Download: RVAXO.exe

• Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
• Start de computer in veilige modus.
• Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
  Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
• Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
  
• Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
  Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
• Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
• Post de inhoud van de logfile in je volgende bericht.

Download Deckard's System Scanner naar je Bureaublad.

• Sluit alle toepassingen en vensters.
• Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
• Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
• Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

AUB logjes plaatsen zonder kleurtjes, het is slecht leesbaar zo

hallo smeenk

bedankt voor je snelle hulp

ik heb iets doms gedaan
ik moest die "runme bestandje openen in veiligemodus maar heb ik nie gedaan perongeluk

wat nu ?
moet ik het gewoon opnieuw uitvoeren maar dan wel in de veiligemodus

Gewoon opnieuw proberen, anders komen er geen logjes

dit is de resultaat

---RVAXO.exe Updated: 2008-03-11---first run---
Uninstallers:

Files found:
C:\WINDOWS\system32\ccbeg.ini2
C:\WINDOWS\system32\cdeeg.ini2
C:\WINDOWS\system32\ehkmp.ini2
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\winver.bat
C:\WINDOWS\system32\taskmgr.com

Folders Found:
C:\UGA6PM
C:\Program Files\IE Extensions
C:\Program Files\Common Files\AntiVirusScherm
C:\Documents and Settings\hasan\Application Data\AntiVirusScherm

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:

--------------RVAXO.exe finished----------------

Resultaat van deckard's


Deckard's System Scanner v20071014.68
Run by hasan on 2008-03-11 19:42:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
79: 2008-03-11 18:42:42 UTC - RP404 - Deckard's System Scanner Restore Point
78: 2008-03-11 16:46:29 UTC - RP403 - Controlepunt van systeem
77: 2008-03-10 11:07:16 UTC - RP402 - Installed Ad-Aware 2007
76: 2008-03-10 10:43:21 UTC - RP401 - Installed AVG 7.5
75: 2008-03-10 10:39:15 UTC - RP400 - Removed AVG 7.5


-- First Restore Point --
1: 2007-12-28 12:52:55 UTC - RP326 - Controlepunt van systeem


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as hasan.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-11 19:44:34
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Browser USB MOUSE\mouse32a.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\sysockeu.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAGENT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\hasan\Bureaublad\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16975C1E-950B-F58A-B187-08ED8F89A6B0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {9B6465BD-FC01-4AD9-894C-05F74F486391} - (no file)
O2 - BHO: (no name) - {D3551E8B-A79B-4880-81FD-3E4B84367085} - (no file)
O2 - BHO: (no name) - {FBD29C3C-C642-4843-A627-6E54A947B511} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - SITEguard - (no file)
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] "C:\Program Files\Browser USB MOUSE\mouse32a.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [1029BB4B-16A9-4E77-AA3D-96930BD68EEC] "C:\WINDOWS\sysockeu.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O15 - ProtocolDefaults: Unknown 'about:' protocol is in Restricted Zone (HKLM)
O15 - ProtocolDefaults: Unknown 'about:' protocol is in Restricted Zone (HKCU)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} () - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} () - http://www.gamegarden.net/game/ggsecure.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} () - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.yayindayiz.biz/yayin/ampx2.6.1.11_en_dl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} () - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} () - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: xxyayxw - C:\WINDOWS\system32\xxyayxw.dll (file missing)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)
O21 - SSODL: KernelComponent - {afe6c5ee-0c8f-4790-8483-8f333497df34} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SysEnforce - Unknown owner - C:\Program Files\Trisnap Technologies\SSI\SysEnforce.exe


--
End of file - 9578 bytes

-- File Associations -----------------------------------------------------------

.ini - inifile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - txtfile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SLEE_13_DRIVER (Steganos Live Encryption Engine 13 [Driver]) - c:\windows\system32\drivers\slee13.sys
R1 VIAPFD - c:\windows\system32\drivers\viapfd.sys <Not Verified; VIA Technologies. Inc.; VIA PFD driver>

