Mededeling

**smeenk** · 15-03-08, 19:33

Download SDFix naar je bureaublad.

Dubbelklikken op SDFix.exe om het uit te pakken.
Print onderstaande instrukties uit of kopieer ze naar een .txt bestand.
Start op in Veilige modus
Open de uitgepakte SDFix folder (meestal hier te vinden: C:\SDFix) en dubbelklik RunThis.bat om het script te starten.
Typ Y om de fix te beginnen en volg de instructie's. Druk op een toets als het nodig is.
De computer zal herstarten. Dit duurt langer dan gewoonlijk.
SDFix zal verder gaan met het verwijderen. Wacht tot er wordt gevraagt om op een toets te drukken.
Het Bureaublad zal verschijnen en er zal een logje openen.
Post de inhoud van dat logje

**Wasabie** · 17-03-08, 12:42

ik kan ook SDfix niet installeren, het bestand heb ik op t bureaublad gezet, hij opent niet.

**smeenk** · 17-03-08, 14:15

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Start de computer in veilige modus.
Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Download Deckard's System Scanner naar je Bureaublad.

Sluit alle toepassingen en vensters.
Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

**Wasabie** · 17-03-08, 14:52

Log RVAXO;

---RVAXO.exe Updated: 2008-03-15---first run---
Uninstallers:

Files found:
C:\WINDOWS\system32\univrs32.dat
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\braviax.exe
C:\WINDOWS\system32\cru629.dat
C:\WINDOWS\cru629.dat
C:\WINDOWS\system32\winivstr.exe

Folders Found:

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\braviax.exe
C:\WINDOWS\system32\cru629.dat
C:\WINDOWS\cru629.dat

--------------RVAXO.exe finished----------------

De DSS start ook niet op....Virusscanner (Mcaffee is trouwens ook uitgeschakeld op de een of andere manier).

**smeenk** · 17-03-08, 15:42

Zoek het volgende bestand eens op:
C:\RVAXO-Vfind.log

Post dat logje in je volgende bericht

**Wasabie** · 17-03-08, 17:35

OK inderdaad deze is zeker langer!!

----a-w 16,034 2008-03-14 20:12:53 C:\Documents and Settings\All Users\Application Data\atyxuzi.exe
----a-w 51,200 2008-03-14 04:20:00 C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Current\VSCANDAT1000\DAT\0000\validate.exe
----a-w 40,704 2008-03-17 12:48:36 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\svchost.exe
----a-w 4,506,256 2008-02-12 18:16:14 C:\Documents and Settings\Wesley van Heugten\Application Data\LimeWirePlus\.NetworkShare\LimeWireWin4.16.6.exe
----a-w 413,696 2008-03-17 12:35:22 C:\Documents and Settings\Wesley van Heugten\Bureaublad\RVAXO.exe
----a-w 1,413,305 2008-03-16 22:31:35 C:\Documents and Settings\Wesley van Heugten\Bureaublad\SDFix.exe
----a-w 287,040 2008-03-13 12:00:36 C:\Program Files\BitTorrent_DNA\dna.exe
----a-w 10,001 2008-03-14 20:12:53 C:\Program Files\Common Files\etuqawor.exe
----a-w 610,000 2008-03-09 16:29:10 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
----a-w 102,096 2008-03-09 16:29:12 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
----a-w 89,808 2008-03-09 16:29:12 C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
----a-w 684,752 2008-03-10 14:21:33 C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
----a-w 692,104 2008-03-09 16:18:39 C:\Program Files\Spybot - Search & Destroy\unins000.exe
----a-w 396,288 2008-03-15 11:52:22 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
----a-w 142,336 2008-03-08 18:38:23 C:\SDFix\catchme.exe
----a-w 10,240 2008-03-08 18:38:20 C:\SDFix\apps\cliptext.exe
----a-w 61,440 2008-03-08 18:38:20 C:\SDFix\apps\download.exe
----a-w 157,696 2008-03-08 18:38:20 C:\SDFix\apps\ERUNT.EXE
----a-w 27,136 2008-03-08 18:38:21 C:\SDFix\apps\FixPath.exe
----a-w 80,412 2008-03-08 18:38:21 C:\SDFix\apps\grep.exe
----a-w 33,280 2008-03-08 18:38:21 C:\SDFix\apps\isadmin.exe
----a-w 49,152 2008-03-08 18:38:21 C:\SDFix\apps\LS.exe
----a-w 6,656 2008-03-08 18:38:21 C:\SDFix\apps\MD5File.exe
----a-w 53,248 2008-03-08 18:38:21 C:\SDFix\apps\Process.exe
----a-w 16,414 2008-03-08 18:38:21 C:\SDFix\apps\procs.exe
----a-w 61,440 2008-03-08 18:38:21 C:\SDFix\apps\psservice.exe
----a-w 8,192 2008-03-08 18:38:22 C:\SDFix\apps\RestartIt!.exe
----a-w 31,232 2008-03-08 18:38:22 C:\SDFix\apps\sc.exe
----a-w 98,816 2008-03-08 18:38:22 C:\SDFix\apps\sed.exe
----a-w 49,152 2008-03-08 18:38:22 C:\SDFix\apps\SF.exe
----a-w 19,456 2008-03-08 18:38:22 C:\SDFix\apps\shutdown.exe
----a-w 278,016 2008-03-08 18:38:22 C:\SDFix\apps\swreg.exe
----a-w 40,960 2008-03-08 18:38:22 C:\SDFix\apps\swsc.exe
----a-w 167,936 2008-03-08 18:38:22 C:\SDFix\apps\unzip.exe
----a-w 49,152 2008-03-08 18:38:22 C:\SDFix\apps\vfind.exe
----a-w 41,472 2008-03-08 18:38:22 C:\SDFix\apps\WINMSG.EXE
----a-w 126,976 2008-03-08 18:38:23 C:\SDFix\apps\zip.exe
----a-w 146,432 2008-03-08 18:38:21 C:\SDFix\apps\Replace\regedit.exe
----a-w 94,208 2008-03-08 18:38:21 C:\SDFix\apps\Replace\W2K.exe
----a-w 94,208 2008-03-08 18:38:22 C:\SDFix\apps\Replace\XP.exe
----a-w 16,896 2008-03-17 12:48:36 C:\WINDOWS\braviax.exe
----a-w 16,627 2008-03-14 20:12:53 C:\WINDOWS\udokumepy.exe
----a-w 163,328 2008-03-08 18:38:20 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
----a-w 163,328 2008-03-08 18:38:20 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-w 16,896 2008-03-17 12:48:36 C:\WINDOWS\system32\braviax.exe

