Mededeling

Collapse
No announcement yet.

Spyware detection - probleem met hijackthis

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Spyware detection - probleem met hijackthis

    Hallo,

    Ik heb sinds gister weer een melding in mijn systeembalk; rode circel met wit kruis en driehoek met uitroepteken, dat windows een spyware detection heeft gedaan.
    Een tijdje geleden had ik dit ook en kon het oplossen met maleware bytes, nu is het probleem weer terug en niks lost het nu op. Ik heb adaware, spybot en maleware bytes gedraaid, geen resultaat.

    Nu wilde ik een hijack plaatsen (op advies van Blackbird) ik krijg het alleen niet geopend. Hijack gedownload, geinstalleer, staat ook netjes onder program files, alleen hij opend gewoon niet, er gebeurt niks. Als ik onder uitvoeren hijackthis intype, zegt hij dat het opgegeven bestand niet kan vinden....!??

    greetz Sjors

  • #2
    Download SDFix naar je bureaublad.
    • Dubbelklikken op SDFix.exe om het uit te pakken.
    • Print onderstaande instrukties uit of kopieer ze naar een .txt bestand.
    • Start op in Veilige modus
    • Open de uitgepakte SDFix folder (meestal hier te vinden: C:\SDFix) en dubbelklik RunThis.bat om het script te starten.
    • Typ Y om de fix te beginnen en volg de instructie's. Druk op een toets als het nodig is.
    • De computer zal herstarten. Dit duurt langer dan gewoonlijk.
    • SDFix zal verder gaan met het verwijderen. Wacht tot er wordt gevraagt om op een toets te drukken.
    • Het Bureaublad zal verschijnen en er zal een logje openen.
    • Post de inhoud van dat logje

    Comment


    • #3
      ik kan ook SDfix niet installeren, het bestand heb ik op t bureaublad gezet, hij opent niet.

      Comment


      • #4
        Download: RVAXO.exe
        • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
        • Start de computer in veilige modus.
        • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
          Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
        • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
        • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
          Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
        • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
        • Post de inhoud van de logfile in je volgende bericht.
        Download Deckard's System Scanner naar je Bureaublad.
        • Sluit alle toepassingen en vensters.
        • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
        • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
        • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

        Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
        - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
        Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
        Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

        Comment


        • #5
          Log RVAXO;

          ---RVAXO.exe Updated: 2008-03-15---first run---
          Uninstallers:

          Files found:
          C:\WINDOWS\system32\univrs32.dat
          C:\WINDOWS\system32\braviax.exe
          C:\WINDOWS\braviax.exe
          C:\WINDOWS\system32\cru629.dat
          C:\WINDOWS\cru629.dat
          C:\WINDOWS\system32\winivstr.exe

          Folders Found:

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------
          Not deleted items:
          C:\WINDOWS\system32\braviax.exe
          C:\WINDOWS\braviax.exe
          C:\WINDOWS\system32\cru629.dat
          C:\WINDOWS\cru629.dat

          --------------RVAXO.exe finished----------------

          De DSS start ook niet op....Virusscanner (Mcaffee is trouwens ook uitgeschakeld op de een of andere manier).

          Comment


          • #6
            Zoek het volgende bestand eens op:
            C:\RVAXO-Vfind.log

            Post dat logje in je volgende bericht

            Comment


            • #7
              OK inderdaad deze is zeker langer!!

              ----a-w 16,034 2008-03-14 20:12:53 C:\Documents and Settings\All Users\Application Data\atyxuzi.exe
              ----a-w 51,200 2008-03-14 04:20:00 C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Current\VSCANDAT1000\DAT\0000\validate.exe
              ----a-w 40,704 2008-03-17 12:48:36 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\svchost.exe
              ----a-w 4,506,256 2008-02-12 18:16:14 C:\Documents and Settings\Wesley van Heugten\Application Data\LimeWirePlus\.NetworkShare\LimeWireWin4.16.6.exe
              ----a-w 413,696 2008-03-17 12:35:22 C:\Documents and Settings\Wesley van Heugten\Bureaublad\RVAXO.exe
              ----a-w 1,413,305 2008-03-16 22:31:35 C:\Documents and Settings\Wesley van Heugten\Bureaublad\SDFix.exe
              ----a-w 287,040 2008-03-13 12:00:36 C:\Program Files\BitTorrent_DNA\dna.exe
              ----a-w 10,001 2008-03-14 20:12:53 C:\Program Files\Common Files\etuqawor.exe
              ----a-w 610,000 2008-03-09 16:29:10 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
              ----a-w 102,096 2008-03-09 16:29:12 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
              ----a-w 89,808 2008-03-09 16:29:12 C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
              ----a-w 684,752 2008-03-10 14:21:33 C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
              ----a-w 692,104 2008-03-09 16:18:39 C:\Program Files\Spybot - Search & Destroy\unins000.exe
              ----a-w 396,288 2008-03-15 11:52:22 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
              ----a-w 142,336 2008-03-08 18:38:23 C:\SDFix\catchme.exe
              ----a-w 10,240 2008-03-08 18:38:20 C:\SDFix\apps\cliptext.exe
              ----a-w 61,440 2008-03-08 18:38:20 C:\SDFix\apps\download.exe
              ----a-w 157,696 2008-03-08 18:38:20 C:\SDFix\apps\ERUNT.EXE
              ----a-w 27,136 2008-03-08 18:38:21 C:\SDFix\apps\FixPath.exe
              ----a-w 80,412 2008-03-08 18:38:21 C:\SDFix\apps\grep.exe
              ----a-w 33,280 2008-03-08 18:38:21 C:\SDFix\apps\isadmin.exe
              ----a-w 49,152 2008-03-08 18:38:21 C:\SDFix\apps\LS.exe
              ----a-w 6,656 2008-03-08 18:38:21 C:\SDFix\apps\MD5File.exe
              ----a-w 53,248 2008-03-08 18:38:21 C:\SDFix\apps\Process.exe
              ----a-w 16,414 2008-03-08 18:38:21 C:\SDFix\apps\procs.exe
              ----a-w 61,440 2008-03-08 18:38:21 C:\SDFix\apps\psservice.exe
              ----a-w 8,192 2008-03-08 18:38:22 C:\SDFix\apps\RestartIt!.exe
              ----a-w 31,232 2008-03-08 18:38:22 C:\SDFix\apps\sc.exe
              ----a-w 98,816 2008-03-08 18:38:22 C:\SDFix\apps\sed.exe
              ----a-w 49,152 2008-03-08 18:38:22 C:\SDFix\apps\SF.exe
              ----a-w 19,456 2008-03-08 18:38:22 C:\SDFix\apps\shutdown.exe
              ----a-w 278,016 2008-03-08 18:38:22 C:\SDFix\apps\swreg.exe
              ----a-w 40,960 2008-03-08 18:38:22 C:\SDFix\apps\swsc.exe
              ----a-w 167,936 2008-03-08 18:38:22 C:\SDFix\apps\unzip.exe
              ----a-w 49,152 2008-03-08 18:38:22 C:\SDFix\apps\vfind.exe
              ----a-w 41,472 2008-03-08 18:38:22 C:\SDFix\apps\WINMSG.EXE
              ----a-w 126,976 2008-03-08 18:38:23 C:\SDFix\apps\zip.exe
              ----a-w 146,432 2008-03-08 18:38:21 C:\SDFix\apps\Replace\regedit.exe
              ----a-w 94,208 2008-03-08 18:38:21 C:\SDFix\apps\Replace\W2K.exe
              ----a-w 94,208 2008-03-08 18:38:22 C:\SDFix\apps\Replace\XP.exe
              ----a-w 16,896 2008-03-17 12:48:36 C:\WINDOWS\braviax.exe
              ----a-w 16,627 2008-03-14 20:12:53 C:\WINDOWS\udokumepy.exe
              ----a-w 163,328 2008-03-08 18:38:20 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
              ----a-w 163,328 2008-03-08 18:38:20 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
              ----a-w 16,896 2008-03-17 12:48:36 C:\WINDOWS\system32\braviax.exe