S3 alcan5ln (SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS)) - c:\windows\system32\drivers\alcan5ln.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\windows\system32\drivers\alcan5wn.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 alcaudsl (SpeedTouch ADSL Modem ATM Transport) - c:\windows\system32\drivers\alcaudsl.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 MusCDriverV32 - c:\windows\system32\drivers\muscdriverv32.sys <Not Verified; Windows (R) 2000/XP; Windows (R) 2000/XP Driver>
S3 ovt530 (Hercules Webcam Deluxe) - c:\windows\system32\drivers\ov530vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 530>
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 MWAgent - c:\program files\common files\microworld\agent\mwaser.exe <Not Verified; MicroWorld Technologies Inc.; eScan>

S2 SysEnforce - c:\progra~1\trisna~1\ssi\sysenf~1.exe
S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: SCSI/RAID Host Controller
Device ID: ACPI\PNPA000\4&5D18F2DF&0
Manufacturer: (Standard mass storage controllers)
Name: SCSI/RAID Host Controller
PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0
Service: as2zxx4j


-- Files created between 2008-02-11 and 2008-03-11 -----------------------------

2008-03-11 19:34:59 0 d-------- C:\RVAXO
2008-03-11 19:07:53 731863 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-03-11 16:35:08 0 d-------- C:\WINDOWS\BDOSCAN8
2008-03-10 20:53:17 293312 --a------ C:\WINDOWS\system32\mllml.dll
2008-03-10 15:38:15 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-03-10 15:35:09 8576 --a------ C:\WINDOWS\system32\drivers\hnaujcjyshsv.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-03-10 13:59:59 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-10 12:07:25 0 d-------- C:\Program Files\Lavasoft
2008-03-10 12:07:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-10 11:43:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-09 12:25:11 159744 --a------ C:\WINDOWS\system32\hasher.dll <Not Verified; ; hasher Dynamic Link Library>
2008-03-09 12:25:06 0 d-------- C:\Program Files\Trisnap Technologies
2008-03-08 00:49:12 164 --a------ C:\install.dat
2008-03-08 00:35:25 0 d-------- C:\Documents and Settings\cscontrol\Application Data\Real
2008-03-08 00:35:10 0 d-------- C:\Documents and Settings\cscontrol\Application Data\Identities
2008-03-08 00:34:26 0 d--h----- C:\Documents and Settings\cscontrol\Local Settings
2008-03-08 00:34:26 0 dr------- C:\Documents and Settings\cscontrol\Favorieten
2008-03-08 00:34:26 0 d--hs---- C:\Documents and Settings\cscontrol\Cookies
2008-03-08 00:34:26 0 d-------- C:\Documents and Settings\cscontrol\Bureaublad
2008-03-08 00:34:26 0 dr-h----- C:\Documents and Settings\cscontrol\Application Data
2008-03-08 00:34:26 0 d---s---- C:\Documents and Settings\cscontrol\Application Data\Microsoft
2008-03-08 00:34:25 0 d--h----- C:\Documents and Settings\cscontrol\Sjablonen
2008-03-08 00:34:25 0 dr-h----- C:\Documents and Settings\cscontrol\SendTo
2008-03-08 00:34:25 0 dr-h----- C:\Documents and Settings\cscontrol\Onlangs geopend
2008-03-08 00:34:25 2097152 --a------ C:\Documents and Settings\cscontrol\NTUSER.DAT
2008-03-08 00:34:25 0 d--h----- C:\Documents and Settings\cscontrol\Netwerkprinteromgeving
2008-03-08 00:34:25 0 d--h----- C:\Documents and Settings\cscontrol\NetHood
2008-03-08 00:34:25 0 dr------- C:\Documents and Settings\cscontrol\Mijn documenten
2008-03-08 00:34:25 0 dr------- C:\Documents and Settings\cscontrol\Menu Start
2008-03-08 00:30:04 8634368 --a------ C:\WINDOWS\system32\ProfUIS281n.dll <Not Verified; FOSS Software, Inc.; Professional User Interface Suite>
2008-03-08 00:30:04 262144 --a------ C:\WINDOWS\system32\ProfSkin281n.dll <Not Verified; FOSS Software, Inc.; Professional User Interface Suite>
2008-03-07 19:31:15 0 dr-h----- C:\$VAULT$.AVG
2008-03-06 21:26:28 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-03-06 21:25:38 0 d-------- C:\Program Files\Common Files\iS3
2008-03-06 21:25:37 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-03-06 21:15:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-06 20:45:15 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-03-06 18:31:51 0 d-------- C:\Program Files\Common Files\PC Tools
2008-03-06 18:05:19 0 d-------- C:\Program Files\Spyware Doctor
2008-03-06 17:56:31 0 d-------- C:\Documents and Settings\hasan\Application Data\Sunbelt Software
2008-03-06 17:40:25 20992 --a------ C:\WINDOWS\sysounrk.exe
2008-03-06 17:40:24 35840 --a------ C:\WINDOWS\sysockeu.exe
2008-03-06 17:40:24 3072 --a------ C:\WINDOWS\ftebh.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-06 17:40:24 1409 --a------ C:\WINDOWS\fbdzj.exe
2008-02-25 16:05:54 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-02-25 16:05:54 38912 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-02-25 16:05:54 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-02-25 16:05:54 544768 --a------ C:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2008-02-25 16:05:54 569344 --a------ C:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2008-02-25 16:05:51 0 d-------- C:\Program Files\Ahead
2008-02-24 17:30:15 0 d-------- C:\Program Files\SoftwareClub.ws
2008-02-24 17:30:11 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-02-23 11:33:10 0 d-------- C:\Program Files\Magic Lens Max
2008-02-23 11:33:10 0 d-------- C:\Documents and Settings\hasan\Application Data\Magic Lens Max
2008-02-18 18:37:46 0 d-------- C:\Program Files\ARWizard3
2008-02-11 19:36:50 0 d-------- C:\Program Files\FrameShow


