SSL-certificaat van Xolphin Powered by Cloud VPS - High Availability Cloud Servers Steun Nucia, doneer!
Pagina 1 van de 2 12 LaatsteLaatste
Resultaten 1 tot 20 van de 30
  1. #1

    Technische vaardigheid
    1. Starter
    Besturingssysteem
    Windows XP Media Center
    Antivirus
    McAfee
    Firewall
    McAfee
    Berichten
    17

    Ik heb spyware op mijn computer en kan het niet verwijderen!

    Hallo,

    Mijn broertje heeft onlangs een mail geopend en er is toen waarschijnlijk een mail/spyware op mijn computer geinstalleerd. Het gaat om het programma win spyware protect. Ik heb mijn computer gescand met mcafee, ad aware 2008 en spyware doctor maar de mail/spyware staat er nog steeds op.

    Ik hoop dat jullie mij kunnen helpen.

    Met vriendelijke groet,

    Satta

    Dit is mijn Hijack logfile:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:34:42, on 27-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\McAfee\MBK\MBackMonitor.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
    D:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\WINDOWS\system32\ctfmona.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vi.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O3 - Toolbar: atfxqogp - {9E6CD9DF-5EF9-40F4-84FA-C4842EB1F283} - C:\WINDOWS\atfxqogp.dll (file missing)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
    O4 - HKLM\..\Run: [advap32] D:\DOCUME~1\Ravish\LOCALS~1\Temp\rbnpsrv.exe/r
    O4 - HKLM\..\Run: [e0fe598a] rundll32.exe "C:\WINDOWS\system32\fulvikpv.dll",b
    O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP OfficeJet T Series Opstartmenu.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204449533890
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204455813906
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O21 - SSODL: vregfwlx - {576FC564-1ED1-4E7B-A576-B973414AFF6C} - C:\WINDOWS\vregfwlx.dll
    O21 - SSODL: KernelMon - {0edb91dc-441e-4a6a-bf46-decb18f48990} - C:\WINDOWS\Resources\KernelMon.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

    --
    End of file - 11210 bytes

  2. #2
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log

  3. #3

    Technische vaardigheid
    1. Starter
    Besturingssysteem
    Windows XP Media Center
    Antivirus
    McAfee
    Firewall
    McAfee
    Berichten
    17
    RVAXO-results

    ---RVAXO.exe Updated: 2008-05-27---first run---
    Uninstallers:

    Files found:
    C:\WINDOWS\system32\oVuFeMoq.ini2
    C:\WINDOWS\boqnrwdmstg.dll
    C:\WINDOWS\edwf.exe
    C:\WINDOWS\xmpstean.exe
    C:\WINDOWS\vregfwlx.dll
    C:\WINDOWS\vltdfabw.dll
    C:\WINDOWS\apunbegy.dll
    C:\WINDOWS\system32\clkcnt.txt
    C:\WINDOWS\system32\ctfmona.exe
    C:\WINDOWS\system32\ctfmonb.bmp
    C:\WINDOWS\system32\blackster.scr
    C:\WINDOWS\system32\WinCtrl32.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\WLCtrl32.dll

    Folders Found:

    Hosts-file was reset, If you use a custom hosts file please replace it...

    --------------RVAXO.exe last run---------------
    Not deleted items:
    C:\WINDOWS\system32\WLCtrl32.dll

    --------------RVAXO.exe finished----------------

    RVAXO-Vfind

    ======C:\WINDOWS====
    ----a-w 0 2008-05-27 20:01:59 C:\WINDOWS\0.log
    --s-a-w 2,048 2008-05-27 20:00:00 C:\WINDOWS\bootstat.dat
    ----a-w 307,463 2008-05-14 11:02:46 C:\WINDOWS\comsetup.log
    ----a-w 51,133 2008-05-14 11:02:46 C:\WINDOWS\ehOCGen.log
    ----a-w 925,663 2008-05-14 11:02:45 C:\WINDOWS\FaxSetup.log
    ----a-w 2,334 2008-05-14 17:12:27 C:\WINDOWS\HPOCSS05.INI
    ----a-w 228 2008-05-25 12:56:27 C:\WINDOWS\HPODJC05.INI
    ----a-w 551 2008-05-25 12:56:33 C:\WINDOWS\HPOTBX05.INI
    ----a-w 991,507 2008-05-14 11:02:46 C:\WINDOWS\iis6.log
    ----a-w 1,374 2008-05-14 11:02:46 C:\WINDOWS\imsins.log
    ----a-w 13,651 2008-05-14 11:02:46 C:\WINDOWS\KB950749.log
    ----a-w 111,373 2008-05-14 11:02:46 C:\WINDOWS\MedCtrOC.log
    ----a-w 4,246 2008-05-24 13:16:49 C:\WINDOWS\ModemLog_Sony Ericsson W810 USB WMC Data Modem.txt
    ----a-w 4,472 2008-05-24 13:16:49 C:\WINDOWS\ModemLog_Sony Ericsson W810 USB WMC Modem.txt
    ----a-w 45,676 2008-05-14 11:02:46 C:\WINDOWS\msgsocm.log
    ----a-w 275,886 2008-05-14 11:02:43 C:\WINDOWS\msmqinst.log
    ----a-w 69 2008-05-19 18:56:48 C:\WINDOWS\NeroDigital.ini
    ----a-w 172,867 2008-05-14 11:02:46 C:\WINDOWS\netfxocm.log
    ----a-w 131,724 2008-05-27 19:58:57 C:\WINDOWS\ntbtlog.txt
    ----a-w 184,952 2008-05-14 11:02:46 C:\WINDOWS\ntdtcsetup.log
    ----a-w 437,552 2008-05-14 11:02:46 C:\WINDOWS\ocgen.log
    ----a-w 56,083 2008-05-14 11:02:46 C:\WINDOWS\ocmsn.log
    ----a-w 103,943 2008-05-14 11:02:46 C:\WINDOWS\plusoc.log
    ---ha-w 54,156 2008-05-27 19:38:08 C:\WINDOWS\QTFont.qfn
    ----a-w 32,400 2008-05-27 19:45:34 C:\WINDOWS\SchedLgU.Txt
    ----a-w 413,980 2008-05-25 20:07:36 C:\WINDOWS\setupapi.log
    ----a-w 46,389 2008-05-14 11:02:46 C:\WINDOWS\tabletoc.log
    ----a-w 419,297 2008-05-14 11:02:46 C:\WINDOWS\tsoc.log
    ----a-w 4 2008-05-27 19:40:15 C:\WINDOWS\Twain001.Mtx
    ----a-w 159 2008-05-27 20:01:30 C:\WINDOWS\wiadebug.log
    ----a-w 49 2008-05-27 20:01:19 C:\WINDOWS\wiaservc.log
    ----a-w 1,840,770 2008-05-27 19:45:29 C:\WINDOWS\WindowsUpdate.log
    ----a-w 72,555 2008-05-23 14:45:38 C:\WINDOWS\wmsetup.log