              Entries: 45 (45)
              Directories: 0 Files: 45
              Bytes: 11,636,017 Blocks: 22,735
              =============
              ----a-w 14,091 2008-03-14 20:12:53 C:\Documents and Settings\Wesley van Heugten\Local Settings\Application Data\qakehomab.dll
              ----a-w 12,598 2008-03-14 17:28:16 C:\Documents and Settings\Wesley van Heugten\Local Settings\Temporary Internet Files\obyvekyn.dll
              ----a-w 14,481 2008-03-14 17:28:16 C:\Program Files\Common Files\hewagasuw.dll
              ----a-w 65,232 2008-03-09 16:29:08 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
              ----a-w 36,560 2008-03-09 16:29:10 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
              ----a-w 44,752 2008-03-09 16:29:12 C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
              ----a-w 57,552 2008-03-09 16:29:14 C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll

              Entries: 7 (7)
              Directories: 0 Files: 7
              Bytes: 245,266 Blocks: 483
              =============
              ----a-w 1,260 2008-03-17 12:43:31 C:\Documents and Settings\Administrator\Bureaublad\Snelkoppeling naar RunMe.lnk
              ----a-w 724 2008-03-17 12:43:50 C:\Documents and Settings\Administrator\Onlangs geopend\Documenten van Wesley van Heugten.lnk
              ----a-w 1,312 2008-03-17 12:43:49 C:\Documents and Settings\Administrator\Onlangs geopend\iets.lnk
              ----a-w 754 2008-03-10 14:21:49 C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
              ----a-w 2,497 2008-03-13 16:08:16 C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Excel.lnk
              ----a-w 2,515 2008-03-13 15:21:19 C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Word.lnk
              ----a-w 1,573 2008-03-10 10:42:34 C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Paint.lnk
              ----a-w 1,556 2008-02-18 12:23:35 C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Rekenmachine.lnk
              ----a-w 1,586 2008-03-14 18:47:33 C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Entertainment\Volumeregeling.lnk
              ----a-w 1,804 2008-03-15 11:52:22 C:\Documents and Settings\All Users\Menu Start\Programma's\HijackThis\HijackThis.lnk
              ----a-w 766 2008-03-10 14:21:49 C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
              ----a-w 766 2008-03-10 14:21:49 C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
              ----a-w 790 2008-03-10 14:21:49 C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Verwijder Malwarebytes' Anti-Malware.lnk
              ----a-w 1,003 2008-03-09 16:19:19 C:\Documents and Settings\All Users\Menu Start\Programma's\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk
              ----a-w 815 2008-03-09 16:19:19 C:\Documents and Settings\All Users\Menu Start\Programma's\Spybot - Search & Destroy\Tutorial.lnk
              ----a-w 1,019 2008-03-09 16:19:19 C:\Documents and Settings\All Users\Menu Start\Programma's\Spybot - Search & Destroy\Uninstall Spybot-S&D.lnk
              ----a-w 933 2008-03-09 16:19:19 C:\Documents and Settings\All Users\Menu Start\Programma's\Spybot - Search & Destroy\Update Spybot-S&D.lnk
              ----a-w 1,660 2008-03-09 15:36:16 C:\Documents and Settings\All Users\Menu Start\Programma's\Systeembeheer\Computerbeheer.lnk
              ----a-w 1,283 2008-02-27 21:45:30 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\actiepunten.lnk
              ----a-w 1,498 2008-03-13 15:25:13 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\agenda 290308.lnk
              ----a-w 1,358 2008-03-13 15:25:13 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\agenda bestuursvergadering.lnk
              ----a-w 1,427 2008-02-28 22:10:18 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\alf.lijst vrijwilligers april 05-06.lnk
              ----a-w 1,353 2008-03-13 15:29:46 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\alg.ledenvergadering 2007.lnk
              ----a-w 1,353 2008-03-13 15:29:46 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\algemene ledenvergadering.lnk
              ----a-w 1,055 2008-03-11 14:34:39 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Artikelen.lnk
              ----a-w 1,447 2008-03-11 21:43:50 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\bardienst zaterdag competitiedefinitief.lnk
              ----a-w 1,115 2008-03-11 09:33:59 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Begeleidingsafspraken.lnk
              ----a-w 801 2008-03-13 16:08:17 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Biblio.lnk
              ----a-w 1,392 2008-03-13 15:51:15 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\brief m.b.t. parkdienst maart 08.lnk
              ----a-w 964 2008-03-10 15:07:07 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\coachen en trainen.lnk
              ----a-w 974 2008-03-10 15:09:20 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Coaching en training.lnk
              ----a-w 1,412 2008-03-13 16:08:49 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Damesdubbel bardienstrooster2008.lnk
              ----a-w 1,342 2008-03-13 16:10:31 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\damesdubbel poules.lnk
              ----a-w 1,452 2008-03-13 16:11:31 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\damesdubbel schemas ddwoensdag-avond2008.lnk
              ----a-w 1,327 2008-03-12 16:37:16 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\decl.1en 2 2008.lnk
              ----a-w 1,307 2008-03-12 16:39:19 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\decl.3 2008.lnk
              ----a-w 1,248 2008-03-10 10:27:10 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\DSC00344.lnk
              ----a-w 916 2008-03-13 16:08:17 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\EUROTOOL.lnk
              ----a-w 1,133 2008-03-10 10:27:10 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Jitske en Sjors.lnk
              ----a-w 1,054 2008-03-12 15:20:34 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Laberatorium.lnk
              ----a-w 752 2008-03-12 16:21:47 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Mijn documenten.lnk
              ----a-w 1,312 2008-03-13 15:55:19 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Mix Blad 2.lnk
              ----a-w 1,307 2008-03-13 15:53:59 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Mix Blad 1.lnk
              ----a-w 1,407 2008-03-13 16:08:03 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Mix Competitie 2008 voorwoord.lnk
              ----a-w 1,347 2008-03-13 15:56:40 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\mix competitie 2008.lnk
              ----a-w 1,417 2008-03-13 15:57:39 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Mix competitie bardienst indeling.lnk
              ----a-w 1,363 2008-02-27 21:34:27 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\notulen bestuursvergadering.lnk
              ----a-w 1,437 2008-03-12 19:07:26 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\overzicht commissies 26 februari 2008.lnk
              ----a-w 1,177 2008-02-28 22:10:18 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\PB 2006.lnk
              ----a-w 1,177 2008-03-11 15:41:15 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\PB 2007.lnk
              ----a-w 1,177 2008-03-13 16:11:31 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\PB 2008.lnk
              ----a-w 1,588 2008-03-13 15:29:46 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\presentielijst ALV 13 maart 2008.lnk
              ----a-w 1,598 2008-03-13 15:29:46 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\presentielijst ALV 8 februari 2007.lnk
              ----a-w 1,143 2008-03-10 19:48:42 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\R3T3ND8W.lnk
              ----a-w 1,407 2008-03-11 21:47:03 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\roosters tot april 2009 op naam.lnk
              ----a-w 1,388 2008-03-10 19:52:53 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\roosters tot april 2009 op naam[1].lnk
              ----a-w 1,362 2008-03-11 21:45:32 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\roosters tot april2009.lnk
              ----a-w 1,143 2008-03-10 19:52:53 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\SJF3UC9H.lnk
              ----a-w 823 2008-03-11 13:59:41 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Sjors.lnk
              ----a-w 959 2008-03-10 10:14:43 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\Stage Fontys 2008.lnk
              ----a-w 1,195 2008-02-25 12:32:38 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\style.lnk
              ----a-w 1,462 2008-03-13 15:38:36 C:\Documents and Settings\Wesley van Heugten\Application Data\Microsoft\Office\Recent\vertrekkers commissies alg.ledenverg. 2008.lnk
              ----a-w 1,792 2008-03-15 11:52:22 C:\Documents and Settings\Wesley van Heugten\Bureaublad\HijackThis.lnk
              ----a-w 767 2008-03-01 14:02:04 C:\Documents and Settings\Wesley van Heugten\Bureaublad\Internet Explorer.lnk
              ----a-w 991 2008-03-09 16:19:19 C:\Documents and Settings\Wesley van Heugten\Bureaublad\Spybot - Search & Destroy.lnk
              ----a-w 2,333 2008-03-17 09:54:34 C:\Documents and Settings\Wesley van Heugten\Bureaublad\Windows Live Messenger.lnk
              ----a-w 1,577 2008-03-17 12:37:01 C:\Documents and Settings\Wesley van Heugten\Menu Start\Programma's\Bureau-accessoires\Kladblok.lnk
              ----a-w 642 2008-03-17 12:34:39 C:\Documents and Settings\Wesley van Heugten\Mijn documenten\Mijn Gedeelde Mappen.lnk
              ----a-w 688 2008-03-14 16:16:17 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\01.lnk
              ----a-w 688 2008-03-14 16:16:20 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\02.lnk
              ----a-w 693 2008-03-14 16:13:12 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\03.lnk
              ----a-w 1,437 2008-02-27 23:00:44 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\090208 notulen.lnk
              ----a-w 1,260 2008-03-11 13:19:13 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\a reconceptualization of values clarification.lnk
              ----a-w 1,425 2008-03-13 15:25:12 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\agenda 290308.lnk
              ----a-w 1,029 2008-03-13 15:25:12 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\agenda bestuursvergadering.lnk
              ----a-w 1,300 2008-02-28 22:23:10 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\alf.lijst vrijwilligers april 05-06.lnk
              ----a-w 1,034 2008-03-15 14:39:07 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\algemene ledenvergadering.lnk
              ----a-w 1,528 2008-03-15 14:39:06 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\ALV 13 maart 2008 tekst Sjeng.lnk
              ----a-w 726 2008-03-11 14:34:41 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Artikelen.lnk
              ----a-w 779 2008-03-15 16:43:21 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Auto+Kamer.lnk
              ----a-w 1,320 2008-03-11 21:45:17 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\bardienst zaterdag competitiedefinitief.lnk
              ----a-w 1,370 2008-03-11 21:51:41 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Bardienstbriefje april 2008 tot en met maart 2009.lnk
              ----a-w 786 2008-03-11 09:36:02 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Begeleidingsafspraken.lnk