-- Find3M Report ---------------------------------------------------------------

2008-03-11 19:09:16 0 d-------- C:\Program Files\Common Files
2008-03-10 18:36:03 0 d-------- C:\Documents and Settings\hasan\Application Data\VoipStunt
2008-03-10 16:18:42 0 d-------- C:\Program Files\MSN Messenger
2008-03-10 16:09:56 0 d-------- C:\Program Files\Browser USB MOUSE
2008-03-07 20:55:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-06 18:06:34 364330 --a------ C:\WINDOWS\system32\perfh013.dat
2008-03-06 18:06:34 53418 --a------ C:\WINDOWS\system32\perfc013.dat
2008-02-25 16:05:54 0 d-------- C:\Program Files\Common Files\Ahead
2008-02-04 16:37:08 0 d-------- C:\Documents and Settings\hasan\Application Data\VoipRaider
2008-02-03 12:10:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-31 14:02:21 0 d-------- C:\Documents and Settings\hasan\Application Data\Gizmo Project
2008-01-30 22:14:36 0 d-------- C:\Program Files\Artword Editor
2008-01-30 22:14:00 0 d-------- C:\Documents and Settings\hasan\Application Data\ArtWord
2008-01-25 22:39:28 0 d-------- C:\Documents and Settings\hasan\Application Data\Ahead
2008-01-22 12:39:08 0 d-------- C:\Program Files\VoipRaider.com
2008-01-19 20:16:31 0 d-------- C:\Program Files\Quick All Audio Converter
2008-01-19 19:01:26 5 --a------ C:\WINDOWS\youtubex.dll
2008-01-19 17:33:30 0 d-------- C:\Program Files\MOJOSOFT
2008-01-19 17:33:30 0 d-------- C:\Documents and Settings\hasan\Application Data\mojosoft
2008-01-16 15:49:54 0 d-------- C:\Documents and Settings\hasan\Application Data\DAEMON Tools
2008-01-12 14:30:41 0 d-------- C:\Documents and Settings\hasan\Application Data\GeoVid
2008-01-12 14:28:27 0 d-------- C:\Program Files\Common Files\GeoVid
2008-01-09 15:01:48 53248 --a------ C:\WINDOWS\bdoscandel.exe
2008-01-07 20:39:35 23336 --a------ C:\Documents and Settings\hasan\Application Data\GDIPFONTCACHEV1.DAT
2008-01-01 19:29:40 322 --a------ C:\Documents and Settings\hasan\Application Data\Taxi4.MCS
2007-12-23 17:22:33 200704 --a------ C:\WINDOWS\system32\FOYGqsJVxB.dll
2007-12-22 13:33:39 126 --a------ C:\WINDOWS\snake.DAT
2007-12-12 15:36:16 0 --a------ C:\WINDOWS\system32\Ultra.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16975C1E-950B-F58A-B187-08ED8F89A6B0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B6465BD-FC01-4AD9-894C-05F74F486391}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3551E8B-A79B-4880-81FD-3E4B84367085}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FBD29C3C-C642-4843-A627-6E54A947B511}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser USB MOUSE\mouse32a.exe" [16-04-2007 20:04]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [25-04-2007 21:46]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [27-12-2006 15:53]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [03-11-2006 10:01]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 10:50]
"1029BB4B-16A9-4E77-AA3D-96930BD68EEC"="C:\WINDOWS\sysockeu.exe" [06-03-2008 17:40]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01-02-2008 12:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 00:03]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [27-12-2006 15:53]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13-2-2001 9:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyayxw]
xxyayxw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Msmsgs]
C:\Documents and Settings\hasan\Local Settings\Temp\ir_ext_temp_1\AutoPlay\Docs\MSN passwords\MSN\Msn messanger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PoivY]
"C:\Program Files\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized




-- End of Deckard's System Scanner: finished at 2008-03-11 19:46:47 ------------

Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {16975C1E-950B-F58A-B187-08ED8F89A6B0} - (no file)
O2 - BHO: (no name) - {9B6465BD-FC01-4AD9-894C-05F74F486391} - (no file)
O2 - BHO: (no name) - {D3551E8B-A79B-4880-81FD-3E4B84367085} - (no file)
O2 - BHO: (no name) - {FBD29C3C-C642-4843-A627-6E54A947B511} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - SITEguard - (no file)
O4 - HKLM\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
O4 - HKLM\..\Run: [1029BB4B-16A9-4E77-AA3D-96930BD68EEC] "C:\WINDOWS\sysockeu.exe"
O4 - HKCU\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
O15 - ProtocolDefaults: Unknown 'about:' protocol is in Restricted Zone (HKLM)
O15 - ProtocolDefaults: Unknown 'about:' protocol is in Restricted Zone (HKCU)
O20 - Winlogon Notify: xxyayxw - C:\WINDOWS\system32\xxyayxw.dll (file missing)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)
O21 - SSODL: KernelComponent - {afe6c5ee-0c8f-4790-8483-8f333497df34} - (no file)
Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

Herstart je computer en post een nieuw logje van Hijackthis ter controle

dit is de resultaat

Logfile of HijackThis v1.99.1
Scan saved at 16:58:44, on 12-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Browser USB MOUSE\mouse32a.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
C:\Documents and Settings\hasan\Mijn documenten\hj\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] "C:\Program Files\Browser USB MOUSE\mouse32a.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} - http://www.gamegarden.net/game/ggsecure.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.yayindayiz.biz/yayin/ampx2.6.1.11_en_dl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE




*R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
*R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {16975C1E-950B-F58A-B187-08ED8F89A6B0} - (no file)
O2 - BHO: (no name) - {9B6465BD-FC01-4AD9-894C-05F74F486391} - (no file)
O2 - BHO: (no name) - {D3551E8B-A79B-4880-81FD-3E4B84367085} - (no file)
O2 - BHO: (no name) - {FBD29C3C-C642-4843-A627-6E54A947B511} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - SITEguard - (no file)
O4 - HKLM\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
O4 - HKLM\..\Run: [1029BB4B-16A9-4E77-AA3D-96930BD68EEC] "C:\WINDOWS\sysockeu.exe"
O4 - HKCU\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
*O15 - ProtocolDefaults: Unknown 'about:' protocol is in Restricted Zone (HKLM)
*O15 - ProtocolDefaults: Unknown 'about:' protocol is in Restricted Zone (HKCU)
O20 - Winlogon Notify: xxyayxw - C:\WINDOWS\system32\xxyayxw.dll (file missing)
*O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)
O21 - SSODL: KernelComponent - {afe6c5ee-0c8f-4790-8483-8f333497df3


*= dingen die er niet bij stonden
er waren nog paar die er niet bij stonden maar die ben ik vergeten
maar de rest heb ik wel gefixt Ik hoop dat we het goede kant op gaan
ik wil weer mijn snelle pc terug zonder die klote spyware
bedankt nog dat je me helpt