Entries: 45 (45)
Directories: 0 Files: 45
Bytes: 11,636,017 Blocks: 22,735
=============
----a-w 14,091 2008-03-14 20:12:53 C:\Documents and Settings\Wesley van Heugten\Local Settings\Application Data\qakehomab.dll
----a-w 12,598 2008-03-14 17:28:16 C:\Documents and Settings\Wesley van Heugten\Local Settings\Temporary Internet Files\obyvekyn.dll
----a-w 14,481 2008-03-14 17:28:16 C:\Program Files\Common Files\hewagasuw.dll
----a-w 65,232 2008-03-09 16:29:08 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
----a-w 36,560 2008-03-09 16:29:10 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
----a-w 44,752 2008-03-09 16:29:12 C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
----a-w 57,552 2008-03-09 16:29:14 C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll

Entries: 7 (7)
Directories: 0 Files: 7
Bytes: 245,266 Blocks: 483
=============
----a-w 1,260 2008-03-17 12:43:31 C:\Documents and Settings\Administrator\Bureaublad\Snelkoppeling naar RunMe.lnk
----a-w 724 2008-03-17 12:43:50 C:\Documents and Settings\Administrator\Onlangs geopend\Documenten van Wesley van Heugten.lnk
----a-w 1,312 2008-03-17 12:43:49 C:\Documents and Settings\Administrator\Onlangs geopend\iets.lnk
----a-w 754 2008-03-10 14:21:49 C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
----a-w 2,497 2008-03-13 16:08:16 C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Excel.lnk
----a-w 2,515 2008-03-13 15:21:19 C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Word.lnk
----a-w 1,573 2008-03-10 10:42:34 C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Paint.lnk
----a-w 1,556 2008-02-18 12:23:35 C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Rekenmachine.lnk
----a-w 1,586 2008-03-14 18:47:33 C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Entertainment\Volumeregeling.lnk
----a-w 1,804 2008-03-15 11:52:22 C:\Documents and Settings\All Users\Menu Start\Programma's\HijackThis\HijackThis.lnk
----a-w 766 2008-03-10 14:21:49 C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
----a-w 766 2008-03-10 14:21:49 C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
----a-w 790 2008-03-10 14:21:49 C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Verwijder Malwarebytes' Anti-Malware.lnk
----a-w 1,003 2008-03-09 16:19:19 C:\Documents and Settings\All Users\Menu Start\Programma's\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk
----a-w 815 2008-03-09 16:19:19 C:\Documents and Settings\All Users\Menu Start\Programma's\Spybot - Search & Destroy\Tutorial.lnk
----a-w 1,019 2008-03-09 16:19:19 C:\Documents and Settings\All Users\Menu Start\Programma's\Spybot - Search & Destroy\Uninstall Spybot-S&D.lnk
----a-w 933 2008-03-09 16:19:19 C:\Documents and Settings\All Users\Menu Start\Programma's\Spybot - Search & Destroy\Update Spybot-S&D.lnk
----a-w 1,660 2008-03-09 15:36:16 C:\Documents and Settings\All Users\Menu Start\Programma's\Systeembeheer\Computerbeheer.lnk
----a-w 1,283 2008-02-27 21:45:30 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\actiepunten.lnk
----a-w 1,498 2008-03-13 15:25:13 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\agenda 290308.lnk
----a-w 1,358 2008-03-13 15:25:13 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\agenda bestuursvergadering.lnk
----a-w 1,427 2008-02-28 22:10:18 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\alf.lijst vrijwilligers april 05-06.lnk
----a-w 1,353 2008-03-13 15:29:46 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\alg.ledenvergadering 2007.lnk
----a-w 1,353 2008-03-13 15:29:46 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\algemene ledenvergadering.lnk
----a-w 1,055 2008-03-11 14:34:39 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Artikelen.lnk
----a-w 1,447 2008-03-11 21:43:50 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\bardienst zaterdag competitiedefinitief.lnk
----a-w 1,115 2008-03-11 09:33:59 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Begeleidingsafspraken.lnk
----a-w 801 2008-03-13 16:08:17 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Biblio.lnk
----a-w 1,392 2008-03-13 15:51:15 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\brief m.b.t. parkdienst maart 08.lnk
----a-w 964 2008-03-10 15:07:07 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\coachen en trainen.lnk
----a-w 974 2008-03-10 15:09:20 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Coaching en training.lnk
----a-w 1,412 2008-03-13 16:08:49 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Damesdubbel bardienstrooster2008.lnk
----a-w 1,342 2008-03-13 16:10:31 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\damesdubbel poules.lnk
----a-w 1,452 2008-03-13 16:11:31 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\damesdubbel schemas ddwoensdag-avond2008.lnk
----a-w 1,327 2008-03-12 16:37:16 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\decl.1en 2 2008.lnk
----a-w 1,307 2008-03-12 16:39:19 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\decl.3 2008.lnk
----a-w 1,248 2008-03-10 10:27:10 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\DSC00344.lnk
----a-w 916 2008-03-13 16:08:17 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\EUROTOOL.lnk
----a-w 1,133 2008-03-10 10:27:10 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Jitske en Sjors.lnk
----a-w 1,054 2008-03-12 15:20:34 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Laberatorium.lnk
----a-w 752 2008-03-12 16:21:47 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Mijn documenten.lnk
----a-w 1,312 2008-03-13 15:55:19 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Mix Blad 2.lnk
----a-w 1,307 2008-03-13 15:53:59 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Mix Blad 1.lnk
----a-w 1,407 2008-03-13 16:08:03 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Mix Competitie 2008 voorwoord.lnk
----a-w 1,347 2008-03-13 15:56:40 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\mix competitie 2008.lnk
----a-w 1,417 2008-03-13 15:57:39 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Mix competitie bardienst indeling.lnk
----a-w 1,363 2008-02-27 21:34:27 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\notulen bestuursvergadering.lnk
----a-w 1,437 2008-03-12 19:07:26 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\overzicht commissies 26 februari 2008.lnk
----a-w 1,177 2008-02-28 22:10:18 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\PB 2006.lnk
----a-w 1,177 2008-03-11 15:41:15 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\PB 2007.lnk
----a-w 1,177 2008-03-13 16:11:31 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\PB 2008.lnk
----a-w 1,588 2008-03-13 15:29:46 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\presentielijst ALV 13 maart 2008.lnk
----a-w 1,598 2008-03-13 15:29:46 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\presentielijst ALV 8 februari 2007.lnk