              ----a-w 783 2008-03-10 10:06:33 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Bestandje jitkse.lnk
              ----a-w 884 2008-03-02 17:51:10 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\birgit.lnk
              ----a-w 813 2008-03-14 16:13:44 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\bouncycuties.com_403_2.lnk
              ----a-w 1,300 2008-02-18 19:19:07 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Brief aan adverteerders leen 290108.lnk
              ----a-w 1,236 2008-02-18 19:21:44 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Brief aan adverteerdes (juiste tekst).lnk
              ----a-w 588 2008-03-09 20:28:01 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\catchme.lnk
              ----a-w 968 2008-02-25 12:34:10 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\CAVIQHV3.lnk
              ----a-w 635 2008-03-10 15:07:09 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\coachen en trainen.lnk
              ----a-w 645 2008-03-10 15:55:46 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Coaching en training.lnk
              ----a-w 1,285 2008-03-13 16:10:25 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Damesdubbel bardienstrooster2008.lnk
              ----a-w 1,215 2008-03-13 16:11:25 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\damesdubbel poules.lnk
              ----a-w 1,325 2008-03-13 16:13:31 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\damesdubbel schemas ddwoensdag-avond2008.lnk
              ----a-w 1,180 2008-02-20 15:12:24 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\decl.1 2008.lnk
              ----a-w 1,200 2008-02-24 14:50:37 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\decl.1en 2 2008.lnk
              ----a-w 1,180 2008-03-12 16:39:25 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\decl.3 2008.lnk
              ----a-w 1,195 2008-02-25 12:30:10 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\desktop.lnk
              ----a-w 1,121 2008-03-14 14:38:45 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\DSC00281.lnk
              ----a-w 729 2008-03-12 16:22:05 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Dubbelklikken op SDFix.lnk
              ----a-w 399 2008-03-15 11:51:25 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\HiJackThis.lnk
              ----a-w 1,327 2008-03-11 12:46:58 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\How pratice development frameworks can inluence teamwork.lnk
              ----a-w 635 2008-03-17 12:37:12 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\iets.lnk
              ----a-w 758 2008-03-11 14:00:23 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\iets_anders.lnk
              ----a-w 1,340 2008-02-27 22:55:30 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\inventarisatie commissies 13 september 2007.lnk
              ----a-w 997 2008-02-29 15:11:19 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Jaargang 64 nr 783 maart 2008.lnk
              ----a-w 1,296 2008-02-18 16:48:34 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Jaarverslag Jeugdcommissie 2007.lnk
              ----a-w 925 2008-02-25 12:30:10 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Jeannette (2).lnk
              ----a-w 804 2008-03-14 14:38:45 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Jitske en Sjors.lnk
              ----a-w 688 2008-03-14 16:17:49 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\kj.lnk
              ----a-w 693 2008-03-14 16:17:52 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\kjj.lnk
              ----a-w 1,200 2008-03-10 20:05:23 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\KNLTB 3 de hogt.lnk
              ----a-w 1,255 2008-02-28 17:14:03 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\KNLTB Inhoud map paviljoen.lnk
              ----a-w 725 2008-03-12 15:20:41 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Laberatorium.lnk
              ----a-w 681 2008-03-10 19:49:21 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\loge.lnk
              ----a-w 1,039 2008-02-26 16:56:41 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\LOGO.lnk
              ----a-w 1,058 2008-02-28 22:06:33 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\maandoverzicht.lnk
              ----a-w 609 2008-03-02 17:51:10 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Mijn ontvangen bestanden.lnk
              ----a-w 1,185 2008-03-13 15:55:32 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Mix Blad 2.lnk
              ----a-w 1,180 2008-03-13 15:53:58 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Mix Blad 1.lnk
              ----a-w 1,280 2008-03-13 16:08:03 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Mix Competitie 2008 voorwoord.lnk
              ----a-w 1,220 2008-03-13 15:57:17 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\mix competitie 2008.lnk
              ----a-w 1,290 2008-03-13 15:58:34 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Mix competitie bardienst indeling.lnk
              ----a-w 717 2008-03-14 16:15:07 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\movie1.lnk
              ----a-w 717 2008-03-14 16:15:10 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\movie2.lnk
              ----a-w 717 2008-03-14 16:15:28 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\movie3.lnk
              ----a-w 639 2008-02-24 15:28:29 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\My Playlists.lnk
              ----a-w 981 2008-02-24 15:28:29 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Nieuwe afspeellijst.lnk
              ----a-w 977 2008-02-18 12:13:06 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\nieuwe leden 2008 (briefje Kennismaking).lnk
              ----a-w 1,285 2008-03-11 09:36:02 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Notulen begeleidingsgesprek 3 - 07-03-2008.lnk
              ----a-w 1,310 2008-03-12 19:07:26 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\overzicht commissies 26 februari 2008.lnk
              ----a-w 1,385 2008-02-27 23:01:33 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\overzicht vergaderingen + activiteiten 2008 (270208).lnk
              ----a-w 1,223 2008-03-01 15:56:30 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\P1000059.lnk
              ----a-w 1,177 2008-03-14 15:03:15 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\P1000539.lnk
              ----a-w 1,177 2008-02-29 18:00:35 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\P1000598.lnk
              ----a-w 1,177 2008-03-14 15:04:18 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\P1000600.lnk
              ----a-w 1,177 2008-02-29 18:01:09 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\P1000656.lnk
              ----a-w 1,086 2008-03-15 16:43:21 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\P8200166.lnk
              ----a-w 848 2008-02-27 22:55:30 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\PB 2007.lnk
              ----a-w 848 2008-03-13 16:13:31 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\PB 2008.lnk
              ----a-w 1,027 2008-02-26 16:56:32 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\PB.lnk
              ----a-w 1,513 2008-03-13 15:29:49 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\presentielijst ALV 13 maart 2008.lnk
              ----a-w 770 2008-02-25 12:32:49 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\redeem file_bestanden.lnk
              ----a-w 724 2008-03-11 12:52:30 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\reflective practice.lnk
              ----a-w 1,043 2008-02-28 21:40:03 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\rek. Venema.lnk
              ----a-w 1,011 2008-02-19 15:32:03 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\rek.H.lnk
              ----a-w 1,280 2008-03-11 21:49:13 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\roosters tot april 2009 op naam.lnk
              ----a-w 1,235 2008-03-11 21:46:51 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\roosters tot april2009.lnk
              ----a-w 1,279 2008-03-12 22:14:09 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Schemas ddwoensdag-avond2008.lnk
              ----a-w 890 2008-03-01 15:56:30 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Selectie.lnk
              ----a-w 1,084 2008-02-25 12:32:49 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\show_ads.lnk
              ----a-w 561 2008-03-14 16:17:52 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\sint.lnk
              ----a-w 737 2008-02-29 17:59:01 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Sinterklaas 2007.lnk
              ----a-w 494 2008-03-11 14:00:23 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Sjors.lnk
              ----a-w 630 2008-03-10 10:22:44 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Stage Fontys 2008.lnk
              ----a-w 1,072 2008-02-25 12:32:27 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\style.lnk
              ----a-w 1,119 2008-03-06 23:01:27 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\sylvia24.lnk
              ----a-w 1,325 2008-02-19 17:02:17 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Tekst Website m.b.t. lidmaatschap 310306.lnk
              ----a-w 837 2008-03-14 16:13:56 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\thirdmovies-cum-on-in-3-11.lnk
              ----a-w 837 2008-03-14 16:13:59 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\thirdmovies-cum-on-in-3-12.lnk
              ----a-w 1,087 2008-03-11 14:08:05 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\TKM teamcoaching.lnk
              ----a-w 1,455 2008-03-10 20:40:21 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Uitgangspunten voor Consumptieprijzen paviljoen per 1 januari 2008.lnk
              ----a-w 1,171 2008-03-11 11:09:19 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\value clarification - patients.lnk
              ----a-w 1,067 2008-03-11 14:21:45 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Value Segmentation - A Model for the Measurement of Values and Value Systems.lnk
              ----a-w 1,051 2008-03-11 14:34:41 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Value Theory.lnk
              ----a-w 1,356 2008-03-11 13:58:08 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Values in the workplace - diversity in meaning and importance.lnk
              ----a-w 1,335 2008-03-13 15:38:36 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\vertrekkers commissies alg.ledenverg. 2008.lnk
              ----a-w 648 2008-03-01 14:13:06 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\videosz-please-drill-my-ass-2-12.lnk
              ----a-w 648 2008-03-01 14:13:10 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\videosz-please-drill-my-ass-2-13.lnk
              ----a-w 820 2008-03-14 16:12:37 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\videosz-pov-fixation-43.lnk
              ----a-w 816 2008-03-06 23:01:27 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Voorbeelden van afbeeldingen.lnk
              ----a-w 1,240 2008-02-28 22:22:40 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Vrijwilligers alf.lijst.lnk
              ----a-w 844 2008-03-14 15:04:18 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\Zeeland Jitske en Sjors.lnk
              ----a-w 1,177 2008-03-01 14:59:09 C:\Documents and Settings\Wesley van Heugten\Onlangs geopend\_DSC8582.lnk