    Entries: 33 (31)
    Directories: 0 Files: 33
    Bytes: 6,704,554 Blocks: 13,111
    ======C:\WINDOWS\system32=====
    ----a-w 107,888 2008-05-08 10:26:53 C:\WINDOWS\System32\CmdLineExt.dll
    ----a-w 32,192 2008-05-27 19:45:32 C:\WINDOWS\System32\Config.MPF
    ----a-w 1,553,344 2008-05-18 12:31:32 C:\WINDOWS\System32\FNTCACHE.DAT
    ----a-w 90,624 2008-05-25 15:37:19 C:\WINDOWS\System32\fulvikpv.dll
    ----a-w 84 2008-05-27 20:01:52 C:\WINDOWS\System32\ikhcore.cfg
    ----a-w 12,632 2008-05-16 09:58:04 C:\WINDOWS\System32\lsdelete.exe
    ----a-w 16,863,864 2008-05-09 21:35:04 C:\WINDOWS\System32\MRT.exe
    --sha-w 4,752 2008-05-27 20:09:44 C:\WINDOWS\System32\oVuFeMoq.ini
    --sha-w 4,752 2008-05-27 20:09:29 C:\WINDOWS\System32\oVuFeMoq.ini2
    ----a-w 72,960 2008-05-26 22:35:21 C:\WINDOWS\System32\perfc009.dat
    ----a-w 93,218 2008-05-26 22:35:21 C:\WINDOWS\System32\perfc013.dat
    ----a-w 446,006 2008-05-26 22:35:21 C:\WINDOWS\System32\perfh009.dat
    ----a-w 514,242 2008-05-26 22:35:21 C:\WINDOWS\System32\perfh013.dat
    ----a-w 1,140,898 2008-05-26 22:35:21 C:\WINDOWS\System32\PerfStringBackup.INI
    ----a-w 318,336 2008-05-25 15:35:41 C:\WINDOWS\System32\qoMeFuVo.dll
    ----a-w 827,634 2008-05-27 06:12:36 C:\WINDOWS\System32\RVAXO.bat
    ----a-w 29,312 2008-05-25 14:30:56 C:\WINDOWS\System32\urqPiIxY.dll
    --sh--w 1,157,178 2008-05-27 19:43:50 C:\WINDOWS\System32\vpkivluf.ini
    ----a-w 14,336 2008-05-27 20:00:00 C:\WINDOWS\System32\WinCtrl32.dllRVAXO
    ----a-w 12,288 2008-05-27 20:00:00 C:\WINDOWS\System32\WLCtrl32.dll
    ----a-w 13,646 2008-05-18 12:31:16 C:\WINDOWS\System32\wpa.dbl

    Entries: 21 (18)
    Directories: 0 Files: 21
    Bytes: 23,310,186 Blocks: 45,538
    ======C:\WINDOWS\system32\drivers=====
    ----a-w 12,960 2008-04-29 09:19:50 C:\WINDOWS\System32\drivers\Awrtpd.sys
    ----a-w 15,648 2008-04-29 09:19:54 C:\WINDOWS\System32\drivers\Awrtrd.sys
    ----a-w 29,056 2008-05-26 20:02:40 C:\WINDOWS\System32\drivers\naA55.sys
    ----a-w 15,648 2008-04-29 09:20:00 C:\WINDOWS\System32\drivers\NSDriver.sys
    ----a-w 27,008 2008-05-26 20:23:04 C:\WINDOWS\System32\drivers\Rem07.sys

    Entries: 5 (5)
    Directories: 0 Files: 5
    Bytes: 100,320 Blocks: 198
    =======C:\Program Files=====
    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    =======D:=====
    ----a-w 639 2008-05-27 19:58:21 D:\firstrun6.log

    Entries: 1 (1)
    Directories: 0 Files: 1
    Bytes: 639 Blocks: 2
    ======D:\Documenten en settings\Ravish\Application Data======
    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    ======D:\Documenten en settings\Ravish======
    ---ha-w 3,407,872 2008-05-27 19:59:00 D:\Documenten en settings\Ravish\NTUSER.DAT
    ---ha-w 36,864 2008-05-27 20:09:15 D:\Documenten en settings\Ravish\NtUser.dat.LOG
    --sh--w 188 2008-05-27 19:45:27 D:\Documenten en settings\Ravish\ntuser.ini
    ----a-w 600 2008-05-25 15:46:12 D:\Documenten en settings\Ravish\PUTTY.RND

    Entries: 4 (1)
    Directories: 0 Files: 4
    Bytes: 3,445,524 Blocks: 6,731
    ======C:\WINDOWS\Downloaded Program Files====
    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    =============

  4. #4
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

    @ECHO OFF
    IF EXIST log.txt DEL log.txt
    sc stop naA55
    sc delete naA55
    remove C:\WINDOWS\System32\drivers\naA55.sys C:\RVAXO\naA55.sys
    ECHO Deleting files>>log.txt
    FOR %%g in (
    C:\WINDOWS\System32\fulvikpv.dll
    C:\WINDOWS\System32\ikhcore.cfg
    C:\WINDOWS\System32\oVuFeMoq.ini
    C:\WINDOWS\System32\oVuFeMoq.ini2
    C:\WINDOWS\System32\qoMeFuVo.dll
    C:\WINDOWS\System32\urqPiIxY.dll
    C:\WINDOWS\System32\vpkivluf.ini
    C:\WINDOWS\System32\WinCtrl32.dllRVAXO
    C:\WINDOWS\System32\drivers\naA55.sys
    C:\WINDOWS\System32\WLCtrl32.dl_
    C:\WINDOWS\System32\WLCtrl32.dll) DO (
    DEL /Q %%gNUCIA
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    REN %%g *NUCIA
    IF EXIST %%gNUCIA (
    ECHO renamed to %%gNUCIA>>log.txt)
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    sc stop naA55
    sc delete naA55
    START NOTEPAD.EXE log.txt

    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.

