a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 —-a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
    2007-04-15 10:10:06 ——– d—–w C:\Program Files\MediaMonkey
    2007-04-11 19:05:38 ——– d—–w C:\Program Files\ACASystems
    2007-03-25 08:34:57 82,312 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-03-25 08:34:57 467,444 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-03-23 21:39:59 1,168 —-a-w C:\WINDOWS\mozver.dat
    2007-03-18 22:07:07 0 —-a-w C:\WINDOWS
    sreg.dat
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-14 19:32:29 249,856 ——w C:\WINDOWS\Setup1.exe
    2007-03-14 19:32:27 73,216 —-a-w C:\WINDOWS\ST6UNST.EXE


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 04:23]
    {92A444D2-F945-4dd9-89A1-896A6C2D8D22}=C:\WINDOWS\system32\jocvndtg.dll [2007-06-06 19:05]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32
    wiz.exe]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-02 20:58]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 20:05]
    "TrayServer"="C:\Program Files\Magix\Video Deluxe\TrayServer.exe" [2006-10-04 16:41]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 15:00]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
    "updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Acer Empowering Technology.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Acer Empowering Technology.lnk
    backup=C:\WINDOWS\pss\Acer Empowering Technology.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Acer WLAN 11g USB Dongle.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Acer WLAN 11g USB Dongle.lnk
    backup=C:\WINDOWS\pss\Acer WLAN 11g USB Dongle.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
    C:\WINDOWS\system32\SysMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
    D:\Mijn documenten\Erik\Babylon\Babylon.exe -AutoStart

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
    "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
    C:\WINDOWS\CTRegRun.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
    C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
    C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPlusAgent]
    "C:\Program Files\iriver\iriver plus\iAgent.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
    Alaunch

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
    tiMUI]
    c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7
    tiMUI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
    wiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    SkyTel.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
    C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
    AutoRun\command- L:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89f85ea0-0e03-11dc-875c-0019216797ec}]
    AutoRun\command- L:\LaunchU3.exe -a


    Contents of the 'Scheduled Tasks' folder
    2007-06-01 17:57:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    **************************************************************************

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-09 07:19:48
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-09 7:20:02

    — E O F —




  • Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
    [b:3352f15bf5]R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - C:\WINDOWS\system32\jocvndtg.dll [/b:3352f15bf5]
    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    [b:3352f15bf5]
  • zo op het eerste gezicht geen problemen



    Logfile of HijackThis v1.99.1
    Scan saved at 18:29:13, on 9-6-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Gebruier\Local Settings\Temporary Internet Files\Content.IE5\LW09Z988\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TrayServer] C:\Program Files\Magix\Video Deluxe\TrayServer.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Translate with &Babylon - res://D:\Mijn documenten\Erik\Babylon\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe

  • Logje is schoon :)
  • super bedankt!

    jullie hebben mij al vaak geholpen, daarom stuur ik al mijn vrienden als zij een probleempje hebben om ook eens naar deze site te gaan.

    Groeten, Jeroen
  • Graag gedaan hoor :)

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.