              Entries: 175 (175)
              Directories: 0 Files: 175
              Bytes: 195,140 Blocks: 471
              =============
              ----a-w 493,860 2008-03-08 18:38:23 C:\SDFix\RunThis.bat
              ----a-w 745,930 2008-03-15 23:28:42 C:\WINDOWS\system32\RVAXO.bat

              Entries: 2 (2)
              Directories: 0 Files: 2
              Bytes: 1,239,790 Blocks: 2,422
              =============
              --sha-w 805,306,368 2008-03-17 12:48:36 C:\pagefile.sys
              ----a-w 12,761 2008-03-14 17:28:16 C:\Documents and Settings\All Users\Documenten\oxyvopaji.sys
              ----a-w 15,374 2008-03-14 17:28:16 C:\Documents and Settings\All Users\Documenten\uricy.sys
              ----a-w 17,315 2008-03-14 20:12:53 C:\Documents and Settings\Wesley van Heugten\Application Data\qilatagih.sys
              ----a-w 12,609 2008-03-14 17:28:16 C:\Documents and Settings\Wesley van Heugten\Local Settings\Application Data\tifos.sys
              ----a-w 27,136 2008-03-09 16:29:14 C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys
              ----a-w 15,696 2008-03-09 16:29:10 C:\Program Files\Malwarebytes' Anti-Malware\mbam.sys
              ---ha-w 1,024 2008-03-08 18:38:23 C:\SDFix\dummy.sys
              ----a-w 1,024 2008-03-08 18:38:20 C:\SDFix\apps\dummy.sys
              ----a-w 4,080 2008-03-08 18:38:21 C:\SDFix\apps\Replace\w2k\beep.sys
              ----a-w 2,800 2008-03-08 18:38:21 C:\SDFix\apps\Replace\w2k\null.sys
              ----a-w 4,224 2008-03-08 18:38:21 C:\SDFix\apps\Replace\xp\beep.sys
              ----a-w 2,944 2008-03-08 18:38:21 C:\SDFix\apps\Replace\xp\null.sys
              ----a-w 34,816 2008-03-14 16:18:22 C:\WINDOWS\system32\drivers\beep.sys
              ----a-w 47,872 2008-03-03 00:16:28 C:\WINDOWS\system32\drivers\kbd.sys

              Entries: 15 (13)
              Directories: 0 Files: 15
              Bytes: 805,506,043 Blocks: 1,573,258
              =============

              Comment


              • #8
                Start de computer in veilige modus.

                Open een kladblokbestand.
                Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                @ECHO OFF
                IF EXIST log.txt DEL log.txt
                ECHO Deleting files>>log.txt
                FOR %%g in (
                C:\WINDOWS\system32\univrs32.dat
                C:\WINDOWS\system32\cru629.dat
                C:\WINDOWS\cru629.dat
                C:\WINDOWS\system32\winivstr.exe
                "C:\Documents and Settings\All Users\Application Data\atyxuzi.exe"
                "C:\Documents and Settings\All Users\Menu Start\PROGRA~1\Opstarten\svchost.exe"
                "C:\Program Files\Common Files\etuqawor.exe"
                "C:\Documents and Settings\Wesley van Heugten\Local Settings\Application Data\qakehomab.dll"
                "C:\Documents and Settings\Wesley van Heugten\Local Settings\Temporary Internet Files\obyvekyn.dll"
                "C:\Program Files\Common Files\hewagasuw.dll"
                "C:\Documents and Settings\All Users\Documenten\oxyvopaji.sys"
                "C:\Documents and Settings\All Users\Documenten\uricy.sys"
                "C:\Documents and Settings\Wesley van Heugten\Application Data\qilatagih.sys"
                "C:\Documents and Settings\Wesley van Heugten\Local Settings\Application Data\tifos.sys"
                C:\WINDOWS\system32\dllcache\beep.sys
                C:\WINDOWS\system32\drivers\beep.sys
                C:\WINDOWS\braviax.exe
                C:\WINDOWS\udokumepy.exe
                C:\WINDOWS\system32\braviax.exe) DO (
                IF EXIST %%g (
                ATTRIB -r -s -h %%g
                DEL %%g
                IF EXIST %%g (
                ECHO %%g not deleted>>log.txt
                ) ELSE (
                ECHO %%g deleted>>log.txt)
                ) ELSE (
                ECHO %%g not found>>log.txt))
                copy C:\SDFix\apps\Replace\xp\beep.sys C:\WINDOWS\system32\drivers
                copy C:\SDFix\apps\Replace\xp\beep.sys C:\WINDOWS\system32\dllcache
                START NOTEPAD.EXE log.txt

                Ga naar Bestand - Opslaan als.
                Bij "Opslaan in" kies je: Bureaublad
                Bij "Bestandsnaam" zet je: del.bat
                Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                Klik op de knop Opslaan.