----a-w 1,143 2008-03-10 19:48:42 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\R3T3ND8W.lnk
----a-w 1,407 2008-03-11 21:47:03 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\roosters tot april 2009 op naam.lnk
----a-w 1,388 2008-03-10 19:52:53 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\roosters tot april 2009 op naam[1].lnk
----a-w 1,362 2008-03-11 21:45:32 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\roosters tot april2009.lnk
----a-w 1,143 2008-03-10 19:52:53 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\SJF3UC9H.lnk
----a-w 823 2008-03-11 13:59:41 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Sjors.lnk
----a-w 959 2008-03-10 10:14:43 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Stage Fontys 2008.lnk
----a-w 1,195 2008-02-25 12:32:38 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\style.lnk
----a-w 1,462 2008-03-13 15:38:36 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\vertrekkers commissies alg.ledenverg. 2008.lnk
----a-w 1,792 2008-03-15 11:52:22 C:\Documents and Settings\Wesley van Heugten\Bureaublad\HijackThis.lnk
----a-w 767 2008-03-01 14:02:04 C:\Documents and Settings\Wesley van Heugten\Bureaublad\Internet Explorer.lnk
----a-w 991 2008-03-09 16:19:19 C:\Documents and Settings\Wesley van Heugten\Bureaublad\Spybot - Search & Destroy.lnk
----a-w 2,333 2008-03-17 09:54:34 C:\Documents and Settings\Wesley van Heugten\Bureaublad\Windows Live Messenger.lnk
----a-w 1,577 2008-03-17 12:37:01 C:\Documents and Settings\Wesley van Heugten\Menu Start\Programma's\Bureau-accessoires\Kladblok.lnk
----a-w 642 2008-03-17 12:34:39 C:\Documents and Settings\Wesley van Heugten\Mijn documenten\Mijn Gedeelde Mappen.lnk
----a-w 688 2008-03-14 16:16:17 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\01.lnk
----a-w 688 2008-03-14 16:16:20 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\02.lnk
----a-w 693 2008-03-14 16:13:12 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\03.lnk
----a-w 1,437 2008-02-27 23:00:44 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\090208 notulen.lnk
----a-w 1,260 2008-03-11 13:19:13 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\a reconceptualization of values clarification.lnk
----a-w 1,425 2008-03-13 15:25:12 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\agenda 290308.lnk
----a-w 1,029 2008-03-13 15:25:12 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\agenda bestuursvergadering.lnk
----a-w 1,300 2008-02-28 22:23:10 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\alf.lijst vrijwilligers april 05-06.lnk
----a-w 1,034 2008-03-15 14:39:07 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\algemene ledenvergadering.lnk
----a-w 1,528 2008-03-15 14:39:06 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\ALV 13 maart 2008 tekst Sjeng.lnk
----a-w 726 2008-03-11 14:34:41 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Artikelen.lnk
----a-w 779 2008-03-15 16:43:21 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Auto+Kamer.lnk
----a-w 1,320 2008-03-11 21:45:17 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\bardienst zaterdag competitiedefinitief.lnk
----a-w 1,370 2008-03-11 21:51:41 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Bardienstbriefje april 2008 tot en met maart 2009.lnk
----a-w 786 2008-03-11 09:36:02 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Begeleidingsafspraken.lnk
----a-w 783 2008-03-10 10:06:33 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Bestandje jitkse.lnk
----a-w 884 2008-03-02 17:51:10 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\birgit.lnk
----a-w 813 2008-03-14 16:13:44 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\bouncycuties.com_403_2.lnk
----a-w 1,300 2008-02-18 19:19:07 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Brief aan adverteerders leen 290108.lnk
----a-w 1,236 2008-02-18 19:21:44 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Brief aan adverteerdes (juiste tekst).lnk
----a-w 588 2008-03-09 20:28:01 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\catchme.lnk
----a-w 968 2008-02-25 12:34:10 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\CAVIQHV3.lnk
----a-w 635 2008-03-10 15:07:09 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\coachen en trainen.lnk
----a-w 645 2008-03-10 15:55:46 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Coaching en training.lnk
----a-w 1,285 2008-03-13 16:10:25 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Damesdubbel bardienstrooster2008.lnk
----a-w 1,215 2008-03-13 16:11:25 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\damesdubbel poules.lnk
----a-w 1,325 2008-03-13 16:13:31 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\damesdubbel schemas ddwoensdag-avond2008.lnk
----a-w 1,180 2008-02-20 15:12:24 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\decl.1 2008.lnk
----a-w 1,200 2008-02-24 14:50:37 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\decl.1en 2 2008.lnk
----a-w 1,180 2008-03-12 16:39:25 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\decl.3 2008.lnk
----a-w 1,195 2008-02-25 12:30:10 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\desktop.lnk
----a-w 1,121 2008-03-14 14:38:45 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\DSC00281.lnk
----a-w 729 2008-03-12 16:22:05 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Dubbelklikken op SDFix.lnk
----a-w 399 2008-03-15 11:51:25 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\HiJackThis.lnk
----a-w 1,327 2008-03-11 12:46:58 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\How pratice development frameworks can inluence teamwork.lnk
----a-w 635 2008-03-17 12:37:12 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\iets.lnk
----a-w 758 2008-03-11 14:00:23 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\iets_anders.lnk
----a-w 1,340 2008-02-27 22:55:30 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\inventarisatie commissies 13 september 2007.lnk
----a-w 997 2008-02-29 15:11:19 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Jaargang 64 nr 783 maart 2008.lnk
----a-w 1,296 2008-02-18 16:48:34 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Jaarverslag Jeugdcommissie 2007.lnk
----a-w 925 2008-02-25 12:30:10 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Jeannette (2).lnk
----a-w 804 2008-03-14 14:38:45 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Jitske en Sjors.lnk
----a-w 688 2008-03-14 16:17:49 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\kj.lnk
----a-w 693 2008-03-14 16:17:52 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\kjj.lnk
----a-w 1,200 2008-03-10 20:05:23 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\KNLTB 3 de hogt.lnk
----a-w 1,255 2008-02-28 17:14:03 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\KNLTB Inhoud map paviljoen.lnk