    Dubbelklik op del.bat en post de inhoud van de logfile die opent.
    Laatst gewijzigd door smeenk; 28-05-08 om 20:11.

  5. #5

    Technische vaardigheid
    1. Starter
    Besturingssysteem
    Windows XP Media Center
    Antivirus
    McAfee
    Firewall
    McAfee
    Berichten
    17
    del.bat-log

    Deleting files
    C:\WINDOWS\System32\fulvikpv.dll not found
    C:\WINDOWS\System32\ikhcore.cfg deleted
    C:\WINDOWS\System32\MRT.exe deleted
    C:\WINDOWS\System32\oVuFeMoq.ini deleted
    C:\WINDOWS\System32\oVuFeMoq.ini2 deleted
    C:\WINDOWS\System32\qoMeFuVo.dll not deleted
    C:\WINDOWS\System32\urqPiIxY.dll not deleted
    C:\WINDOWS\System32\vpkivluf.ini deleted
    C:\WINDOWS\System32\WinCtrl32.dllRVAXO deleted
    C:\WINDOWS\System32\drivers\naA55.sys not deleted
    C:\WINDOWS\System32\WLCtrl32.dl_ not found
    renamed to C:\WINDOWS\System32\WLCtrl32.dllNUCIA
    C:\WINDOWS\System32\WLCtrl32.dll deleted

  6. #6
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Download IceSword en unzip het naar je bureaublad in een map.
    - Open die map, dubbelklik op het "Sword icon" om IceSword te starten.
    - Links klik je op file.
    - Kies nu deze computer in icesword en navigeer naar dit bestand:

    C:\WINDOWS\System32\drivers\naA55.sys

    - Rechtsklik er op en kies voor delete.

    - Doe dit ook voor:

    C:\WINDOWS\System32\WLCtrl32.dllNUCIA

    Herstart je PC en post een nieuw logje van Hijackthis

  7. #7

    Technische vaardigheid
    1. Starter
    Besturingssysteem
    Windows XP Media Center
    Antivirus
    McAfee
    Firewall
    McAfee
    Berichten
    17
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:47:46, on 28-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\McAfee\MBK\MBackMonitor.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
    D:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\imapi.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O3 - Toolbar: atfxqogp - {9E6CD9DF-5EF9-40F4-84FA-C4842EB1F283} - C:\WINDOWS\atfxqogp.dll (file missing)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [e0fe598a] rundll32.exe "C:\WINDOWS\system32\quxpvodu.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP OfficeJet T Series Opstartmenu.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204449533890
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204455813906
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O21 - SSODL: KernelMon - {0edb91dc-441e-4a6a-bf46-decb18f48990} - C:\WINDOWS\Resources\KernelMon.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

    --
    End of file - 10843 bytes

  8. #8
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Download Malwarebytes' Anti-Malware via hier of hier.

    Dubbelklik mbam-setup.exe om het programma te installeren.
    • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
    • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
    • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
    • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
    • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw logje van Hijackthis.
    Extra opmerking:
    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

  9. #9

    Technische vaardigheid
    1. Starter
    Besturingssysteem
    Windows XP Media Center
    Antivirus
    McAfee
    Firewall
    McAfee
    Berichten
    17
    Malwarebytes' Anti-Malware 1.12
    Database versie: 795

    Scan type: Snelle Scan
    Objecten gescand: 46761
    Verstreken tijd: 1 hour(s), 2 minute(s), 9 second(s)

    Geheugenprocessen ge´nfecteerd: 0
    Geheugenmodulen ge´nfecteerd: 6
    Registersleutels ge´nfecteerd: 32
    Registerwaarden ge´nfecteerd: 8
    Registerdata bestanden ge´nfecteerd: 2
    Mappen ge´nfecteerd: 6
    Bestanden ge´nfecteerd: 16

    Geheugenprocessen ge´nfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen ge´nfecteerd:
    C:\WINDOWS\system32\qoMeFuVo.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\quxpvodu.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Unloaded module successfully.
    C:\WINDOWS\Resources\KernelMon.dll (Trojan.Clicker) -> Unloaded module successfully.
    C:\WINDOWS\system32\WLCtrl32.dll (Trojan.Agent) -> Unloaded module successfully.
    C:\WINDOWS\system32\urqPiIxY.dll (Trojan.Vundo) -> Unloaded module successfully.

    Registersleutels ge´nfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cab0a5f4-2a25-4972-8abf-3885d2b67db4} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{cab0a5f4-2a25-4972-8abf-3885d2b67db4} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\Interface\{e18c3daf-9841-4340-afe9-27ab400650ab} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{e48c3daf-9841-4345-afe9-27ab400650ab} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\atfxqogp.bsog (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\atfxqogp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9e6cd9df-5ef9-40f4-84fa-c4842eb1f283} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b33b96b9-e0c2-4648-9819-a38ddcafa33c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b33b96b9-e0c2-4648-9819-a38ddcafa33c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{de4a7692-b2cb-4d1a-9956-76a8a028caa0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{1c2a0cbe-9c8b-49f3-9e56-bd989db7e8c3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{14a9da84-0c80-4520-8452-f5c7c911a003} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3177b0aa-7c67-46b4-ba02-574d7e368d4f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{890f3f83-dca0-42a9-935e-dd01e78970b8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bho.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{616d534c-3ca8-43ab-b439-618f850f1d2b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Agent) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{0edb91dc-441e-4a6a-bf46-decb18f48990} (Trojan.Clicker) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WLCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{48f0b738-34a6-4113-b966-33c4ef85bcd9} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48f0b738-34a6-4113-b966-33c4ef85bcd9} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqpiixy (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registerwaarden ge´nfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e0fe598a (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9e6cd9df-5ef9-40f4-84fa-c4842eb1f283} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\Wallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\KernelMon (Trojan.Clicker) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{48f0b738-34a6-4113-b966-33c4ef85bcd9} (Trojan.Vundo) -> Delete on reboot.

    Registerdata bestanden ge´nfecteerd:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomefuvo -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomefuvo -> Delete on reboot.