                Dubbelklik op del.bat en bewaar de inhoud van de logfile die opent.

                Herstart de computer in normale modus.

                Post het logje van del.bat en kijk of je ook een logje van Hijackthis maken kan
                Last edited by smeenk; 17-03-08, 19:29.

                Comment


                • #9
                  Hey super!

                  Men hijack doet het ook weer, virusscan is ingeschakeld.
                  Dit zijn de logjes

                  Del.bat

                  Deleting files
                  C:\WINDOWS\system32\univrs32.dat not found
                  C:\WINDOWS\system32\cru629.dat not found
                  C:\WINDOWS\cru629.dat not found
                  C:\WINDOWS\system32\winivstr.exe not found
                  "C:\Documents and Settings\All Users\Application Data\atyxuzi.exe" deleted
                  "C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\svchost.exe" not found
                  "C:\Program Files\Common Files\etuqawor.exe" deleted
                  "C:\Documents and Settings\Wesley van Heugten\Local Settings\Application Data\qakehomab.dll" deleted
                  "C:\Documents and Settings\Wesley van Heugten\Local Settings\Temporary Internet Files\obyvekyn.dll" deleted
                  "C:\Program Files\Common Files\hewagasuw.dll" deleted
                  "C:\Documents and Settings\All Users\Documenten\oxyvopaji.sys" deleted
                  "C:\Documents and Settings\All Users\Documenten\uricy.sys" deleted
                  "C:\Documents and Settings\Wesley van Heugten\Application Data\qilatagih.sys" deleted
                  "C:\Documents and Settings\Wesley van Heugten\Local Settings\Application Data\tifos.sys" deleted
                  C:\WINDOWS\system32\dllcache\beep.sys not found
                  C:\WINDOWS\system32\drivers\beep.sys deleted
                  C:\WINDOWS\braviax.exe not found
                  C:\WINDOWS\udokumepy.exe deleted
                  C:\WINDOWS\system32\braviax.exe not found


                  Hijack

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 18:49:25, on 17-3-2008
                  Platform: Windows XP SP1 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                  C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
                  C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
                  C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
                  C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
                  C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
                  C:\WINDOWS\System32\ctfmon.exe
                  C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
                  C:\Program Files\Google\Google Updater\GoogleUpdater.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
                  C:\Program Files\Network Associates\VirusScan\Mcshield.exe
                  C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
                  C:\WINDOWS\System32\nvsvc32.exe
                  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\NOTEPAD.EXE
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
                  O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
                  O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
                  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                  O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
                  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                  O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
                  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                  O4 - HKLM\..\Run: [braviax] braviax.exe
                  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                  O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
                  O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
                  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                  O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
                  O20 - AppInit_DLLs: cru629.dat
                  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
                  O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
                  O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
                  O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                  O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

                  --
                  End of file - 5173 bytes

                  Comment


                  • #10
                    Mooi dat het gelukt is

                    Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
                    O4 - HKLM\..\Run: [braviax] braviax.exe
                    O20 - AppInit_DLLs: cru629.dat

                    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

                    Probeer Deckard's System Scanner nu te draaien en post dat logje ook

                    Comment


                    • #11
                      En hierbij het logje van DSS;

                      Deckard's System Scanner v20071014.68
                      Run by Wesley van Heugten on 2008-03-17 19:36:12
                      Computer is in Normal Mode.
                      --------------------------------------------------------------------------------

                      -- System Restore --------------------------------------------------------------

                      Successfully created a Deckard's System Scanner Restore Point.


                      -- Last 5 Restore Point(s) --
                      25: 2008-03-17 18:36:14 UTC - RP25 - Deckard's System Scanner Restore Point
                      24: 2008-03-16 22:52:45 UTC - RP24 - Controlepunt van systeem
                      23: 2008-03-15 19:35:49 UTC - RP23 - Controlepunt van systeem
                      22: 2008-03-14 18:32:08 UTC - RP22 - Controlepunt van systeem
                      21: 2008-03-13 18:04:04 UTC - RP21 - Controlepunt van systeem


                      -- First Restore Point --
                      1: 2008-02-17 15:30:44 UTC - RP1 - Controlepunt van systeem


                      Backed up registry hives.
                      Performed disk cleanup.

                      Total Physical Memory: 511 MiB (512 MiB recommended).


                      -- HijackThis (run as Wesley van Heugten.exe) ----------------------------------

                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 19:36:41, on 17-3-2008
                      Platform: Windows XP SP1 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                      C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
                      C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
                      C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
                      C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
                      C:\WINDOWS\System32\ctfmon.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                      C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
                      C:\Program Files\Network Associates\VirusScan\Mcshield.exe
                      C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
                      C:\WINDOWS\System32\nvsvc32.exe
                      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\Program Files\MSN Messenger\usnsvc.exe
                      C:\Documents and Settings\Wesley van Heugten\Bureaublad\dss.exe
                      C:\PROGRA~1\TRENDM~1\HIJACK~1\Wesley van Heugten.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
                      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
                      O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
                      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                      O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
                      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
                      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                      O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
                      O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
                      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
                      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                      O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
                      O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
                      O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
                      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

                      --
                      End of file - 5009 bytes

                      -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

                      backup-20080317-193456-468 O20 - AppInit_DLLs: cru629.dat
                      backup-20080317-193456-791 O4 - HKLM\..\Run: [braviax] braviax.exe

                      -- File Associations -----------------------------------------------------------

                      .reg - regfile - shell\open\command - "%1" %*
                      .scr - scrfile - shell\open\command - "%1" %*


                      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

                      R1 kbd - c:\windows\system32\drivers\kbd.sys
                      R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
                      R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
                      R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>

                      S3 catchme - c:\docume~1\wesley~1\locals~1\temp\catchme.sys (file missing)
                      S3 VNUSB (VN Series Device) - c:\windows\system32\drivers\vnusb.sys <Not Verified; OLYMPUS OPTICAL CO.,LTD.; VVRUSB Driver>


                      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

                      R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
                      R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>


                      -- Device Manager: Disabled ----------------------------------------------------

                      No disabled devices found.


                      -- Files created between 2008-02-17 and 2008-03-17 -----------------------------

                      2008-03-17 13:48:42 0 d-------- C:\RVAXO
                      2008-03-17 13:44:01 745930 --a------ C:\WINDOWS\System32\RVAXO.bat
                      2008-03-17 13:44:01 69632 --a------ C:\WINDOWS\System32\remove.exe
                      2008-03-15 12:20:54 0 d-------- C:\Program Files\Trend Micro
                      2008-03-14 21:12:53 13816 --a------ C:\WINDOWS\System32\rulym.scr
                      2008-03-14 21:12:53 10951 --a------ C:\WINDOWS\omoti.dat
                      2008-03-14 21:12:53 14360 --a------ C:\WINDOWS\fuwo.dat
                      2008-03-14 21:12:53 15425 --a------ C:\WINDOWS\cumur.com
                      2008-03-14 21:12:53 18307 --a------ C:\Documents and Settings\Wesley van Heugten\Application Data\aweke.scr
                      2008-03-14 21:12:53 12337 --a------ C:\Documents and Settings\All Users\Application Data\uvatypodom.scr
                      2008-03-14 21:12:53 18740 --a------ C:\Documents and Settings\All Users\Application Data\lidigyq.scr
                      2008-03-14 18:28:16 17065 --a------ C:\WINDOWS\kyxow.bin
                      2008-03-14 18:28:16 19853 --a------ C:\Program Files\Common Files\aroty.com
                      2008-03-14 18:28:16 16750 --a------ C:\Documents and Settings\Wesley van Heugten\Application Data\vusabaky.scr
                      2008-03-14 18:28:16 16130 --a------ C:\Documents and Settings\All Users\Application Data\unyfus.com
                      2008-03-14 18:28:16 19708 --a------ C:\Documents and Settings\All Users\Application Data\sihaly.reg
                      2008-03-10 15:21:53 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\Malwarebytes
                      2008-03-10 15:21:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
                      2008-03-10 15:21:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
                      2008-03-09 18:11:47 0 d-------- C:\WINDOWS\ERUNT
                      2008-03-09 17:19:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                      2008-03-09 17:15:38 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\InstallShield
                      2008-03-09 16:41:17 0 d--h----- C:\Documents and Settings\Administrator\Sjablonen
                      2008-03-09 16:41:17 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
                      2008-03-09 16:41:17 0 d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
                      2008-03-09 16:41:17 0 d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
                      2008-03-09 16:41:17 0 d--h----- C:\Documents and Settings\Administrator\NetHood
                      2008-03-09 16:41:17 0 d-------- C:\Documents and Settings\Administrator\Mijn documenten
                      2008-03-09 16:41:17 0 dr------- C:\Documents and Settings\Administrator\Menu Start
                      2008-03-09 16:41:17 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
                      2008-03-09 16:41:17 0 d-------- C:\Documents and Settings\Administrator\Favorieten
                      2008-03-09 16:41:17 0 d---s---- C:\Documents and Settings\Administrator\Cookies
                      2008-03-09 16:41:17 0 d-------- C:\Documents and Settings\Administrator\Bureaublad
                      2008-03-09 16:41:17 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
                      2008-03-09 16:41:17 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
                      2008-03-09 16:41:16 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
                      2008-03-03 01:16:28 47872 --a------ C:\WINDOWS\System32\drivers\kbd.sys


                      -- Find3M Report ---------------------------------------------------------------

                      2008-03-17 18:41:21 0 d-------- C:\Program Files\Common Files
                      2008-03-14 21:12:53 10478 --a------ C:\Program Files\Common Files\wume.lib
                      2008-03-14 21:12:53 14294 --a------ C:\Documents and Settings\Wesley van Heugten\Application Data\ifiheke.inf
                      2008-03-14 18:28:16 18204 --a------ C:\Program Files\Common Files\ucymotybub.ban
                      2008-03-14 18:28:16 13275 --a------ C:\Program Files\Common Files\bevu._sy
                      2008-03-14 17:05:10 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\BitTorrent
                      2008-03-13 13:00:43 0 d-------- C:\Program Files\BitTorrent_DNA
                      2008-03-13 13:00:36 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\BitTorrent DNA
                      2008-03-09 20:27:51 364330 --a------ C:\WINDOWS\System32\perfh013.dat
                      2008-03-09 20:27:51 53418 --a------ C:\WINDOWS\System32\perfc013.dat
                      2008-03-09 17:15:48 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\Panasonic
                      2008-03-09 17:15:31 0 d-------- C:\Program Files\Panasonic
                      2008-03-09 17:15:30 0 d--h----- C:\Program Files\InstallShield Installation Information
                      2008-02-24 16:16:27 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\LimeWirePlus
                      2008-02-16 20:23:12 0 d-------- C:\Program Files\Webteh
                      2008-02-15 17:44:37 0 d-------- C:\Program Files\OfficeLabelDesigner
                      2008-02-09 12:39:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
                      2008-02-04 15:40:32 0 d-------- C:\Program Files\Java


                      -- Registry Dump ---------------------------------------------------------------

                      *Note* empty entries & legit default entries are not shown


                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 01:11]
                      "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [29-05-2003 15:28]
                      "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [30-05-2003 08:42]
                      "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [22-09-2004 19:00]
                      "nwiz"="nwiz.exe" [29-08-2003 10:44 C:\WINDOWS\system32\nwiz.exe]
                      "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [29-08-2003 10:44]
                      "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [07-10-2003 08:48]
                      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 09:50]
                      "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [06-08-2004 02:50]
                      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10-10-2007 19:51]

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01-08-2007 16:28]
                      "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [08-04-2003 13:00]

                      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                      Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [20-10-2007 11:01:33]
                      Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [1-8-2007 16:28:19]
                      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13-2-2001 9:01:04]

                      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
                      SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
                      @="Service"




                      -- End of Deckard's System Scanner: finished at 2008-03-17 19:37:46 ------------

                      Comment


                      • #12
                        er stond nog een "extra" log open, die zet er ook maar even bij:

                        Deckard's System Scanner v20071014.68
                        Extra logfile - please post this as an attachment with your post.
                        --------------------------------------------------------------------------------

                        -- System Information ----------------------------------------------------------

                        Microsoft Windows XP Home Edition (build 2600) SP 1.0
                        Architecture: X86; Language: Dutch

                        CPU 0: Intel(R) Pentium(R) 4 CPU 2.60GHz
                        CPU 1: Intel(R) Pentium(R) 4 CPU 2.60GHz
                        Percentage of Memory in Use: 44%
                        Physical Memory (total/avail): 510.73 MiB / 281.86 MiB
                        Pagefile Memory (total/avail): 1249.87 MiB / 1030.41 MiB
                        Virtual Memory (total/avail): 2047.88 MiB / 1943.17 MiB

                        A: is Removable (No Media)
                        C: is Fixed (NTFS) - 186.3 GiB total, 168.29 GiB free.
                        D: is CDROM (No Media)

                        \\.\PHYSICALDRIVE0 - WDC WD2000JD-22HBC0 - 186.31 GiB - 1 partition
                        \PARTITION0 (bootable) - Installable File System - 186.3 GiB - C:



                        -- Security Center -------------------------------------------------------------

                        AUOptions is disabled.


                        -- Environment Variables -------------------------------------------------------

                        ALLUSERSPROFILE=C:\Documents and Settings\All Users
                        APPDATA=C:\Documents and Settings\Wesley van Heugten\Application Data
                        CLIENTNAME=Console
                        CommonProgramFiles=C:\Program Files\Common Files
                        COMPUTERNAME=WVANHEUGTEN
                        ComSpec=C:\WINDOWS\system32\cmd.exe
                        HOMEDRIVE=C:
                        HOMEPATH=\Documents and Settings\Wesley van Heugten
                        LOGONSERVER=\\WVANHEUGTEN
                        NUMBER_OF_PROCESSORS=2
                        OS=Windows_NT
                        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
                        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
                        PROCESSOR_ARCHITECTURE=x86
                        PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
                        PROCESSOR_LEVEL=15
                        PROCESSOR_REVISION=0209
                        ProgramFiles=C:\Program Files
                        PROMPT=$P$G
                        SESSIONNAME=Console
                        SystemDrive=C:
                        SystemRoot=C:\WINDOWS
                        TEMP=C:\DOCUME~1\WESLEY~1\LOCALS~1\Temp
                        TMP=C:\DOCUME~1\WESLEY~1\LOCALS~1\Temp
                        USERDOMAIN=WVANHEUGTEN
                        USERNAME=Wesley van Heugten
                        USERPROFILE=C:\Documents and Settings\Wesley van Heugten
                        windir=C:\WINDOWS


                        -- User Profiles ---------------------------------------------------------------

                        Wesley van Heugten (admin)
                        Administrator (admin)