Verwijder deze bestanden:
C:\WINDOWS\sysounrk.exe
C:\WINDOWS\sysockeu.exe
C:\WINDOWS\ftebh.exe
C:\WINDOWS\fbdzj.exe

Vertel welke problemen je nog ondervindt

moet ik dat bij c/windows wissen
dus gewoon naar mijn computer etc?

mijn problemen zijn : trage pc, mijn achtrgrond is nu gelukt
maar ik heb nu Thumbs.db op mijn bureaublad en ik weet niet hoe dat daar komt en ook een map met %userprofiele%
Deze twee dingen staan ook op mijn afbeeldingen
en ze zijn doorzichtig bijvoolbeld als je iets kopieert op knipt dan wordt het toch eventjes doorzichtig zo iets is het . het blijft doorzichtig
als ik het wil vewijdere dan zegt die dat sommige dingen niet kunnen werken dus heb ik het niet verwijderd ik dacht ik vraag het gewoon effe.
ik heb met spywaredoctor paar scans uitgevoerd en wat dingen verwijderd.
maar je bent super want mijn achtergrond kan ik nu gewoon wijzigen
ik hoop dat als ik hem herstart dat die dan gewoon zelfde belijft
en ongewenste pagina zijn nu ook weg aleen beetje trage pc

ik klik op deze computer en dan C
ik zie nu dat heel veel mappen doorzichtig zijn hoe komt dat?

Verborgen bestanden en mappen worden weergegeven.
Lees hier maar eens: http://users.telenet.be/marcvn/spyware/1117602.htm
Om dit ongedaan te maken moet je de omgekeerde bewerking kiezen.

Die bestanden moet je gewoon opzoeken met je verkenner, daarna rechtsklikken en voor verwijderen kiezen.

Daarna doe je dit:

Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

• Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
• Sluit alle programma's die eventueel open zijn - Zeker je web browser!
• Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
• Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
• Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
• Herhaal dit tot alle oudere versies verdwenen zijn.
• Na het verwijderen van alle oudere versies, herstart je pc.
• Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Post als laatste nog een nieuw logje van Hijackthis ter controle

hoi smeenk

hee super man mijn achtergrond is helemaal toppie nu
die doorzichtige mappen kan ik dus gewoon verijdere toch?
jaa ik wil altijd alles zeker weten

mijn pc is soms snel en soms loopt die evve vast
bv als ik internet site open

en deze dingen kan ik nie vinde

Verwijder deze bestanden:
C:\WINDOWS\sysounrk.exe
C:\WINDOWS\sysockeu.exe
C:\WINDOWS\ftebh.exe
C:\WINDOWS\fbdzj.exe



dit is mijn nieuwe logje

Logfile of HijackThis v1.99.1
Scan saved at 19:16:49, on 12-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Browser USB MOUSE\mouse32a.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\hasan\Mijn documenten\hj\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] "C:\Program Files\Browser USB MOUSE\mouse32a.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} - http://www.gamegarden.net/game/ggsecure.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.yayindayiz.biz/yayin/ampx2.6.1.11_en_dl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE

Waarom wil je die verwijderen?
Lijkt me niet zo verstandig, die mappen en bestanden zijn niet voor niets verborgen.
Als je die gaat verwijderen help je je hele systeem naar de vernieling

Heb je wel naar die link gekeken:


Ik schreef dat je de omgekeerde bewerking moest doen:
Bij Verborgen bestanden en mappen selecteer je Verborgen bestanden en mappen weergeven.(dat vinkje haal je nu dus weg)
Bij Bestanden en mappen haal je het vinkje weg bij: Beveiligde besturingssysteembestanden verbergen (aanbevolen).(Dat vinkje plaats je nu dus weer terug)
Klik op Ja om dit te bevestigen.
Klik op OK.

Duidelijker kan ik volgens mij niet zijn

dat is duidelijk jahh
jahh sry ik moet gewoon heel zeker zijn snap je het zit in me

maar is die logje nou goed?

deze dingen die ik van jou moest verwijdere kan ik niet vinde
ze zitten niet in c;windows.
misschien in system32 of ergens anders