----a-w 725 2008-03-12 15:20:41 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Laberatorium.lnk
----a-w 681 2008-03-10 19:49:21 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\loge.lnk
----a-w 1,039 2008-02-26 16:56:41 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\LOGO.lnk
----a-w 1,058 2008-02-28 22:06:33 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\maandoverzicht.lnk
----a-w 609 2008-03-02 17:51:10 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Mijn ontvangen bestanden.lnk
----a-w 1,185 2008-03-13 15:55:32 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Mix Blad 2.lnk
----a-w 1,180 2008-03-13 15:53:58 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Mix Blad 1.lnk
----a-w 1,280 2008-03-13 16:08:03 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Mix Competitie 2008 voorwoord.lnk
----a-w 1,220 2008-03-13 15:57:17 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\mix competitie 2008.lnk
----a-w 1,290 2008-03-13 15:58:34 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Mix competitie bardienst indeling.lnk
----a-w 717 2008-03-14 16:15:07 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\movie1.lnk
----a-w 717 2008-03-14 16:15:10 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\movie2.lnk
----a-w 717 2008-03-14 16:15:28 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\movie3.lnk
----a-w 639 2008-02-24 15:28:29 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\My Playlists.lnk
----a-w 981 2008-02-24 15:28:29 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Nieuwe afspeellijst.lnk
----a-w 977 2008-02-18 12:13:06 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\nieuwe leden 2008 (briefje Kennismaking).lnk
----a-w 1,285 2008-03-11 09:36:02 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Notulen begeleidingsgesprek 3 - 07-03-2008.lnk
----a-w 1,310 2008-03-12 19:07:26 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\overzicht commissies 26 februari 2008.lnk
----a-w 1,385 2008-02-27 23:01:33 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\overzicht vergaderingen + activiteiten 2008 (270208).lnk
----a-w 1,223 2008-03-01 15:56:30 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\P1000059.lnk
----a-w 1,177 2008-03-14 15:03:15 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\P1000539.lnk
----a-w 1,177 2008-02-29 18:00:35 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\P1000598.lnk
----a-w 1,177 2008-03-14 15:04:18 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\P1000600.lnk
----a-w 1,177 2008-02-29 18:01:09 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\P1000656.lnk
----a-w 1,086 2008-03-15 16:43:21 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\P8200166.lnk
----a-w 848 2008-02-27 22:55:30 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\PB 2007.lnk
----a-w 848 2008-03-13 16:13:31 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\PB 2008.lnk
----a-w 1,027 2008-02-26 16:56:32 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\PB.lnk
----a-w 1,513 2008-03-13 15:29:49 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\presentielijst ALV 13 maart 2008.lnk
----a-w 770 2008-02-25 12:32:49 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\redeem file_bestanden.lnk
----a-w 724 2008-03-11 12:52:30 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\reflective practice.lnk
----a-w 1,043 2008-02-28 21:40:03 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\rek. Venema.lnk
----a-w 1,011 2008-02-19 15:32:03 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\rek.H.lnk
----a-w 1,280 2008-03-11 21:49:13 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\roosters tot april 2009 op naam.lnk
----a-w 1,235 2008-03-11 21:46:51 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\roosters tot april2009.lnk
----a-w 1,279 2008-03-12 22:14:09 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Schemas ddwoensdag-avond2008.lnk
----a-w 890 2008-03-01 15:56:30 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Selectie.lnk
----a-w 1,084 2008-02-25 12:32:49 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\show_ads.lnk
----a-w 561 2008-03-14 16:17:52 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\sint.lnk
----a-w 737 2008-02-29 17:59:01 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Sinterklaas 2007.lnk
----a-w 494 2008-03-11 14:00:23 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Sjors.lnk
----a-w 630 2008-03-10 10:22:44 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Stage Fontys 2008.lnk
----a-w 1,072 2008-02-25 12:32:27 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\style.lnk
----a-w 1,119 2008-03-06 23:01:27 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\sylvia24.lnk
----a-w 1,325 2008-02-19 17:02:17 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Tekst Website m.b.t. lidmaatschap 310306.lnk
----a-w 837 2008-03-14 16:13:56 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\thirdmovies-cum-on-in-3-11.lnk
----a-w 837 2008-03-14 16:13:59 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\thirdmovies-cum-on-in-3-12.lnk
----a-w 1,087 2008-03-11 14:08:05 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\TKM teamcoaching.lnk
----a-w 1,455 2008-03-10 20:40:21 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Uitgangspunten voor Consumptieprijzen paviljoen per 1 januari 2008.lnk
----a-w 1,171 2008-03-11 11:09:19 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\value clarification - patients.lnk
----a-w 1,067 2008-03-11 14:21:45 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Value Segmentation - A Model for the Measurement of Values and Value Systems.lnk
----a-w 1,051 2008-03-11 14:34:41 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Value Theory.lnk
----a-w 1,356 2008-03-11 13:58:08 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Values in the workplace - diversity in meaning and importance.lnk
----a-w 1,335 2008-03-13 15:38:36 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\vertrekkers commissies alg.ledenverg. 2008.lnk
----a-w 648 2008-03-01 14:13:06 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\videosz-please-drill-my-ass-2-12.lnk
----a-w 648 2008-03-01 14:13:10 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\videosz-please-drill-my-ass-2-13.lnk
----a-w 820 2008-03-14 16:12:37 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\videosz-pov-fixation-43.lnk
----a-w 816 2008-03-06 23:01:27 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Voorbeelden van afbeeldingen.lnk
----a-w 1,240 2008-02-28 22:22:40 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Vrijwilligers alf.lijst.lnk
----a-w 844 2008-03-14 15:04:18 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Zeeland Jitske en Sjors.lnk
----a-w 1,177 2008-03-01 14:59:09 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\_DSC8582.lnk