                        -- Add/Remove Programs ---------------------------------------------------------

                        --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
                        Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
                        Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
                        Adobe Reader 8.1.1 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81000000003}
                        Allok 3GP PSP MP4 iPod Video Converter 4.2.0528 --> "C:\Program Files\Allok 3GP PSP MP4 iPod Video Converter\unins000.exe"
                        BitTorrent --> "C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
                        Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
                        HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
                        Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
                        Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
                        LimeWire Plus 1.3 --> C:\Program Files\LimeWire Plus\uninstall.exe
                        Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
                        McAfee VirusScan Enterprise --> MsiExec.exe /I{5F022479-B394-4E6A-9823-8DC4176DB4EF}
                        Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
                        Microsoft Office XP Professional met FrontPage --> MsiExec.exe /I{90280413-6000-11D3-8CFE-0050048383C9}
                        Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
                        Office Label Designer --> C:\PROGRA~1\OFFICE~1\UNWISE.EXE C:\PROGRA~1\OFFICE~1\INSTALL.LOG
                        Olympus Digital Wave Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x9
                        Pro Evolution Soccer 6 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EBB794ED-D282-4334-92FB-254481EFF514} /l1033
                        SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\System32\Samsung_USB_Drivers\3\SSCDUninstall.exe
                        SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\System32\Samsung_USB_Drivers\1\SS_Uninstall.exe
                        SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\System32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
                        Samsung PC Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x13 -removeonly
                        Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x13 -removeonly
                        Soldier of Fortune II - Double Helix --> C:\PROGRA~1\SOLDIE~2\Uninstall\Unwise.exe /u C:\PROGRA~1\SOLDIE~2\Uninstall\install.log
                        SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
                        Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
                        Vodafone 804SS USB driver Software --> C:\WINDOWS\System32\Samsung_USB_Drivers\4\SSVDUninstall.exe
                        Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
                        Windows Live Messenger --> MsiExec.exe /I{9816B8B8-4B53-4D3D-9235-AD931252001D}
                        WinFast(R) Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe"
                        WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
                        ZaraRadio 1.6.1 --> "C:\Program Files\ZaraSoft\ZaraRadio\unins000.exe"


                        -- Application Event Log -------------------------------------------------------

                        Event Record #/Type5850 / Warning
                        Event Submitted/Written: 03/17/2008 07:37:02 PM
                        Event ID/Source: 257 / Alert Manager Event Interface
                        Event Description:
                        VirusScan Enterprise: Wordt geblokkeerd door gedragblokkeringsregel (regel bevindt zich in de waarschuwingsmodus) (alleen-waarschuwingsmodus). (van WVANHEUGTEN IP-adres 77.248.112.210 gebruiker SYSTEM met behulp van VirusScan Enter 8.0 OAS)

                        Event Record #/Type5849 / Warning
                        Event Submitted/Written: 03/17/2008 07:37:02 PM
                        Event ID/Source: 257 / Alert Manager Event Interface
                        Event Description:
                        VirusScan Enterprise: Wordt geblokkeerd door gedragblokkeringsregel (regel bevindt zich in de waarschuwingsmodus) (alleen-waarschuwingsmodus). (van WVANHEUGTEN IP-adres 77.248.112.210 gebruiker SYSTEM met behulp van VirusScan Enter 8.0 OAS)

                        Event Record #/Type5844 / Success
                        Event Submitted/Written: 03/17/2008 07:27:19 PM
                        Event ID/Source: 12001 / usnjsvc
                        Event Description:
                        The Messenger Sharing USN Journal Reader service started successfully.

                        Event Record #/Type5840 / Error
                        Event Submitted/Written: 03/17/2008 06:32:31 PM
                        Event ID/Source: 8193 / VSS
                        Event Description:
                        Fout van de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine CoCreateInstance. hr = 0x80040206.

                        Event Record #/Type5839 / Error
                        Event Submitted/Written: 03/17/2008 06:32:31 PM
                        Event ID/Source: 4609 / EventSystem
                        Event Description:
                        Het COM+-gebeurtenissysteem heeft bij de interne verwerking een ongeldige resultaatcode gevonden. HRESULT is 8007043C voor regel 44 van d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Neem contact op met Microsoft Productondersteuning om dit te melden.



                        -- Security Event Log ----------------------------------------------------------

                        No Errors/Warnings found.


                        -- System Event Log ------------------------------------------------------------

                        Event Record #/Type9966 / Error
                        Event Submitted/Written: 03/17/2008 06:41:54 PM
                        Event ID/Source: 10005 / DCOM
                        Event Description:
                        DCOM kreeg foutmelding '%%1084' bij het starten van de EventSystem-service met de argumenten ''
                        om de server
                        {1BE1F766-5536-11D1-B726-00C04FB926AF} te starten

                        Event Record #/Type9965 / Error
                        Event Submitted/Written: 03/17/2008 06:41:35 PM
                        Event ID/Source: 10005 / DCOM
                        Event Description:
                        DCOM kreeg foutmelding '%%1084' bij het starten van de StiSvc-service met de argumenten ''
                        om de server
                        {A1F4E726-8CF1-11D1-BF92-0060081ED811} te starten

                        Event Record #/Type9964 / Error
                        Event Submitted/Written: 03/17/2008 06:40:52 PM
                        Event ID/Source: 10005 / DCOM
                        Event Description:
                        DCOM kreeg foutmelding '%%1084' bij het starten van de StiSvc-service met de argumenten ''
                        om de server
                        {A1F4E726-8CF1-11D1-BF92-0060081ED811} te starten

                        Event Record #/Type9963 / Error
                        Event Submitted/Written: 03/17/2008 06:39:59 PM
                        Event ID/Source: 10005 / DCOM
                        Event Description:
                        DCOM kreeg foutmelding '%%1084' bij het starten van de StiSvc-service met de argumenten ''
                        om de server
                        {A1F4E726-8CF1-11D1-BF92-0060081ED811} te starten

                        Event Record #/Type9962 / Error
                        Event Submitted/Written: 03/17/2008 06:39:54 PM
                        Event ID/Source: 10005 / DCOM
                        Event Description:
                        DCOM kreeg foutmelding '%%1084' bij het starten van de StiSvc-service met de argumenten ''
                        om de server
                        {A1F4E726-8CF1-11D1-BF92-0060081ED811} te starten



                        -- End of Deckard's System Scanner: finished at 2008-03-17 19:37:46 ------------

                        Comment


                        • #13
                          Helemaal schoon lijkt het nog niet

                          Start de computer in veilige modus.

                          Open een kladblokbestand.
                          Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                          @ECHO OFF
                          IF EXIST log.txt DEL log.txt
                          ECHO Deleting files>>log.txt
                          FOR %%g in (
                          C:\WINDOWS\System32\rulym.scr
                          C:\WINDOWS\omoti.dat
                          C:\WINDOWS\fuwo.dat
                          C:\WINDOWS\cumur.com
                          "C:\Documents and Settings\Wesley van Heugten\Application Data\aweke.scr"
                          "C:\Documents and Settings\All Users\Application Data\uvatypodom.scr"
                          "C:\Documents and Settings\All Users\Application Data\lidigyq.scr"
                          C:\WINDOWS\kyxow.bin
                          "C:\Program Files\Common Files\aroty.com"
                          "C:\Documents and Settings\Wesley van Heugten\Application Data\vusabaky.scr"
                          "C:\Documents and Settings\All Users\Application Data\unyfus.com"
                          "C:\Documents and Settings\All Users\Application Data\sihaly.reg"
                          "C:\Program Files\Common Files\wume.lib"
                          "C:\Documents and Settings\Wesley van Heugten\Application Data\ifiheke.inf"
                          "C:\Program Files\Common Files\ucymotybub.ban"
                          "C:\Program Files\Common Files\bevu._sy") DO (
                          IF EXIST %%g (
                          ATTRIB -r -s -h %%g
                          DEL %%g
                          IF EXIST %%g (
                          ECHO %%g not deleted>>log.txt
                          ) ELSE (
                          ECHO %%g deleted>>log.txt)
                          ) ELSE (
                          ECHO %%g not found>>log.txt))
                          START NOTEPAD.EXE log.txt

                          Ga naar Bestand - Opslaan als.
                          Bij "Opslaan in" kies je: Bureaublad
                          Bij "Bestandsnaam" zet je: del.bat
                          Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                          Klik op de knop Opslaan.

                          Dubbelklik op del.bat en bewaar de inhoud van de logfile die opent.

                          Herstart de computer in normale modus.

                          Post het logje van del.bat en daarna opnieuw een logje van Deckard's System Scanner

                          Comment


                          • #14
                            Hallo,

                            Een beetje laat maar had geen eerdere gelegenheid om je laatste opdracht te doen, bij deze alsnog:

                            Del.bat:

                            Deleting files
                            C:\WINDOWS\System32\rulym.scr deleted
                            C:\WINDOWS\omoti.dat deleted
                            C:\WINDOWS\fuwo.dat deleted
                            C:\WINDOWS\cumur.com deleted
                            "C:\Documents and Settings\Wesley van Heugten\Application Data\aweke.scr" deleted
                            "C:\Documents and Settings\All Users\Application Data\uvatypodom.scr" deleted
                            "C:\Documents and Settings\All Users\Application Data\lidigyq.scr" deleted
                            C:\WINDOWS\kyxow.bin deleted
                            "C:\Program Files\Common Files\aroty.com" deleted
                            "C:\Documents and Settings\Wesley van Heugten\Application Data\vusabaky.scr" deleted
                            "C:\Documents and Settings\All Users\Application Data\unyfus.com" deleted
                            "C:\Documents and Settings\All Users\Application Data\sihaly.reg" deleted
                            "C:\Program Files\Common Files\wume.lib" deleted
                            "C:\Documents and Settings\Wesley van Heugten\Application Data\ifiheke.inf" deleted
                            "C:\Program Files\Common Files\ucymotybub.ban" deleted
                            "C:\Program Files\Common Files\bevu._sy" deleted

                            DSS Scanner:

                            Deckard's System Scanner v20071014.68
                            Run by Wesley van Heugten on 2008-03-22 11:41:24
                            Computer is in Normal Mode.
                            --------------------------------------------------------------------------------

                            Total Physical Memory: 511 MiB (512 MiB recommended).


                            -- HijackThis (run as Wesley van Heugten.exe) ----------------------------------

                            Logfile of Trend Micro HijackThis v2.0.2
                            Scan saved at 11:41:26, on 22-3-2008
                            Platform: Windows XP SP1 (WinNT 5.01.2600)
                            MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
                            Boot mode: Normal

                            Running processes:
                            C:\WINDOWS\System32\smss.exe
                            C:\WINDOWS\system32\winlogon.exe
                            C:\WINDOWS\system32\services.exe
                            C:\WINDOWS\system32\lsass.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                            C:\WINDOWS\Explorer.EXE
                            C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                            C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
                            C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
                            C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
                            C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
                            C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
                            C:\WINDOWS\System32\ctfmon.exe
                            C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
                            C:\Program Files\Google\Google Updater\GoogleUpdater.exe
                            C:\WINDOWS\system32\spoolsv.exe
                            C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                            C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
                            C:\Program Files\Network Associates\VirusScan\Mcshield.exe
                            C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
                            C:\WINDOWS\System32\nvsvc32.exe
                            C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\WINDOWS\System32\wuauclt.exe
                            C:\Documents and Settings\Wesley van Heugten\Bureaublad\dss.exe
                            C:\PROGRA~1\TRENDM~1\HIJACK~1\WESLEY~1.EXE

                            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
                            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                            O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
                            O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
                            O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
                            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                            O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
                            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                            O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
                            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                            O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                            O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
                            O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
                            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                            O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
                            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                            O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
                            O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
                            O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
                            O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                            O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

                            --
                            End of file - 5153 bytes

                            -- Files created between 2008-02-22 and 2008-03-22 -----------------------------

                            2008-03-17 13:48:42 0 d-------- C:\RVAXO
                            2008-03-17 13:44:01 745930 --a------ C:\WINDOWS\System32\RVAXO.bat
                            2008-03-17 13:44:01 69632 --a------ C:\WINDOWS\System32\remove.exe
                            2008-03-15 12:20:54 0 d-------- C:\Program Files\Trend Micro
                            2008-03-10 15:21:53 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\Malwarebytes
                            2008-03-10 15:21:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
                            2008-03-10 15:21:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
                            2008-03-09 18:11:47 0 d-------- C:\WINDOWS\ERUNT
                            2008-03-09 17:19:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                            2008-03-09 17:15:38 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\InstallShield
                            2008-03-09 16:41:17 0 d--h----- C:\Documents and Settings\Administrator\Sjablonen
                            2008-03-09 16:41:17 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
                            2008-03-09 16:41:17 0 d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
                            2008-03-09 16:41:17 0 d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
                            2008-03-09 16:41:17 0 d--h----- C:\Documents and Settings\Administrator\NetHood
                            2008-03-09 16:41:17 0 d-------- C:\Documents and Settings\Administrator\Mijn documenten
                            2008-03-09 16:41:17 0 dr------- C:\Documents and Settings\Administrator\Menu Start
                            2008-03-09 16:41:17 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
                            2008-03-09 16:41:17 0 d-------- C:\Documents and Settings\Administrator\Favorieten
                            2008-03-09 16:41:17 0 d---s---- C:\Documents and Settings\Administrator\Cookies
                            2008-03-09 16:41:17 0 d-------- C:\Documents and Settings\Administrator\Bureaublad
                            2008-03-09 16:41:17 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
                            2008-03-09 16:41:17 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
                            2008-03-09 16:41:16 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
                            2008-03-03 01:16:28 47872 --a------ C:\WINDOWS\System32\drivers\kbd.sys


                            -- Find3M Report ---------------------------------------------------------------

                            2008-03-17 20:45:45 0 d-------- C:\Program Files\Common Files
                            2008-03-14 17:05:10 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\BitTorrent
                            2008-03-13 13:00:43 0 d-------- C:\Program Files\BitTorrent_DNA
                            2008-03-13 13:00:36 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\BitTorrent DNA
                            2008-03-09 20:27:51 364330 --a------ C:\WINDOWS\System32\perfh013.dat
                            2008-03-09 20:27:51 53418 --a------ C:\WINDOWS\System32\perfc013.dat
                            2008-03-09 17:15:48 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\Panasonic
                            2008-03-09 17:15:31 0 d-------- C:\Program Files\Panasonic
                            2008-03-09 17:15:30 0 d--h----- C:\Program Files\InstallShield Installation Information
                            2008-02-24 16:16:27 0 d-------- C:\Documents and Settings\Wesley van Heugten\Application Data\LimeWirePlus
                            2008-02-16 20:23:12 0 d-------- C:\Program Files\Webteh
                            2008-02-15 17:44:37 0 d-------- C:\Program Files\OfficeLabelDesigner
                            2008-02-09 12:39:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
                            2008-02-04 15:40:32 0 d-------- C:\Program Files\Java


                            -- Registry Dump ---------------------------------------------------------------

                            *Note* empty entries & legit default entries are not shown


                            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 01:11]
                            "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [29-05-2003 15:28]
                            "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [30-05-2003 08:42]
                            "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [22-09-2004 19:00]
                            "nwiz"="nwiz.exe" [29-08-2003 10:44 C:\WINDOWS\system32\nwiz.exe]
                            "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [29-08-2003 10:44]
                            "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [07-10-2003 08:48]
                            "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 09:50]
                            "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [06-08-2004 02:50]
                            "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10-10-2007 19:51]

                            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                            "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01-08-2007 16:28]
                            "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [08-04-2003 13:00]

                            C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                            Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [20-10-2007 11:01:33]
                            Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [1-8-2007 16:28:19]
                            Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13-2-2001 9:01:04]

                            [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
                            SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
                            @="Service"

                            *Newly Created Service* - ENTDRV51



                            -- End of Deckard's System Scanner: finished at 2008-03-22 11:41:56 ------------

                            Comment


                            • #15
                              Je Java software is verouderd.
                              Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                              Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                              • Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
                              • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                              • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                              • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                              • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                              • Herhaal dit tot alle oudere versies verdwenen zijn.
                              • Na het verwijderen van alle oudere versies, herstart je pc.
                              • Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                              Download Malwarebytes' Anti-Malware op je bureaublad.
                              Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
                              Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
                              Druk daarna op "Finish".
                              Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
                              Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
                              Druk dan op de knop "Start Scan".
                              Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
                              Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
                              Als het programma je computer wil laten herstarten, sta je dit toe.
                              Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
                              Post deze log in je volgende bericht tesamen met een nieuw logje van Hijackthis

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X