    Mappen ge´nfecteerd:
    D:\Documenten en settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
    D:\Documenten en settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect (Rogue.MalWarrior) -> Quarantined and deleted successfully.
    D:\Documenten en settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\BASE (Rogue.MalWarrior) -> Quarantined and deleted successfully.
    D:\Documenten en settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\DELETED (Rogue.MalWarrior) -> Quarantined and deleted successfully.
    D:\Documenten en settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG (Rogue.MalWarrior) -> Quarantined and deleted successfully.
    D:\Documenten en settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\SAVED (Rogue.MalWarrior) -> Quarantined and deleted successfully.

    Bestanden ge´nfecteerd:
    C:\WINDOWS\system32\qoMeFuVo.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\oVuFeMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\oVuFeMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\quxpvodu.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\udovpxuq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    D:\Documenten en settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe (Rogue.MalWarrior) -> Quarantined and deleted successfully.
    D:\Documenten en settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080525173153453.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
    D:\Documenten en settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080525194413515.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
    D:\Documenten en settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080526092925781.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
    D:\Documenten en settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080526185418500.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
    D:\Documenten en settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080526213156578.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\Resources\KernelMon.dll (Trojan.Clicker) -> Delete on reboot.
    C:\WINDOWS\system32\WLCtrl32.dl_ (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\WLCtrl32.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\urqPiIxY.dll (Trojan.Vundo) -> Delete on reboot.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:48:26, on 29-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
    D:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\McAfee\MBK\MBackMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
    O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP OfficeJet T Series Opstartmenu.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204449533890
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204455813906
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

    --
    End of file - 11749 bytes

  10. #10
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Download dit bestand: zoek.exe
    Dubbelklik het, na een tijdje opent er een logje.
    Post de inhoud van dit logje in je volgende bericht

  11. #11

    Technische vaardigheid
    1. Starter
    Besturingssysteem
    Windows XP Media Center
    Antivirus
    McAfee
    Firewall
    McAfee
    Berichten
    17
    Zoek-log

    ======C:\WINDOWS====
    ----a-w 0 2008-05-29 16:30:25 C:\WINDOWS\0.log
    --s-a-w 2,048 2008-05-29 16:28:57 C:\WINDOWS\bootstat.dat
    ----a-w 307,463 2008-05-14 11:02:46 C:\WINDOWS\comsetup.log
    ----a-w 51,133 2008-05-14 11:02:46 C:\WINDOWS\ehOCGen.log
    ----a-w 925,663 2008-05-14 11:02:45 C:\WINDOWS\FaxSetup.log
    ----a-w 2,334 2008-05-14 17:12:27 C:\WINDOWS\HPOCSS05.INI
    ----a-w 228 2008-05-25 12:56:27 C:\WINDOWS\HPODJC05.INI
    ----a-w 551 2008-05-25 12:56:33 C:\WINDOWS\HPOTBX05.INI
    ----a-w 991,507 2008-05-14 11:02:46 C:\WINDOWS\iis6.log
    ----a-w 1,374 2008-05-14 11:02:46 C:\WINDOWS\imsins.log
    ----a-w 13,651 2008-05-14 11:02:46 C:\WINDOWS\KB950749.log
    ----a-w 111,373 2008-05-14 11:02:46 C:\WINDOWS\MedCtrOC.log
    ----a-w 4,246 2008-05-24 13:16:49 C:\WINDOWS\ModemLog_Sony Ericsson W810 USB WMC Data Modem.txt
    ----a-w 4,472 2008-05-24 13:16:49 C:\WINDOWS\ModemLog_Sony Ericsson W810 USB WMC Modem.txt
    ----a-w 45,676 2008-05-14 11:02:46 C:\WINDOWS\msgsocm.log
    ----a-w 275,886 2008-05-14 11:02:43 C:\WINDOWS\msmqinst.log
    ----a-w 69 2008-05-19 18:56:48 C:\WINDOWS\NeroDigital.ini
    ----a-w 172,867 2008-05-14 11:02:46 C:\WINDOWS\netfxocm.log
    ----a-w 131,724 2008-05-27 19:58:57 C:\WINDOWS\ntbtlog.txt
    ----a-w 184,952 2008-05-14 11:02:46 C:\WINDOWS\ntdtcsetup.log
    ----a-w 437,552 2008-05-14 11:02:46 C:\WINDOWS\ocgen.log
    ----a-w 56,083 2008-05-14 11:02:46 C:\WINDOWS\ocmsn.log
    ----a-w 103,943 2008-05-14 11:02:46 C:\WINDOWS\plusoc.log
    ---ha-w 54,156 2008-05-29 16:29:35 C:\WINDOWS\QTFont.qfn
    ----a-w 32,400 2008-05-27 19:45:34 C:\WINDOWS\SchedLgU.Txt
    ----a-w 416,959 2008-05-28 05:44:00 C:\WINDOWS\setupapi.log
    ----a-w 46,389 2008-05-14 11:02:46 C:\WINDOWS\tabletoc.log
    ----a-w 419,297 2008-05-14 11:02:46 C:\WINDOWS\tsoc.log
    ----a-w 4 2008-05-29 16:29:55 C:\WINDOWS\Twain001.Mtx
    ----a-w 159 2008-05-29 16:29:49 C:\WINDOWS\wiadebug.log
    ----a-w 49 2008-05-29 16:29:43 C:\WINDOWS\wiaservc.log
    ----a-w 1,881,623 2008-05-29 16:31:23 C:\WINDOWS\WindowsUpdate.log
    ----a-w 72,555 2008-05-23 14:45:38 C:\WINDOWS\wmsetup.log

    Entries: 33 (31)
    Directories: 0 Files: 33
    Bytes: 6,748,386 Blocks: 13,197
    ======C:\WINDOWS\system32=====
    ----a-w 0 2008-05-28 05:19:16 C:\WINDOWS\System32\clkcnt.txt
    ----a-w 107,888 2008-05-08 10:26:53 C:\WINDOWS\System32\CmdLineExt.dll
    ----a-w 33,198 2008-05-29 16:31:11 C:\WINDOWS\System32\Config.MPF
    ----a-w 1,553,344 2008-05-18 12:31:32 C:\WINDOWS\System32\FNTCACHE.DAT
    ----a-w 84 2008-05-29 16:30:20 C:\WINDOWS\System32\ikhcore.cfg
    ----a-w 12,632 2008-05-16 09:58:04 C:\WINDOWS\System32\lsdelete.exe
    ----a-w 143 2008-05-28 22:41:08 C:\WINDOWS\System32\mcrh.tmp
    --sha-w 182,512 2008-05-28 22:41:03 C:\WINDOWS\System32\oVuFeMoq.ini
    ----a-w 72,960 2008-05-28 05:43:36 C:\WINDOWS\System32\perfc009.dat
    ----a-w 93,218 2008-05-28 05:43:36 C:\WINDOWS\System32\perfc013.dat
    ----a-w 446,006 2008-05-28 05:43:36 C:\WINDOWS\System32\perfh009.dat
    ----a-w 514,242 2008-05-28 05:43:36 C:\WINDOWS\System32\perfh013.dat
    ----a-w 1,140,898 2008-05-28 05:43:35 C:\WINDOWS\System32\PerfStringBackup.INI
    ------w 318,336 2008-05-28 22:39:12 C:\WINDOWS\System32\qoMeFuVo.dll
    ------w 96,256 2008-05-28 22:39:12 C:\WINDOWS\System32\quxpvodu.dll
    ----a-w 827,634 2008-05-27 06:12:36 C:\WINDOWS\System32\RVAXO.bat
    ------w 29,312 2008-05-28 22:39:13 C:\WINDOWS\System32\urqPiIxY.dll
    ----a-w 14,336 2008-05-29 16:28:56 C:\WINDOWS\System32\WinCtrl32.dll
    ----a-w 12,288 2008-05-29 16:28:56 C:\WINDOWS\System32\WLCtrl32.dll
    ----a-w 13,646 2008-05-18 12:31:16 C:\WINDOWS\System32\wpa.dbl

    Entries: 20 (19)
    Directories: 0 Files: 20
    Bytes: 5,468,933 Blocks: 10,690
    ======C:\WINDOWS\system32\drivers=====
    ----a-w 12,960 2008-04-29 09:19:50 C:\WINDOWS\System32\drivers\Awrtpd.sys
    ----a-w 15,648 2008-04-29 09:19:54 C:\WINDOWS\System32\drivers\Awrtrd.sys
    ----a-w 29,056 2008-05-28 22:56:22 C:\WINDOWS\System32\drivers\kfN07.sys
    ----a-w 15,864 2008-05-05 18:46:32 C:\WINDOWS\System32\drivers\mbam.sys
    ----a-w 27,048 2008-05-05 18:46:36 C:\WINDOWS\System32\drivers\mbamcatchme.sys
    ----a-w 15,648 2008-04-29 09:20:00 C:\WINDOWS\System32\drivers\NSDriver.sys
    ----a-w 27,008 2008-05-28 22:10:14 C:\WINDOWS\System32\drivers\Rem07.sys

    Entries: 7 (7)
    Directories: 0 Files: 7
    Bytes: 143,232 Blocks: 282
    =======C:\Program Files=====
    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    =======D:=====
    ----a-w 639 2008-05-27 19:58:21 D:\firstrun6.log

    Entries: 1 (1)
    Directories: 0 Files: 1
    Bytes: 639 Blocks: 2
    ======D:\Documenten en settings\Ravish\Application Data======
    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    ======D:\Temp======
    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    ======D:\Documenten en settings\Ravish======
    ---ha-w 3,407,872 2008-05-28 23:24:38 D:\Documenten en settings\Ravish\NTUSER.DAT
    ---ha-w 114,688 2008-05-29 16:33:49 D:\Documenten en settings\Ravish\NtUser.dat.LOG
    --sh--w 188 2008-05-28 23:24:14 D:\Documenten en settings\Ravish\ntuser.ini
    ----a-w 600 2008-05-25 15:46:12 D:\Documenten en settings\Ravish\PUTTY.RND

    Entries: 4 (1)
    Directories: 0 Files: 4
    Bytes: 3,523,348 Blocks: 6,883
    ======C:\WINDOWS\Downloaded Program Files====
    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    =============

  12. #12

    Technische vaardigheid
    1. Starter
    Besturingssysteem
    Windows XP Media Center
    Antivirus
    McAfee
    Firewall
    McAfee
    Berichten
    17
    Ik heb ad-Aware een scan laten uitvoeren en die heeft de volgende trojan gevonden.
    WIN32.TrojanDownloader.Mutant.
    Ik heb Ad-Aware het laten verwijderen maar telkens als ik mijn computer opnieuw opstart is die trojan er nog steeds.

  13. #13
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Door de acties met Ad-aware kan er wat gewijzigd zijn.
    Maak daarom een nieuw logje met zoek.exe en post dat in je volgende bericht.