Entries: 175 (175)
Directories: 0 Files: 175
Bytes: 195,140 Blocks: 471
=============
----a-w 493,860 2008-03-08 18:38:23 C:\SDFix\RunThis.bat
----a-w 745,930 2008-03-15 23:28:42 C:\WINDOWS\system32\RVAXO.bat

Entries: 2 (2)
Directories: 0 Files: 2
Bytes: 1,239,790 Blocks: 2,422
=============
--sha-w 805,306,368 2008-03-17 12:48:36 C:\pagefile.sys
----a-w 12,761 2008-03-14 17:28:16 C:\Documents and Settings\All Users\Documenten\oxyvopaji.sys
----a-w 15,374 2008-03-14 17:28:16 C:\Documents and Settings\All Users\Documenten\uricy.sys
----a-w 17,315 2008-03-14 20:12:53 C:\Documents and Settings\Wesley van Heugten\Application Data\qilatagih.sys
----a-w 12,609 2008-03-14 17:28:16 C:\Documents and Settings\Wesley van Heugten\Local Settings\Application Data\tifos.sys
----a-w 27,136 2008-03-09 16:29:14 C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys
----a-w 15,696 2008-03-09 16:29:10 C:\Program Files\Malwarebytes' Anti-Malware\mbam.sys
---ha-w 1,024 2008-03-08 18:38:23 C:\SDFix\dummy.sys
----a-w 1,024 2008-03-08 18:38:20 C:\SDFix\apps\dummy.sys
----a-w 4,080 2008-03-08 18:38:21 C:\SDFix\apps\Replace\w2k\beep.sys
----a-w 2,800 2008-03-08 18:38:21 C:\SDFix\apps\Replace\w2k\null.sys
----a-w 4,224 2008-03-08 18:38:21 C:\SDFix\apps\Replace\xp\beep.sys
----a-w 2,944 2008-03-08 18:38:21 C:\SDFix\apps\Replace\xp\null.sys
----a-w 34,816 2008-03-14 16:18:22 C:\WINDOWS\system32\drivers\beep.sys
----a-w 47,872 2008-03-03 00:16:28 C:\WINDOWS\system32\drivers\kbd.sys

Entries: 15 (13)
Directories: 0 Files: 15
Bytes: 805,506,043 Blocks: 1,573,258
=============

**smeenk** · 17-03-08, 19:25

Start de computer in veilige modus.

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\system32\univrs32.dat
C:\WINDOWS\system32\cru629.dat
C:\WINDOWS\cru629.dat
C:\WINDOWS\system32\winivstr.exe
"C:\Documents and Settings\All Users\Application Data\atyxuzi.exe"
"C:\Documents and Settings\All Users\Menu Start\PROGRA~1\Opstarten\svchost.exe"
"C:\Program Files\Common Files\etuqawor.exe"
"C:\Documents and Settings\Wesley van Heugten\Local Settings\Application Data\qakehomab.dll"
"C:\Documents and Settings\Wesley van Heugten\Local Settings\Temporary Internet Files\obyvekyn.dll"
"C:\Program Files\Common Files\hewagasuw.dll"
"C:\Documents and Settings\All Users\Documenten\oxyvopaji.sys"
"C:\Documents and Settings\All Users\Documenten\uricy.sys"
"C:\Documents and Settings\Wesley van Heugten\Application Data\qilatagih.sys"
"C:\Documents and Settings\Wesley van Heugten\Local Settings\Application Data\tifos.sys"
C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\drivers\beep.sys
C:\WINDOWS\braviax.exe
C:\WINDOWS\udokumepy.exe
C:\WINDOWS\system32\braviax.exe) DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
copy C:\SDFix\apps\Replace\xp\beep.sys C:\WINDOWS\system32\drivers
copy C:\SDFix\apps\Replace\xp\beep.sys C:\WINDOWS\system32\dllcache
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en bewaar de inhoud van de logfile die opent.

Herstart de computer in normale modus.

Post het logje van del.bat en kijk of je ook een logje van Hijackthis maken kan

**Wasabie** · 17-03-08, 19:50

Hey super!

Men hijack doet het ook weer, virusscan is ingeschakeld.
Dit zijn de logjes

Del.bat

Deleting files
C:\WINDOWS\system32\univrs32.dat not found
C:\WINDOWS\system32\cru629.dat not found
C:\WINDOWS\cru629.dat not found
C:\WINDOWS\system32\winivstr.exe not found
"C:\Documents and Settings\All Users\Application Data\atyxuzi.exe" deleted
"C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\svchost.exe" not found
"C:\Program Files\Common Files\etuqawor.exe" deleted
"C:\Documents and Settings\Wesley van Heugten\Local Settings\Application Data\qakehomab.dll" deleted
"C:\Documents and Settings\Wesley van Heugten\Local Settings\Temporary Internet Files\obyvekyn.dll" deleted
"C:\Program Files\Common Files\hewagasuw.dll" deleted
"C:\Documents and Settings\All Users\Documenten\oxyvopaji.sys" deleted
"C:\Documents and Settings\All Users\Documenten\uricy.sys" deleted
"C:\Documents and Settings\Wesley van Heugten\Application Data\qilatagih.sys" deleted
"C:\Documents and Settings\Wesley van Heugten\Local Settings\Application Data\tifos.sys" deleted
C:\WINDOWS\system32\dllcache\beep.sys not found
C:\WINDOWS\system32\drivers\beep.sys deleted
C:\WINDOWS\braviax.exe not found
C:\WINDOWS\udokumepy.exe deleted
C:\WINDOWS\system32\braviax.exe not found

Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:25, on 17-3-2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
O20 - AppInit_DLLs: cru629.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5173 bytes

**smeenk** · 17-03-08, 19:57

Mooi dat het gelukt is

Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
O4 - HKLM\..\Run: [braviax] braviax.exe
O20 - AppInit_DLLs: cru629.dat
Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

Probeer Deckard's System Scanner nu te draaien en post dat logje ook

**Wasabie** · 17-03-08, 20:44

En hierbij het logje van DSS;

Deckard's System Scanner v20071014.68
Run by Wesley van Heugten on 2008-03-17 19:36:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
25: 2008-03-17 18:36:14 UTC - RP25 - Deckard's System Scanner Restore Point
24: 2008-03-16 22:52:45 UTC - RP24 - Controlepunt van systeem
23: 2008-03-15 19:35:49 UTC - RP23 - Controlepunt van systeem
22: 2008-03-14 18:32:08 UTC - RP22 - Controlepunt van systeem
21: 2008-03-13 18:04:04 UTC - RP21 - Controlepunt van systeem

-- First Restore Point --
1: 2008-02-17 15:30:44 UTC - RP1 - Controlepunt van systeem

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).

-- HijackThis (run as Wesley van Heugten.exe) ----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:41, on 17-3-2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Wesley van Heugten\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Wesley van Heugten.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5009 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080317-193456-468 O20 - AppInit_DLLs: cru629.dat
backup-20080317-193456-791 O4 - HKLM\..\Run: [braviax] braviax.exe

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "%1" %*
.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 kbd - c:\windows\system32\drivers\kbd.sys
R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>

S3 catchme - c:\docume~1\wesley~1\locals~1\temp\catchme.sys (file missing)
S3 VNUSB (VN Series Device) - c:\windows\system32\drivers\vnusb.sys <Not Verified; OLYMPUS OPTICAL CO.,LTD.; VVRUSB Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-02-17 and 2008-03-17 -----------------------------

2008-03-17 13:48:42 0 d-------- C:\RVAXO
2008-03-17 13:44:01 745930 --a------ C:\WINDOWS\System32\RVAXO.bat
2008-03-17 13:44:01 69632 --a------ C:\WINDOWS\System32\remove.exe
2008-03-15 12:20:54 0 d-------- C:\Program Files\Trend Micro
2008-03-14 21:12:53 13816 --a------ C:\WINDOWS\System32\rulym.scr
2008-03-14 21:12:53 10951 --a------ C:\WINDOWS\omoti.dat
2008-03-14 21:12:53 14360 --a------ C:\WINDOWS\fuwo.dat
2008-03-14 21:12:53 15425 --a------ C:\WINDOWS\cumur.com
2008-03-14 21:12:53 18307 --a------ C:\Documents and Settings\Wesley van Heugten\Application Data\aweke.scr
2008-03-14 21:12:53 12337 --a------ C:\Documents and Settings\All Users\Application Data\uvatypodom.scr
2008-03-14 21:12:53 18740 --a------ C:\Documents and Settings\All Users\Application Data\lidigyq.scr
2008-03-14 18:28:16 17065 --a------ C:\WINDOWS\kyxow.bin
2008-03-14 18:28:16 19853 --a------ C:\Program Files\Common Files\aroty.com
2008-03-14 18:28:16 16750 --a------ C:\Documents and Settings\Wesley van Heugten\Application Data\vusabaky.scr
2008-03-14 18:28:16 16130 --a------ C:\Documents and Settings\All Users\Application Data\unyfus.com
2008-03-14 18:28:16 19708 --a------ C:\Documents and Settings\All Users\Application Data\sihaly.reg
2008-03-10 15:21:53 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\Malwarebytes
2008-03-10 15:21:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-10 15:21:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-09 18:11:47 0 d-------- C:\WINDOWS\ERUNT
2008-03-09 17:19:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-09 17:15:38 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\InstallShield
2008-03-09 16:41:17 0 d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-03-09 16:41:17 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-03-09 16:41:17 0 d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-03-09 16:41:17 0 d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-03-09 16:41:17 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-09 16:41:17 0 d-------- C:\Documents and Settings\Administrator\Mijn documenten
2008-03-09 16:41:17 0 dr------- C:\Documents and Settings\Administrator\Menu Start
2008-03-09 16:41:17 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-09 16:41:17 0 d-------- C:\Documents and Settings\Administrator\Favorieten
2008-03-09 16:41:17 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-03-09 16:41:17 0 d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-03-09 16:41:17 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-03-09 16:41:17 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-09 16:41:16 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-03 01:16:28 47872 --a------ C:\WINDOWS\System32\drivers\kbd.sys

-- Find3M Report ---------------------------------------------------------------

2008-03-17 18:41:21 0 d-------- C:\Program Files\Common Files
2008-03-14 21:12:53 10478 --a------ C:\Program Files\Common Files\wume.lib
2008-03-14 21:12:53 14294 --a------ C:\Documents and Settings\Wesley van Heugten\Application Data\ifiheke.inf
2008-03-14 18:28:16 18204 --a------ C:\Program Files\Common Files\ucymotybub.ban
2008-03-14 18:28:16 13275 --a------ C:\Program Files\Common Files\bevu._sy
2008-03-14 17:05:10 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\BitTorrent
2008-03-13 13:00:43 0 d-------- C:\Program Files\BitTorrent_DNA
2008-03-13 13:00:36 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\BitTorrent DNA
2008-03-09 20:27:51 364330 --a------ C:\WINDOWS\System32\perfh013.dat
2008-03-09 20:27:51 53418 --a------ C:\WINDOWS\System32\perfc013.dat
2008-03-09 17:15:48 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\Panasonic
2008-03-09 17:15:31 0 d-------- C:\Program Files\Panasonic
2008-03-09 17:15:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-24 16:16:27 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\LimeWirePlus
2008-02-16 20:23:12 0 d-------- C:\Program Files\Webteh
2008-02-15 17:44:37 0 d-------- C:\Program Files\OfficeLabelDesigner
2008-02-09 12:39:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-04 15:40:32 0 d-------- C:\Program Files\Java