  14. #14

    Technische vaardigheid
    1. Starter
    Besturingssysteem
    Windows XP Media Center
    Antivirus
    McAfee
    Firewall
    McAfee
    Berichten
    17
    ======C:\WINDOWS====
    ----a-w 0 2008-05-29 18:43:57 C:\WINDOWS\0.log
    --s-a-w 2,048 2008-05-29 18:42:20 C:\WINDOWS\bootstat.dat
    ----a-w 309,520 2008-05-29 17:38:30 C:\WINDOWS\comsetup.log
    ----a-w 51,471 2008-05-29 17:38:30 C:\WINDOWS\ehOCGen.log
    ----a-w 931,822 2008-05-29 17:38:29 C:\WINDOWS\FaxSetup.log
    ----a-w 2,334 2008-05-14 17:12:27 C:\WINDOWS\HPOCSS05.INI
    ----a-w 228 2008-05-25 12:56:27 C:\WINDOWS\HPODJC05.INI
    ----a-w 551 2008-05-25 12:56:33 C:\WINDOWS\HPOTBX05.INI
    ----a-w 998,344 2008-05-29 17:38:30 C:\WINDOWS\iis6.log
    ----a-w 1,374 2008-05-14 11:02:46 C:\WINDOWS\imsins.BAK
    ----a-w 1,374 2008-05-29 17:38:30 C:\WINDOWS\imsins.log
    ----a-w 11,096 2008-05-29 17:38:30 C:\WINDOWS\KB932823-v3.log
    ----a-w 13,651 2008-05-14 11:02:46 C:\WINDOWS\KB950749.log
    ----a-w 111,803 2008-05-29 17:38:30 C:\WINDOWS\MedCtrOC.log
    ----a-w 4,246 2008-05-24 13:16:49 C:\WINDOWS\ModemLog_Sony Ericsson W810 USB WMC Data Modem.txt
    ----a-w 4,472 2008-05-24 13:16:49 C:\WINDOWS\ModemLog_Sony Ericsson W810 USB WMC Modem.txt
    ----a-w 45,985 2008-05-29 17:38:30 C:\WINDOWS\msgsocm.log
    ----a-w 277,790 2008-05-29 17:38:27 C:\WINDOWS\msmqinst.log
    ----a-w 69 2008-05-19 18:56:48 C:\WINDOWS\NeroDigital.ini
    ----a-w 173,950 2008-05-29 17:38:30 C:\WINDOWS\netfxocm.log
    ----a-w 131,724 2008-05-27 19:58:57 C:\WINDOWS\ntbtlog.txt
    ----a-w 186,199 2008-05-29 17:38:30 C:\WINDOWS\ntdtcsetup.log
    ----a-w 440,468 2008-05-29 17:38:30 C:\WINDOWS\ocgen.log
    ----a-w 56,469 2008-05-29 17:38:30 C:\WINDOWS\ocmsn.log
    ----a-w 104,632 2008-05-29 17:38:30 C:\WINDOWS\plusoc.log
    ---ha-w 54,156 2008-05-29 18:42:58 C:\WINDOWS\QTFont.qfn
    ----a-w 32,400 2008-05-27 19:45:34 C:\WINDOWS\SchedLgU.Txt
    ----a-w 416,959 2008-05-28 05:44:00 C:\WINDOWS\setupapi.log
    ----a-w 46,700 2008-05-29 17:38:30 C:\WINDOWS\tabletoc.log
    ----a-w 422,118 2008-05-29 17:38:30 C:\WINDOWS\tsoc.log
    ----a-w 4 2008-05-29 18:43:10 C:\WINDOWS\Twain001.Mtx
    ----a-w 159 2008-05-29 18:43:21 C:\WINDOWS\wiadebug.log
    ----a-w 49 2008-05-29 18:43:12 C:\WINDOWS\wiaservc.log
    ----a-w 1,946,447 2008-05-29 18:44:41 C:\WINDOWS\WindowsUpdate.log
    ----a-w 72,555 2008-05-23 14:45:38 C:\WINDOWS\wmsetup.log

    Entries: 35 (33)
    Directories: 0 Files: 35
    Bytes: 6,853,167 Blocks: 13,402
    ======C:\WINDOWS\system32=====
    ----a-w 0 2008-05-28 05:19:16 C:\WINDOWS\System32\clkcnt.txt
    ----a-w 107,888 2008-05-08 10:26:53 C:\WINDOWS\System32\CmdLineExt.dll
    ----a-w 33,324 2008-05-29 18:44:21 C:\WINDOWS\System32\Config.MPF
    ----a-w 1,553,344 2008-05-18 12:31:32 C:\WINDOWS\System32\FNTCACHE.DAT
    ----a-w 84 2008-05-29 18:43:51 C:\WINDOWS\System32\ikhcore.cfg
    ----a-w 12,632 2008-05-16 09:58:04 C:\WINDOWS\System32\lsdelete.exe
    ----a-w 143 2008-05-28 22:41:08 C:\WINDOWS\System32\mcrh.tmp
    ----a-w 72,960 2008-05-28 05:43:36 C:\WINDOWS\System32\perfc009.dat
    ----a-w 93,218 2008-05-28 05:43:36 C:\WINDOWS\System32\perfc013.dat
    ----a-w 446,006 2008-05-28 05:43:36 C:\WINDOWS\System32\perfh009.dat
    ----a-w 514,242 2008-05-28 05:43:36 C:\WINDOWS\System32\perfh013.dat
    ----a-w 1,140,898 2008-05-28 05:43:35 C:\WINDOWS\System32\PerfStringBackup.INI
    ------w 96,256 2008-05-28 22:39:12 C:\WINDOWS\System32\quxpvodu.dll
    ----a-w 827,634 2008-05-27 06:12:36 C:\WINDOWS\System32\RVAXO.bat
    ------w 29,312 2008-05-28 22:39:13 C:\WINDOWS\System32\urqPiIxY.dll
    ----a-w 14,336 2008-05-29 18:42:19 C:\WINDOWS\System32\WinCtrl32.dll
    ----a-w 12,288 2008-05-29 18:42:19 C:\WINDOWS\System32\WLCtrl32.dll
    ----a-w 13,646 2008-05-18 12:31:16 C:\WINDOWS\System32\wpa.dbl

    Entries: 18 (18)
    Directories: 0 Files: 18
    Bytes: 4,968,211 Blocks: 9,712
    ======C:\WINDOWS\system32\drivers=====
    ----a-w 12,960 2008-04-29 09:19:50 C:\WINDOWS\System32\drivers\Awrtpd.sys
    ----a-w 15,648 2008-04-29 09:19:54 C:\WINDOWS\System32\drivers\Awrtrd.sys
    ----a-w 29,056 2008-05-28 22:56:22 C:\WINDOWS\System32\drivers\kfN07.sys
    ----a-w 15,864 2008-05-05 18:46:32 C:\WINDOWS\System32\drivers\mbam.sys
    ----a-w 27,048 2008-05-05 18:46:36 C:\WINDOWS\System32\drivers\mbamcatchme.sys
    ----a-w 15,648 2008-04-29 09:20:00 C:\WINDOWS\System32\drivers\NSDriver.sys
    ----a-w 27,008 2008-05-28 22:10:14 C:\WINDOWS\System32\drivers\Rem07.sys

    Entries: 7 (7)
    Directories: 0 Files: 7
    Bytes: 143,232 Blocks: 282
    =======C:\Program Files=====
    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    =======D:=====
    ----a-w 639 2008-05-27 19:58:21 D:\firstrun6.log

    Entries: 1 (1)
    Directories: 0 Files: 1
    Bytes: 639 Blocks: 2
    ======D:\Documenten en settings\Ravish\Application Data======
    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    ======D:\Temp======
    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    ======D:\Documenten en settings\Ravish======
    ---ha-w 3,407,872 2008-05-29 18:41:31 D:\Documenten en settings\Ravish\NTUSER.DAT
    ---ha-w 32,768 2008-05-29 18:49:34 D:\Documenten en settings\Ravish\NtUser.dat.LOG
    --sh--w 188 2008-05-29 18:41:07 D:\Documenten en settings\Ravish\ntuser.ini
    ----a-w 600 2008-05-25 15:46:12 D:\Documenten en settings\Ravish\PUTTY.RND

    Entries: 4 (1)
    Directories: 0 Files: 4
    Bytes: 3,441,428 Blocks: 6,723
    ======C:\WINDOWS\Downloaded Program Files====
    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    =============

  15. #15

    Technische vaardigheid
    1. Starter
    Besturingssysteem
    Windows XP Media Center
    Antivirus
    McAfee
    Firewall
    McAfee
    Berichten
    17
    Dit hoort nog eigelijk bij mijn vorige post het gaat om de file C:\WINDOWS\system32\wlctrl32.dll

  16. #16
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    We gaan wat proberen.

    Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

    @ECHO OFF
    IF EXIST log.txt DEL log.txt
    sc stop kfN07
    sc delete kfN07
    remove C:\WINDOWS\System32\drivers\kfN07.sys C:\RVAXO\kfN07.sys
    ECHO Deleting files>>log.txt
    FOR %%g in (
    C:\WINDOWS\System32\clkcnt.txt
    C:\WINDOWS\System32\ikhcore.cfg
    C:\WINDOWS\System32\mcrh.tmp
    C:\WINDOWS\System32\quxpvodu.dll
    C:\WINDOWS\System32\urqPiIxY.dll
    C:\WINDOWS\System32\WinCtrl32.dll
    C:\WINDOWS\System32\WinCtrl32.dl_
    C:\WINDOWS\System32\WLCtrl32.dll
    C:\WINDOWS\System32\WLCtrl32.dl_
    C:\WINDOWS\System32\drivers\kfN07.sys) DO (
    DEL /Q %%gNUCIA
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    REN %%g *NUCIA
    IF EXIST %%gNUCIA (
    ECHO renamed to %%gNUCIA>>log.txt)
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    sc stop kfN07
    sc delete kfN07
    START NOTEPAD.EXE log.txt

    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.

    Dubbelklik op del.bat en post de inhoud van de logfile die opent.


    Open die map van IceSword, dubbelklik op het "Sword icon" om IceSword te starten.
    - Links klik je op file.
    - Kies nu deze computer in icesword en navigeer naar dit bestand:

    C:\WINDOWS\System32\drivers\kfN07.sys

    - Rechtsklik er op en kies voor delete.


    Herstart je PC en post een nieuw logje van Hijackthis
    Laatst gewijzigd door smeenk; 29-05-08 om 20:25.

  17. #17

    Technische vaardigheid
    1. Starter
    Besturingssysteem
    Windows XP Media Center
    Antivirus
    McAfee
    Firewall
    McAfee
    Berichten
    17
    Nadat mijn computer was opgestart kreeg ik het volgende bericht COM installeren?? Klopt dit??

    Del.bat-log

    Deleting files
    C:\WINDOWS\System32\clkcnt.txt not found
    C:\WINDOWS\System32\ikhcore.cfg not found
    C:\WINDOWS\System32\mcrh.tmp not found
    C:\WINDOWS\System32\quxpvodu.dll not found
    C:\WINDOWS\System32\urqPiIxY.dll not found
    C:\WINDOWS\System32\WinCtrl32.dll not found
    C:\WINDOWS\System32\WinCtrl32.dl_ not found
    C:\WINDOWS\System32\WLCtrl32.dll not found
    C:\WINDOWS\System32\WLCtrl32.dl_ not found
    C:\WINDOWS\System32\drivers\kfN07.sys not deleted

    Hijackhis-log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:42:40, on 29-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\McAfee\MBK\MBackMonitor.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\THOMSO~1\SPEEDT~1\PRISMSVR.EXE
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
    C:\Program Files\SiteAdvisor\6261\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
    O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP OfficeJet T Series Opstartmenu.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204449533890
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204455813906
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
    O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

    --
    End of file - 11521 bytes

  18. #18
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Dubbelklik nog een keer op del.bat en post dat logje.

    Maak even een nieuw logje met zoek.exe en post dat ook.

  19. #19

    Technische vaardigheid
    1. Starter
    Besturingssysteem
    Windows XP Media Center
    Antivirus
    McAfee
    Firewall
    McAfee
    Berichten
    17
    del.bat-log

    Deleting files
    C:\WINDOWS\System32\clkcnt.txt not found
    C:\WINDOWS\System32\ikhcore.cfg deleted
    C:\WINDOWS\System32\mcrh.tmp not found
    C:\WINDOWS\System32\quxpvodu.dll not found
    C:\WINDOWS\System32\urqPiIxY.dll not found
    C:\WINDOWS\System32\WinCtrl32.dll not found
    C:\WINDOWS\System32\WinCtrl32.dl_ not found
    renamed to C:\WINDOWS\System32\WLCtrl32.dllNUCIA
    C:\WINDOWS\System32\WLCtrl32.dll deleted
    C:\WINDOWS\System32\WLCtrl32.dl_ not found
    C:\WINDOWS\System32\drivers\kfN07.sys not found

    Zoek-log

    ======C:\WINDOWS====
    ----a-w 0 2008-05-29 19:40:47 C:\WINDOWS\0.log
    --s-a-w 2,048 2008-05-29 19:39:07 C:\WINDOWS\bootstat.dat
    ----a-w 309,520 2008-05-29 17:38:30 C:\WINDOWS\comsetup.log
    ----a-w 51,471 2008-05-29 17:38:30 C:\WINDOWS\ehOCGen.log
    ----a-w 931,822 2008-05-29 17:38:29 C:\WINDOWS\FaxSetup.log
    ----a-w 2,334 2008-05-14 17:12:27 C:\WINDOWS\HPOCSS05.INI
    ----a-w 228 2008-05-25 12:56:27 C:\WINDOWS\HPODJC05.INI
    ----a-w 551 2008-05-25 12:56:33 C:\WINDOWS\HPOTBX05.INI
    ----a-w 998,344 2008-05-29 17:38:30 C:\WINDOWS\iis6.log
    ----a-w 1,374 2008-05-14 11:02:46 C:\WINDOWS\imsins.BAK
    ----a-w 1,374 2008-05-29 17:38:30 C:\WINDOWS\imsins.log
    ----a-w 11,096 2008-05-29 17:38:30 C:\WINDOWS\KB932823-v3.log
    ----a-w 13,651 2008-05-14 11:02:46 C:\WINDOWS\KB950749.log
    ----a-w 111,803 2008-05-29 17:38:30 C:\WINDOWS\MedCtrOC.log
    ----a-w 4,246 2008-05-24 13:16:49 C:\WINDOWS\ModemLog_Sony Ericsson W810 USB WMC Data Modem.txt
    ----a-w 4,472 2008-05-24 13:16:49 C:\WINDOWS\ModemLog_Sony Ericsson W810 USB WMC Modem.txt
    ----a-w 45,985 2008-05-29 17:38:30 C:\WINDOWS\msgsocm.log
    ----a-w 277,790 2008-05-29 17:38:27 C:\WINDOWS\msmqinst.log
    ----a-w 69 2008-05-19 18:56:48 C:\WINDOWS\NeroDigital.ini
    ----a-w 173,950 2008-05-29 17:38:30 C:\WINDOWS\netfxocm.log
    ----a-w 131,724 2008-05-27 19:58:57 C:\WINDOWS\ntbtlog.txt
    ----a-w 186,199 2008-05-29 17:38:30 C:\WINDOWS\ntdtcsetup.log
    ----a-w 440,468 2008-05-29 17:38:30 C:\WINDOWS\ocgen.log
    ----a-w 56,469 2008-05-29 17:38:30 C:\WINDOWS\ocmsn.log
    ----a-w 104,632 2008-05-29 17:38:30 C:\WINDOWS\plusoc.log
    ---ha-w 54,156 2008-05-29 19:39:43 C:\WINDOWS\QTFont.qfn
    ----a-w 32,400 2008-05-27 19:45:34 C:\WINDOWS\SchedLgU.Txt
    ----a-w 416,959 2008-05-28 05:44:00 C:\WINDOWS\setupapi.log
    ----a-w 46,700 2008-05-29 17:38:30 C:\WINDOWS\tabletoc.log
    ----a-w 422,118 2008-05-29 17:38:30 C:\WINDOWS\tsoc.log
    ----a-w 4 2008-05-29 19:39:53 C:\WINDOWS\Twain001.Mtx
    ----a-w 159 2008-05-29 19:40:10 C:\WINDOWS\wiadebug.log
    ----a-w 49 2008-05-29 19:39:56 C:\WINDOWS\wiaservc.log
    ----a-w 1,966,426 2008-05-29 19:41:22 C:\WINDOWS\WindowsUpdate.log
    ----a-w 72,555 2008-05-23 14:45:38 C:\WINDOWS\wmsetup.log

    Entries: 35 (33)
    Directories: 0 Files: 35
    Bytes: 6,873,146 Blocks: 13,441
    ======C:\WINDOWS\system32=====
    ----a-w 107,888 2008-05-08 10:26:53 C:\WINDOWS\System32\CmdLineExt.dll
    ----a-w 33,562 2008-05-29 19:41:11 C:\WINDOWS\System32\Config.MPF
    ----a-w 1,553,344 2008-05-18 12:31:32 C:\WINDOWS\System32\FNTCACHE.DAT
    ----a-w 12,632 2008-05-16 09:58:04 C:\WINDOWS\System32\lsdelete.exe
    ----a-w 72,960 2008-05-28 05:43:36 C:\WINDOWS\System32\perfc009.dat
    ----a-w 93,218 2008-05-28 05:43:36 C:\WINDOWS\System32\perfc013.dat
    ----a-w 446,006 2008-05-28 05:43:36 C:\WINDOWS\System32\perfh009.dat
    ----a-w 514,242 2008-05-28 05:43:36 C:\WINDOWS\System32\perfh013.dat
    ----a-w 1,140,898 2008-05-28 05:43:35 C:\WINDOWS\System32\PerfStringBackup.INI
    ----a-w 827,634 2008-05-27 06:12:36 C:\WINDOWS\System32\RVAXO.bat
    ----a-w 12,288 2008-05-29 19:39:06 C:\WINDOWS\System32\WLCtrl32.dllNUCIA
    ----a-w 13,646 2008-05-18 12:31:16 C:\WINDOWS\System32\wpa.dbl

    Entries: 12 (12)
    Directories: 0 Files: 12
    Bytes: 4,828,318 Blocks: 9,436
    ======C:\WINDOWS\system32\drivers=====
    ----a-w 12,960 2008-04-29 09:19:50 C:\WINDOWS\System32\drivers\Awrtpd.sys
    ----a-w 15,648 2008-04-29 09:19:54 C:\WINDOWS\System32\drivers\Awrtrd.sys
    ----a-w 15,864 2008-05-05 18:46:32 C:\WINDOWS\System32\drivers\mbam.sys
    ----a-w 27,048 2008-05-05 18:46:36 C:\WINDOWS\System32\drivers\mbamcatchme.sys
    ----a-w 15,648 2008-04-29 09:20:00 C:\WINDOWS\System32\drivers\NSDriver.sys
    ----a-w 27,008 2008-05-28 22:10:14 C:\WINDOWS\System32\drivers\Rem07.sys

    Entries: 6 (6)
    Directories: 0 Files: 6
    Bytes: 114,176 Blocks: 225
    =======C:\Program Files=====
    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    =======D:=====
    ----a-w 639 2008-05-27 19:58:21 D:\firstrun6.log

    Entries: 1 (1)
    Directories: 0 Files: 1
    Bytes: 639 Blocks: 2
    ======D:\Documenten en settings\Ravish\Application Data======
    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    ======D:\Temp======
    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    ======D:\Documenten en settings\Ravish======
    ---ha-w 3,407,872 2008-05-29 19:38:12 D:\Documenten en settings\Ravish\NTUSER.DAT
    ---ha-w 32,768 2008-05-29 19:51:47 D:\Documenten en settings\Ravish\NtUser.dat.LOG
    --sh--w 188 2008-05-29 19:37:48 D:\Documenten en settings\Ravish\ntuser.ini
    ----a-w 600 2008-05-25 15:46:12 D:\Documenten en settings\Ravish\PUTTY.RND

    Entries: 4 (1)
    Directories: 0 Files: 4
    Bytes: 3,441,428 Blocks: 6,723
    ======C:\WINDOWS\Downloaded Program Files====
    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    =============

  20. #20
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Misschien dat we hem toch bijna kwijt zijn.

    Herstart de computer en dubbelklik na de herstart nog een keer op del.bat.
    Post het logje.

Pagina 1 van de 2 12 LaatsteLaatste

Forum Rechten

  • Je mag geen nieuwe onderwerpen plaatsen
  • Je mag geen reacties plaatsen
  • Je mag geen bijlagen toevoegen
  • Je mag jouw berichten niet wijzigen