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 01:11]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [29-05-2003 15:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [30-05-2003 08:42]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [22-09-2004 19:00]
"nwiz"="nwiz.exe" [29-08-2003 10:44 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [29-08-2003 10:44]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [07-10-2003 08:48]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 09:50]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [06-08-2004 02:50]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10-10-2007 19:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01-08-2007 16:28]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [08-04-2003 13:00]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [20-10-2007 11:01:33]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [1-8-2007 16:28:19]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13-2-2001 9:01:04]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

-- End of Deckard's System Scanner: finished at 2008-03-17 19:37:46 ------------

**Wasabie** · 17-03-08, 20:48

er stond nog een "extra" log open, die zet er ook maar even bij:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: Dutch

CPU 0: Intel(R) Pentium(R) 4 CPU 2.60GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 2.60GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 510.73 MiB / 281.86 MiB
Pagefile Memory (total/avail): 1249.87 MiB / 1030.41 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1943.17 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 186.3 GiB total, 168.29 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2000JD-22HBC0 - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 186.3 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is disabled.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Wesley van Heugten\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WVANHEUGTEN
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Wesley van Heugten
LOGONSERVER=\\WVANHEUGTEN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\WESLEY~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\WESLEY~1\LOCALS~1\Temp
USERDOMAIN=WVANHEUGTEN
USERNAME=Wesley van Heugten
USERPROFILE=C:\Documents and Settings\Wesley van Heugten
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Wesley van Heugten (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81000000003}
Allok 3GP PSP MP4 iPod Video Converter 4.2.0528 --> "C:\Program Files\Allok 3GP PSP MP4 iPod Video Converter\unins000.exe"
BitTorrent --> "C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LimeWire Plus 1.3 --> C:\Program Files\LimeWire Plus\uninstall.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise --> MsiExec.exe /I{5F022479-B394-4E6A-9823-8DC4176DB4EF}
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office XP Professional met FrontPage --> MsiExec.exe /I{90280413-6000-11D3-8CFE-0050048383C9}
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Office Label Designer --> C:\PROGRA~1\OFFICE~1\UNWISE.EXE C:\PROGRA~1\OFFICE~1\INSTALL.LOG
Olympus Digital Wave Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x9
Pro Evolution Soccer 6 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EBB794ED-D282-4334-92FB-254481EFF514} /l1033
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\System32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\System32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\System32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x13 -removeonly
Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x13 -removeonly
Soldier of Fortune II - Double Helix --> C:\PROGRA~1\SOLDIE~2\Uninstall\Unwise.exe /u C:\PROGRA~1\SOLDIE~2\Uninstall\install.log
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Vodafone 804SS USB driver Software --> C:\WINDOWS\System32\Samsung_USB_Drivers\4\SSVDUninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{9816B8B8-4B53-4D3D-9235-AD931252001D}
WinFast(R) Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
ZaraRadio 1.6.1 --> "C:\Program Files\ZaraSoft\ZaraRadio\unins000.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type5850 / Warning
Event Submitted/Written: 03/17/2008 07:37:02 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Wordt geblokkeerd door gedragblokkeringsregel (regel bevindt zich in de waarschuwingsmodus) (alleen-waarschuwingsmodus). (van WVANHEUGTEN IP-adres 77.248.112.210 gebruiker SYSTEM met behulp van VirusScan Enter 8.0 OAS)

Event Record #/Type5849 / Warning
Event Submitted/Written: 03/17/2008 07:37:02 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Wordt geblokkeerd door gedragblokkeringsregel (regel bevindt zich in de waarschuwingsmodus) (alleen-waarschuwingsmodus). (van WVANHEUGTEN IP-adres 77.248.112.210 gebruiker SYSTEM met behulp van VirusScan Enter 8.0 OAS)

Event Record #/Type5844 / Success
Event Submitted/Written: 03/17/2008 07:27:19 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type5840 / Error
Event Submitted/Written: 03/17/2008 06:32:31 PM
Event ID/Source: 8193 / VSS
Event Description:
Fout van de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type5839 / Error
Event Submitted/Written: 03/17/2008 06:32:31 PM
Event ID/Source: 4609 / EventSystem
Event Description:
Het COM+-gebeurtenissysteem heeft bij de interne verwerking een ongeldige resultaatcode gevonden. HRESULT is 8007043C voor regel 44 van d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Neem contact op met Microsoft Productondersteuning om dit te melden.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type9966 / Error
Event Submitted/Written: 03/17/2008 06:41:54 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM kreeg foutmelding '%%1084' bij het starten van de EventSystem-service met de argumenten ''
om de server
{1BE1F766-5536-11D1-B726-00C04FB926AF} te starten

Event Record #/Type9965 / Error
Event Submitted/Written: 03/17/2008 06:41:35 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM kreeg foutmelding '%%1084' bij het starten van de StiSvc-service met de argumenten ''
om de server
{A1F4E726-8CF1-11D1-BF92-0060081ED811} te starten

Event Record #/Type9964 / Error
Event Submitted/Written: 03/17/2008 06:40:52 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM kreeg foutmelding '%%1084' bij het starten van de StiSvc-service met de argumenten ''
om de server
{A1F4E726-8CF1-11D1-BF92-0060081ED811} te starten

Event Record #/Type9963 / Error
Event Submitted/Written: 03/17/2008 06:39:59 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM kreeg foutmelding '%%1084' bij het starten van de StiSvc-service met de argumenten ''
om de server
{A1F4E726-8CF1-11D1-BF92-0060081ED811} te starten

Event Record #/Type9962 / Error
Event Submitted/Written: 03/17/2008 06:39:54 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM kreeg foutmelding '%%1084' bij het starten van de StiSvc-service met de argumenten ''
om de server
{A1F4E726-8CF1-11D1-BF92-0060081ED811} te starten

-- End of Deckard's System Scanner: finished at 2008-03-17 19:37:46 ------------

**smeenk** · 17-03-08, 21:02

Helemaal schoon lijkt het nog niet

Start de computer in veilige modus.

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\System32\rulym.scr
C:\WINDOWS\omoti.dat
C:\WINDOWS\fuwo.dat
C:\WINDOWS\cumur.com
"C:\Documents and Settings\Wesley van Heugten\Application Data\aweke.scr"
"C:\Documents and Settings\All Users\Application Data\uvatypodom.scr"
"C:\Documents and Settings\All Users\Application Data\lidigyq.scr"
C:\WINDOWS\kyxow.bin
"C:\Program Files\Common Files\aroty.com"
"C:\Documents and Settings\Wesley van Heugten\Application Data\vusabaky.scr"
"C:\Documents and Settings\All Users\Application Data\unyfus.com"
"C:\Documents and Settings\All Users\Application Data\sihaly.reg"
"C:\Program Files\Common Files\wume.lib"
"C:\Documents and Settings\Wesley van Heugten\Application Data\ifiheke.inf"
"C:\Program Files\Common Files\ucymotybub.ban"
"C:\Program Files\Common Files\bevu._sy") DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en bewaar de inhoud van de logfile die opent.

Herstart de computer in normale modus.

Post het logje van del.bat en daarna opnieuw een logje van Deckard's System Scanner

**Wasabie** · 22-03-08, 12:44

Hallo,

Een beetje laat maar had geen eerdere gelegenheid om je laatste opdracht te doen, bij deze alsnog:

Del.bat:

Deleting files
C:\WINDOWS\System32\rulym.scr deleted
C:\WINDOWS\omoti.dat deleted
C:\WINDOWS\fuwo.dat deleted
C:\WINDOWS\cumur.com deleted
"C:\Documents and Settings\Wesley van Heugten\Application Data\aweke.scr" deleted
"C:\Documents and Settings\All Users\Application Data\uvatypodom.scr" deleted
"C:\Documents and Settings\All Users\Application Data\lidigyq.scr" deleted
C:\WINDOWS\kyxow.bin deleted
"C:\Program Files\Common Files\aroty.com" deleted
"C:\Documents and Settings\Wesley van Heugten\Application Data\vusabaky.scr" deleted
"C:\Documents and Settings\All Users\Application Data\unyfus.com" deleted
"C:\Documents and Settings\All Users\Application Data\sihaly.reg" deleted
"C:\Program Files\Common Files\wume.lib" deleted
"C:\Documents and Settings\Wesley van Heugten\Application Data\ifiheke.inf" deleted
"C:\Program Files\Common Files\ucymotybub.ban" deleted
"C:\Program Files\Common Files\bevu._sy" deleted

DSS Scanner:

Deckard's System Scanner v20071014.68
Run by Wesley van Heugten on 2008-03-22 11:41:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).

-- HijackThis (run as Wesley van Heugten.exe) ----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:26, on 22-3-2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Wesley van Heugten\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\WESLEY~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5153 bytes

-- Files created between 2008-02-22 and 2008-03-22 -----------------------------

2008-03-17 13:48:42 0 d-------- C:\RVAXO
2008-03-17 13:44:01 745930 --a------ C:\WINDOWS\System32\RVAXO.bat
2008-03-17 13:44:01 69632 --a------ C:\WINDOWS\System32\remove.exe
2008-03-15 12:20:54 0 d-------- C:\Program Files\Trend Micro
2008-03-10 15:21:53 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\Malwarebytes
2008-03-10 15:21:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-10 15:21:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-09 18:11:47 0 d-------- C:\WINDOWS\ERUNT
2008-03-09 17:19:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-09 17:15:38 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\InstallShield
2008-03-09 16:41:17 0 d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-03-09 16:41:17 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-03-09 16:41:17 0 d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-03-09 16:41:17 0 d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-03-09 16:41:17 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-09 16:41:17 0 d-------- C:\Documents and Settings\Administrator\Mijn documenten
2008-03-09 16:41:17 0 dr------- C:\Documents and Settings\Administrator\Menu Start
2008-03-09 16:41:17 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-09 16:41:17 0 d-------- C:\Documents and Settings\Administrator\Favorieten
2008-03-09 16:41:17 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-03-09 16:41:17 0 d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-03-09 16:41:17 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-03-09 16:41:17 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-09 16:41:16 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-03 01:16:28 47872 --a------ C:\WINDOWS\System32\drivers\kbd.sys

-- Find3M Report ---------------------------------------------------------------

2008-03-17 20:45:45 0 d-------- C:\Program Files\Common Files
2008-03-14 17:05:10 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\BitTorrent
2008-03-13 13:00:43 0 d-------- C:\Program Files\BitTorrent_DNA
2008-03-13 13:00:36 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\BitTorrent DNA
2008-03-09 20:27:51 364330 --a------ C:\WINDOWS\System32\perfh013.dat
2008-03-09 20:27:51 53418 --a------ C:\WINDOWS\System32\perfc013.dat
2008-03-09 17:15:48 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\Panasonic
2008-03-09 17:15:31 0 d-------- C:\Program Files\Panasonic
2008-03-09 17:15:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-24 16:16:27 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\LimeWirePlus
2008-02-16 20:23:12 0 d-------- C:\Program Files\Webteh
2008-02-15 17:44:37 0 d-------- C:\Program Files\OfficeLabelDesigner
2008-02-09 12:39:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-04 15:40:32 0 d-------- C:\Program Files\Java

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 01:11]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [29-05-2003 15:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [30-05-2003 08:42]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [22-09-2004 19:00]
"nwiz"="nwiz.exe" [29-08-2003 10:44 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [29-08-2003 10:44]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [07-10-2003 08:48]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 09:50]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [06-08-2004 02:50]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10-10-2007 19:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01-08-2007 16:28]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [08-04-2003 13:00]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [20-10-2007 11:01:33]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [1-8-2007 16:28:19]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13-2-2001 9:01:04]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

*Newly Created Service* - ENTDRV51

-- End of Deckard's System Scanner: finished at 2008-03-22 11:41:56 ------------

**smeenk** · 22-03-08, 13:33

Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Download Malwarebytes' Anti-Malware op je bureaublad.
Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
Druk daarna op "Finish".
Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
Druk dan op de knop "Start Scan".
Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
Als het programma je computer wil laten herstarten, sta je dit toe.
Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
Post deze log in je volgende bericht tesamen met een nieuw logje van Hijackthis

Mededeling

Spyware detection - probleem met hijackthis

Spyware detection - probleem met hijackthis

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment