Mededeling

**smeenk** · 28-03-08, 12:42

Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regel:
O4 - HKCU\..\Run: [qavluzyh] C:\WINDOWS\system32\rclavahu.exe
Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

Herstart je computer even.

Download Deckard's System Scanner naar je Bureaublad.

Sluit alle toepassingen en vensters.
Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

**ridia** · 28-03-08, 12:59

Ok, heb Deckard's System Scanner v20071014.68
Run by Hoogeboom on 2008-03-28 11:55:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
55: 2008-03-28 10:55:40 UTC - RP239 - Deckard's System Scanner Restore Point
54: 2008-03-27 16:21:43 UTC - RP238 - Removed ijji Auto Installer
53: 2008-03-27 09:38:14 UTC - RP237 - Software Distribution Service 3.0
52: 2008-03-25 16:09:29 UTC - RP236 - Controlepunt van systeem
51: 2008-03-23 07:52:42 UTC - RP235 - Controlepunt van systeem

-- First Restore Point --
1: 2007-12-28 16:21:49 UTC - RP185 - Removed WG111v2 Configuration Utility

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Hoogeboom.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:52, on 28-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\@home\bin\tgcmd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Hoogeboom\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Hoogeboom.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [hcenter] "C:\Program Files\@home\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184770827281
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7807 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070929-104933-209 O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
backup-20070929-104933-483 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20070929-104933-868 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20070929-104933-934 O2 - BHO: Internet Explorer Helper - {4B2C442C-4C2C-472B-4129-24AC2BC4C2DE} - C:\WINDOWS\system\wkccts32.dll
backup-20070929-104934-830 O20 - Winlogon Notify: fccyxxv - fccyxxv.dll (file missing)
backup-20080328-114916-415 O4 - HKCU\..\Run: [qavluzyh] C:\WINDOWS\system32\rclavahu.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 scrcap - c:\windows\system32\drivers\scrcap.sys <Not Verified; ZD Soft; ZD Soft Screen Capture Series>
R3 SjyPkt - c:\windows\system32\drivers\sjypkt.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>

S1 a2ae1498.sys - c:\windows\system32\drivers\a2ae1498.sys (file missing)
S3 catchme - c:\docume~1\hoogeb~1\locals~1\temp\catchme.sys (file missing)
S3 Ip6Fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)
S3 XDva068 - c:\windows\system32\xdva068.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-02-28 and 2008-03-28 -----------------------------

2008-03-27 18:11:54 0 d-------- C:\Documents and Settings\Hoogeboom\Application Data\Grisoft
2008-03-27 18:11:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-27 17:57:35 0 d-------- C:\Program Files\PC-Antispyware
2008-03-27 15:46:07 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-03-27 15:46:07 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-03-27 15:46:07 4096 --a------ C:\WINDOWS\system32taack.exe
2008-03-27 15:46:07 4096 --a------ C:\WINDOWS\system32taack.dat
2008-03-27 15:46:07 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-03-27 15:46:07 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-03-27 15:46:07 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-03-27 15:46:07 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-03-27 15:46:07 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-03-27 15:46:07 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-03-27 15:46:07 4096 --a------ C:\WINDOWS\a.bat
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\winsystem.exe
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32thun.dll
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-03-27 15:46:06 0 d-------- C:\WINDOWS\system32smp
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32netode.exe
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\[email protected]@@k.dll
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32bdn.com
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\mssecu.exe
2008-03-27 15:46:06 0 d-------- C:\WINDOWS\mslagent
2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\bdn.com
2008-03-27 15:46:06 0 d-------- C:\Program Files\Inet Delivery
2008-03-27 15:46:06 4096 --a------ C:\Documents and Settings\Hoogeboom\BureaubladFWebdEditor.exe
2008-03-27 15:46:06 4096 --a------ C:\Documents and Settings\Hoogeboom\Bureaubladfwebd.exe
2008-03-27 15:46:06 4096 --a------ C:\Documents and Settings\Hoogeboom\Bureaubladfilemanagerclient.exe
2008-03-27 15:45:54 98304 --a------ C:\WINDOWS\system32\rclavahu.exe
2008-03-27 15:45:54 0 d-------- C:\Documents and Settings\All Users\Application Data\lytsrybo
2008-03-27 11:19:32 0 d-------- C:\WINDOWS\ERUNT
2008-03-26 18:30:59 106 --a------ C:\WINDOWS\system32\delself.bat
2008-03-25 07:25:36 0 d-------- C:\Documents and Settings\Hoogeboom\Application Data\Sony Setup
2008-03-25 07:23:41 0 d-------- C:\Program Files\Sony Setup
2008-03-12 14:30:18 0 d-------- C:\Program Files\QuickTime
2008-03-05 16:14:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-05 16:05:11 0 d-------- C:\Program Files\Alwil Software

-- Find3M Report ---------------------------------------------------------------

2008-03-27 17:21:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-27 17:20:43 0 d-------- C:\Program Files\Hitman Pro
2008-03-27 10:47:19 461834 --a------ C:\WINDOWS\system32\perfh013.dat
2008-03-27 10:47:19 78662 --a------ C:\WINDOWS\system32\perfc013.dat
2008-03-25 20:02:29 0 d-------- C:\Documents and Settings\Hoogeboom\Application Data\uTorrent
2008-03-16 11:58:14 0 d-------- C:\Documents and Settings\Hoogeboom\Application Data\LimeWire
2008-03-15 12:27:48 0 d-------- C:\Program Files\nintendo ds
2008-03-13 16:14:29 0 d-------- C:\Program Files\Java
2008-03-05 18:15:03 0 d-------- C:\Program Files\ALCATEL PC Suite
2008-03-02 17:17:02 0 d-------- C:\Program Files\Alcohol Soft
2008-03-02 14:28:23 0 d-------- C:\Program Files\playstation
2008-02-20 18:46:30 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-20 17:16:22 0 d-------- C:\Program Files\Belastingdienst
2008-02-01 19:10:56 0 d-------- C:\Documents and Settings\Hoogeboom\Application Data\BearShare

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [17-09-2007 01:07]
"nwiz"="nwiz.exe" [17-09-2007 01:07 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 10:50]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [13-02-2004 14:07]
"hcenter"="C:\Program Files\@home\bin\tgcmd.exe" [06-02-2005 00:31]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [17-09-2007 01:07]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 22:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12-03-2008 14:30]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04-12-2007 14:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11-06-2007 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [02-03-2006 13:00]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [22-02-2008 16:58]

C:\Documents and Settings\Hoogeboom\Menu Start\Programma's\Opstarten\
.protected [27-3-2008 17:58:50]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
.protected [27-3-2008 17:58:50]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [28-12-2007 17:22:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hoogeboom^Menu Start^Programma's^Opstarten^Xfire.lnk]
path=C:\Documents and Settings\Hoogeboom\Menu Start\Programma's\Opstarten\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

*Newly Created Service* - SJYPKT

-- End of Deckard's System Scanner: finished at 2008-03-28 11:58:02 ------------

ik gedaan!

**smeenk** · 28-03-08, 14:06

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
sc delete a2ae1498.sys
sc delete catchme
sc delete Ip6Fw
sc delete XDva068
ren C:\WINDOWS\system32temp?01.exe system32tempZ01.exe
ren C:\WINDOWS\system32h?tkeysh??k.dll system32hZtkeyshZZk.dll
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\a.bat
C:\WINDOWS\winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32tempZ01.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32hZtkeyshZZk.dll
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\bdn.com
"C:\Documents and Settings\Hoogeboom\BureaubladFWebdEditor.exe"
"C:\Documents and Settings\Hoogeboom\Bureaubladfwebd.exe"
"C:\Documents and Settings\Hoogeboom\Bureaubladfilemanagerclient.exe"
C:\WINDOWS\system32\rclavahu.exe) DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
>>log.txt (
ECHO.
ECHO Deleting folders)
FOR %%I in (
C:\WINDOWS\mslagent
C:\WINDOWS\system32smp
"C:\Program Files\Inet Delivery"
"C:\Documents and Settings\All Users\Application Data\lytsrybo") DO (
IF EXIST %%I (
RD /S /Q %%I
IF EXIST %%I (
ECHO %%I not deleted>>log.txt
) ELSE (
ECHO %%I deleted>>log.txt)
) ELSE (
ECHO %%I not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

**ridia** · 28-03-08, 14:16

ok dan, hier komt ie:
Ik moet trouwens zeggen dat ik al een hele tijd geen popup meer heb gezien vandaag. Dat is al super!!

Deleting files
C:\WINDOWS\userconfig9x.dll deleted
C:\WINDOWS\system32winlogonpc.exe deleted
C:\WINDOWS\system32taack.exe deleted
C:\WINDOWS\system32taack.dat deleted
C:\WINDOWS\system32sncntr.exe deleted
C:\WINDOWS\system32mwin32.exe deleted
C:\WINDOWS\system32hxiwlgpm.exe deleted
C:\WINDOWS\system32hxiwlgpm.dat deleted
C:\WINDOWS\system32hoproxy.dll deleted
C:\WINDOWS\FVProtect.exe deleted
C:\WINDOWS\a.bat deleted
C:\WINDOWS\winsystem.exe deleted
C:\WINDOWS\system32WINWGPX.EXE deleted
C:\WINDOWS\system32winsystem.exe deleted
C:\WINDOWS\system32vcatchpi.dll deleted
C:\WINDOWS\system32vbsys2.dll deleted
C:\WINDOWS\system32thun32.dll deleted
C:\WINDOWS\system32thun.dll deleted
C:\WINDOWS\system32tempZ01.exe deleted
C:\WINDOWS\system32sysreq.exe deleted
C:\WINDOWS\system32ssvchost.exe deleted
C:\WINDOWS\system32ssvchost.com deleted
C:\WINDOWS\system32ssurf022.dll deleted
C:\WINDOWS\system32Rundl1.exe deleted
C:\WINDOWS\system32regm64.dll deleted
C:\WINDOWS\system32regc64.dll deleted
C:\WINDOWS\system32psoft1.exe deleted
C:\WINDOWS\system32psof1.exe deleted
C:\WINDOWS\system32ps1.exe deleted
C:\WINDOWS\system32newsd32.exe deleted
C:\WINDOWS\system32netode.exe deleted
C:\WINDOWS\system32mtr2.exe deleted
C:\WINDOWS\system32msvchost.exe deleted
C:\WINDOWS\system32mssecu.exe deleted
C:\WINDOWS\system32msnbho.dll deleted
C:\WINDOWS\system32msgp.exe deleted
C:\WINDOWS\system32medup020.dll deleted
C:\WINDOWS\system32medup012.dll deleted
C:\WINDOWS\system32hZtkeyshZZk.dll deleted
C:\WINDOWS\system32emesx.dll deleted
C:\WINDOWS\system32dpcproxy.exe deleted
C:\WINDOWS\system32bsva-egihsg52.exe deleted
C:\WINDOWS\system32bdn.com deleted
C:\WINDOWS\system32awtoolb.dll deleted
C:\WINDOWS\system32anticipator.dll deleted
C:\WINDOWS\system32akttzn.exe deleted
C:\WINDOWS\mssecu.exe deleted
C:\WINDOWS\bdn.com deleted
"C:\Documents and Settings\Hoogeboom\BureaubladFWebdEditor.exe" deleted
"C:\Documents and Settings\Hoogeboom\Bureaubladfwebd.exe" deleted
"C:\Documents and Settings\Hoogeboom\Bureaubladfilemanagerclient.exe" deleted
C:\WINDOWS\system32\rclavahu.exe deleted

Deleting folders
C:\WINDOWS\mslagent deleted
C:\WINDOWS\system32smp deleted
"C:\Program Files\Inet Delivery" deleted
"C:\Documents and Settings\All Users\Application Data\lytsrybo" deleted

**smeenk** · 28-03-08, 14:29

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Start de computer in veilige modus.
Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Post ook het 2e logje van RVAXO: C:\RVAXO-Vfind.log

**ridia** · 28-03-08, 14:55

Ik kan alleen de results log zenden. Het tweede log vfind heb ik niet(?)

---RVAXO.exe Updated: 2008-03-28---first run---
Uninstallers:

Files found:
C:\WINDOWS\system32\actskn45.ocx

Folders Found:

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:

--------------RVAXO.exe finished----------------

**smeenk** · 28-03-08, 14:59

Misschien heb je het zwarte cmd-venster te vroeg afgesloten.
Je zou RunMe.cmd nog een keer kunnen dubbelklikken en afwachten tot deze vanzelf sluit.
Kijk dan of je C:\RVAXO-Vfind.log vinden kunt

**ridia** · 28-03-08, 15:06

Ik heb even op "zoeken" gekeken en dit gevonden . Denk wel dat het goed is

----a-w 4,096 2008-03-27 14:46:06 C:\Documents and Settings\Hoogeboom\BureaubladEditorFKWP1.5.exe
----a-w 4,096 2008-03-27 14:46:06 C:\Documents and Settings\Hoogeboom\BureaubladEditorFKWP2.0.exe
----a-w 4,096 2008-03-27 14:46:06 C:\Documents and Settings\Hoogeboom\Bureaubladfkwp1.5.exe
----a-w 4,096 2008-03-27 14:46:06 C:\Documents and Settings\Hoogeboom\Bureaubladfkwp2.0.exe
----a-w 4,096 2008-03-27 14:46:07 C:\Documents and Settings\Hoogeboom\BureaubladTrojan.Win32.BlackBird.exe
----a-w 4,506,256 2008-03-16 10:59:08 C:\Documents and Settings\Hoogeboom\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
----a-w 23,510,720 2008-03-25 06:27:39 C:\Documents and Settings\Hoogeboom\Application Data\Sony Setup\09063B41-0916-4360-A80D-0C2A2B89D300\dotnetfx.exe
----a-w 686,630 2008-03-28 10:54:06 C:\Documents and Settings\Hoogeboom\Bureaublad\dss.exe
----a-w 413,696 2008-03-28 12:36:31 C:\Documents and Settings\Hoogeboom\Bureaublad\RVAXO.exe
----a-w 193,389 2008-03-27 16:57:33 C:\Documents and Settings\Hoogeboom\Local Settings\Temporary Internet Files\Content.IE5\6AHJIUO5\PCAntispyware_Installer[1].exe
----a-w 14,113,576 2008-03-27 17:11:12 C:\Documents and Settings\Hoogeboom\Local Settings\Temporary Internet Files\Content.IE5\Y3SW3HNB\avgas-setup-7.5.1.43-3339[1].exe
----a-w 19,693,376 2008-03-05 15:03:45 C:\Documents and Settings\Hoogeboom\Mijn documenten\setupdut.exe
----a-w 1,194,496 2008-03-02 14:42:33 C:\Program Files\Alcohol Soft\Alcohol 120% (Retail) Activation Keymaker v3.8-BetaMaster\keymaker.exe
----a-w 475,893 2008-03-27 17:11:49 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
----a-w 10,352,128 2008-03-15 22:16:10 C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
----a-w 385,024 2008-03-12 13:30:19 C:\Program Files\QuickTime\qttask.exe
----a-w 142,336 2008-03-26 06:15:46 C:\SDFix\catchme.exe
----a-w 10,240 2008-03-26 06:15:42 C:\SDFix\apps\cliptext.exe
----a-w 61,440 2008-03-26 06:15:42 C:\SDFix\apps\download.exe
----a-w 157,696 2008-03-26 06:15:43 C:\SDFix\apps\ERUNT.EXE
----a-w 27,136 2008-03-26 06:15:43 C:\SDFix\apps\FixPath.exe
----a-w 80,412 2008-03-26 06:15:43 C:\SDFix\apps\grep.exe
----a-w 33,280 2008-03-26 06:15:44 C:\SDFix\apps\isadmin.exe
----a-w 49,152 2008-03-26 06:15:44 C:\SDFix\apps\LS.exe
----a-w 6,656 2008-03-26 06:15:44 C:\SDFix\apps\MD5File.exe
----a-w 53,248 2008-03-26 06:15:44 C:\SDFix\apps\Process.exe
----a-w 16,414 2008-03-26 06:15:44 C:\SDFix\apps\procs.exe
----a-w 61,440 2008-03-26 06:15:44 C:\SDFix\apps\psservice.exe
----a-w 8,192 2008-03-26 06:15:45 C:\SDFix\apps\RestartIt!.exe
----a-w 31,232 2008-03-26 06:15:45 C:\SDFix\apps\sc.exe
----a-w 98,816 2008-03-26 06:15:45 C:\SDFix\apps\sed.exe
----a-w 49,152 2008-03-26 06:15:45 C:\SDFix\apps\SF.exe
----a-w 19,456 2008-03-26 06:15:45 C:\SDFix\apps\shutdown.exe
----a-w 278,016 2008-03-26 06:15:46 C:\SDFix\apps\swreg.exe
----a-w 40,960 2008-03-26 06:15:46 C:\SDFix\apps\swsc.exe
----a-w 167,936 2008-03-26 06:15:46 C:\SDFix\apps\unzip.exe
----a-w 49,152 2008-03-26 06:15:46 C:\SDFix\apps\vfind.exe
----a-w 41,472 2008-03-26 06:15:46 C:\SDFix\apps\WINMSG.EXE
----a-w 126,976 2008-03-26 06:15:46 C:\SDFix\apps\zip.exe
----a-w 146,432 2008-03-26 06:15:44 C:\SDFix\apps\Replace\regedit.exe
----a-w 94,208 2008-03-26 06:15:45 C:\SDFix\apps\Replace\W2K.exe
----a-w 94,208 2008-03-26 06:15:45 C:\SDFix\apps\Replace\XP.exe
------w 9,046,472 2008-03-02 14:43:38 C:\WINDOWS\alcohol120_retail_1.9.7.6221.exe
----a-w 15,360 2008-03-27 10:44:54 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
----a-w 163,328 2008-03-26 06:15:43 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
----a-w 163,328 2008-03-26 06:15:43 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-r 593,920 2008-03-21 18:15:31 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
----a-r 12,288 2008-03-21 18:15:31 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 86,016 2008-03-21 18:15:31 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
----a-r 135,168 2008-03-21 18:15:30 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 11,264 2008-03-21 18:15:31 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
----a-r 27,136 2008-03-21 18:15:31 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
----a-r 4,096 2008-03-21 18:15:31 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 794,624 2008-03-21 18:15:31 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
----a-r 249,856 2008-03-21 18:15:31 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
----a-r 61,440 2008-03-21 18:15:30 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
----a-r 23,040 2008-03-21 18:15:31 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
----a-r 286,720 2008-03-21 18:15:30 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
----a-r 409,600 2008-03-21 18:15:30 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
----a-w 19,148,408 2008-03-05 16:30:54 C:\WINDOWS\system32\MRT.exe

Entries: 60 (60)
Directories: 0 Files: 60
Bytes: 108,723,386 Blocks: 212,357
=============
----a-w 169,336 2008-03-28 12:46:45 C:\Program Files\Alwil Software\Avast4\DATA\aswar0.dll
----a-w 391,216 2008-03-28 12:46:45 C:\Program Files\Alwil Software\Avast4\DATA\clnr0.dll
----a-w 9,080 2008-03-28 12:46:45 C:\Program Files\Alwil Software\Avast4\DATA\exts0.dll
----a-w 127,024 2008-03-27 09:49:31 C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll
----a-w 69,120 2008-03-27 09:46:46 C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
----a-w 72,192 2008-03-27 09:46:56 C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
----a-w 4,444,160 2008-03-27 09:46:16 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
----a-w 3,036,160 2008-03-27 09:46:33 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
----a-w 483,840 2008-03-27 09:46:59 C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClie nt.dll
----a-w 258,048 2008-03-27 09:47:04 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.dll
----a-w 113,664 2008-03-27 09:47:04 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.Wrapper.dll
----a-w 261,120 2008-03-27 09:46:57 C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
----a-w 5,431,296 2008-03-27 09:46:28 C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
----a-w 10,752 2008-03-27 09:46:42 C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
----a-w 507,904 2008-03-27 09:46:31 C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
----a-w 13,312 2008-03-27 09:46:45 C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
----a-w 8,192 2008-03-27 09:46:49 C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
----a-w 77,824 2008-03-27 09:46:51 C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
----a-w 6,656 2008-03-27 09:46:52 C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
----a-w 348,160 2008-03-27 09:47:05 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine .dll
----a-w 36,864 2008-03-27 09:47:05 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Fra mework.dll
----a-w 655,360 2008-03-27 09:47:07 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.d ll
----a-w 77,824 2008-03-27 09:47:08 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Uti lities.dll
----a-w 749,568 2008-03-27 09:46:53 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
----a-w 671,744 2008-03-27 09:46:48 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.d ll
----a-w 372,736 2008-03-27 09:46:49 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft .VisualBasic.Compatibility.dll
----a-w 110,592 2008-03-27 09:46:50 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Micr osoft.VisualBasic.Compatibility.Data.dll
----a-w 28,672 2008-03-27 09:47:00 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBas ic.Vsa.dll
----a-w 5,632 2008-03-27 09:46:21 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
----a-w 32,768 2008-03-27 09:46:47 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
----a-w 12,800 2008-03-27 09:47:02 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.V sa.Vb.CodeDOMProcessor.dll
----a-w 7,168 2008-03-27 09:46:47 C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
----a-w 110,592 2008-03-27 09:46:54 C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
----a-w 3,076,096 2008-03-27 09:46:38 C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
----a-w 425,984 2008-03-27 09:46:32 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
----a-w 81,920 2008-03-27 09:46:55 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configura tion.Install.dll
----a-w 741,376 2008-03-27 09:46:35 C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
----a-w 933,888 2008-03-27 09:46:36 C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
----a-w 5,070,848 2008-03-27 09:47:10 C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
----a-w 401,408 2008-03-27 09:46:43 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServ ices.dll
----a-w 188,416 2008-03-27 09:47:06 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.Dir ectoryServices.Protocols.dll
----a-w 630,784 2008-03-27 09:46:23 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
----a-w 81,920 2008-03-27 09:47:01 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.d ll
----a-w 372,736 2008-03-27 09:47:03 C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
----a-w 258,048 2008-03-27 09:47:01 C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
----a-w 299,008 2008-03-27 09:46:58 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoti ng.dll
----a-w 131,072 2008-03-27 09:46:57 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\ System.Runtime.Serialization.Formatters.Soap.dll
----a-w 258,048 2008-03-27 09:46:23 C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
----a-w 114,688 2008-03-27 09:46:25 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.d ll
----a-w 884,736 2008-03-27 09:46:40 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
----a-w 90,112 2008-03-27 09:46:41 C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.Regu larExpressions.dll
----a-w 839,680 2008-03-27 09:46:39 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
----a-w 5,013,504 2008-03-27 09:46:44 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
----a-w 2,068,480 2008-03-27 09:46:27 C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
----a-w 27,136 2008-03-27 10:44:34 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Access ibility.ni.dll
----a-w 884,736 2008-03-27 10:44:52 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetM MCExt.ni.dll
----a-w 237,568 2008-03-27 10:44:56 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\Cus tomMarshalers.ni.dll
----a-w 876,544 2008-03-27 10:45:01 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b \Microsoft.Build.Engine.ni.dll
----a-w 81,920 2008-03-27 10:45:02 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e \Microsoft.Build.Framework.ni.dll
----a-w 1,695,744 2008-03-27 10:45:12 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8 \Microsoft.Build.Tasks.ni.dll
----a-w 167,936 2008-03-27 10:45:15 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489 \Microsoft.Build.Utilities.ni.dll
----a-w 1,740,800 2008-03-27 10:45:22 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f \Microsoft.VisualBasic.ni.dll
----a-w 11,722,752 2008-03-27 09:53:11 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni .dll
----a-w 8,265,728 2008-03-27 09:56:59 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
----a-w 1,011,712 2008-03-27 10:45:26 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b \System.Configuration.ni.dll
----a-w 7,049,216 2008-03-27 09:57:30 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.D ata.ni.dll
----a-w 1,798,144 2008-03-27 10:45:31 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\Sy stem.Deployment.ni.dll
----a-w 10,969,088 2008-03-27 09:58:09 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System .Design.ni.dll
----a-w 1,224,704 2008-03-27 10:45:35 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881 \System.DirectoryServices.ni.dll
----a-w 512,000 2008-03-27 10:45:37 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d \System.DirectoryServices.Protocols.ni.dll
----a-w 1,667,072 2008-03-27 09:58:16 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\Syste m.Drawing.ni.dll
----a-w 229,376 2008-03-27 09:58:18 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa \System.Drawing.Design.ni.dll
----a-w 659,456 2008-03-27 10:45:41 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56 \System.EnterpriseServices.ni.dll
----a-w 294,912 2008-03-27 10:45:41 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56 \System.EnterpriseServices.Wrapper.dll
----a-w 733,184 2008-03-27 10:45:44 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\Syst em.Security.ni.dll
----a-w 233,472 2008-03-27 10:45:46 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9 \System.ServiceProcess.ni.dll
----a-w 679,936 2008-03-27 10:45:48 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\ System.Transactions.ni.dll
----a-w 12,509,184 2008-03-27 10:46:35 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.We b.ni.dll
----a-w 2,342,912 2008-03-27 11:15:20 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\Sy stem.Web.Mobile.ni.dll
----a-w 237,568 2008-03-27 11:15:22 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa \System.Web.RegularExpressions.ni.dll
----a-w 1,986,560 2008-03-27 11:15:29 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\ System.Web.Services.ni.dll
----a-w 13,193,216 2008-03-27 09:59:24 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5 \System.Windows.Forms.ni.dll
----a-w 5,771,264 2008-03-27 09:59:49 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xm l.ni.dll
----a-w 8,192 2008-03-27 09:46:49 C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
----a-w 258,048 2008-03-27 09:47:04 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
----a-w 113,664 2008-03-27 09:47:04 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

Entries: 86 (86)
Directories: 0 Files: 86
Bytes: 129,857,872 Blocks: 253,631
=============
----a-w 2,559 2008-03-28 12:13:27 C:\Documents and Settings\Hoogeboom\Bureaublad\del.bat
----a-w 512,303 2008-03-26 06:15:47 C:\SDFix\RunThis.bat
----a-w 106 2008-03-26 17:30:59 C:\WINDOWS\system32\delself.bat
----a-w 767,957 2008-03-28 13:30:40 C:\WINDOWS\system32\RVAXO.bat

Entries: 4 (4)
Directories: 0 Files: 4
Bytes: 1,282,925 Blocks: 2,507
=============
--sha-w 805,306,368 2008-03-28 12:46:30 C:\pagefile.sys
---ha-w 1,024 2008-03-26 06:15:46 C:\SDFix\dummy.sys
----a-w 1,024 2008-03-26 06:15:42 C:\SDFix\apps\dummy.sys
----a-w 4,080 2008-03-26 06:15:44 C:\SDFix\apps\Replace\w2k\beep.sys
----a-w 2,800 2008-03-26 06:15:44 C:\SDFix\apps\Replace\w2k\null.sys
----a-w 4,224 2008-03-26 06:15:45 C:\SDFix\apps\Replace\xp\beep.sys
----a-w 2,944 2008-03-26 06:15:45 C:\SDFix\apps\Replace\xp\null.sys
-c--a-w 4,224 2008-03-26 06:15:45 C:\WINDOWS\system32\dllcache\beep.sys
----a-w 4,224 2008-03-26 06:15:45 C:\WINDOWS\system32\drivers\beep.sys

Entries: 9 (7)
Directories: 0 Files: 9
Bytes: 805,330,912 Blocks: 1,572,915
=============

**smeenk** · 28-03-08, 15:22

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
rd /s /q C:\SDFix
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\system32\delself.bat
"C:\Documents and Settings\Hoogeboom\BureaubladEditorFKWP1.5.exe"
"C:\Documents and Settings\Hoogeboom\BureaubladEditorFKWP2.0.exe"
"C:\Documents and Settings\Hoogeboom\Bureaubladfkwp1.5.exe"
"C:\Documents and Settings\Hoogeboom\Bureaubladfkwp2.0.exe"
"C:\Documents and Settings\Hoogeboom\BureaubladTrojan.Win32.BlackBird.exe") DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.
Post ook een nieuw logje van Deckard's System Scanner

**ridia** · 28-03-08, 15:36

Gedaan

Deleting files
C:\WINDOWS\system32\delself.bat not found
"C:\Documents and Settings\Hoogeboom\BureaubladEditorFKWP1.5.exe" not found
"C:\Documents and Settings\Hoogeboom\BureaubladEditorFKWP2.0.exe" not found
"C:\Documents and Settings\Hoogeboom\Bureaubladfkwp1.5.exe" not found
"C:\Documents and Settings\Hoogeboom\Bureaubladfkwp2.0.exe" not found
"C:\Documents and Settings\Hoogeboom\BureaubladTrojan.Win32.BlackBird.exe" not found

dit is de dss log:

Deckard's System Scanner v20071014.68
Run by Hoogeboom on 2008-03-28 14:32:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Hoogeboom.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:32:46, on 28-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\@home\bin\tgcmd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Hoogeboom\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HOOGEB~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [hcenter] "C:\Program Files\@home\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184770827281
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7666 bytes

-- Files created between 2008-02-28 and 2008-03-28 -----------------------------

2008-03-28 13:46:43 0 d-------- C:\RVAXO
2008-03-28 13:43:51 767957 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-03-28 13:43:51 69632 --a------ C:\WINDOWS\system32\remove.exe
2008-03-27 18:11:54 0 d-------- C:\Documents and Settings\Hoogeboom\Application Data\Grisoft
2008-03-27 18:11:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-27 17:57:35 0 d-------- C:\Program Files\PC-Antispyware
2008-03-27 11:19:32 0 d-------- C:\WINDOWS\ERUNT
2008-03-25 07:25:36 0 d-------- C:\Documents and Settings\Hoogeboom\Application Data\Sony Setup
2008-03-25 07:23:41 0 d-------- C:\Program Files\Sony Setup
2008-03-12 14:30:18 0 d-------- C:\Program Files\QuickTime
2008-03-05 16:14:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-05 16:05:11 0 d-------- C:\Program Files\Alwil Software

-- Find3M Report ---------------------------------------------------------------

2008-03-27 17:21:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-27 17:20:43 0 d-------- C:\Program Files\Hitman Pro
2008-03-27 10:47:19 461834 --a------ C:\WINDOWS\system32\perfh013.dat
2008-03-27 10:47:19 78662 --a------ C:\WINDOWS\system32\perfc013.dat
2008-03-25 20:02:29 0 d-------- C:\Documents and Settings\Hoogeboom\Application Data\uTorrent
2008-03-16 11:58:14 0 d-------- C:\Documents and Settings\Hoogeboom\Application Data\LimeWire
2008-03-15 12:27:48 0 d-------- C:\Program Files\nintendo ds
2008-03-13 16:14:29 0 d-------- C:\Program Files\Java
2008-03-05 18:15:03 0 d-------- C:\Program Files\ALCATEL PC Suite
2008-03-02 17:17:02 0 d-------- C:\Program Files\Alcohol Soft
2008-03-02 14:28:23 0 d-------- C:\Program Files\playstation
2008-02-20 18:46:30 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-20 17:16:22 0 d-------- C:\Program Files\Belastingdienst
2008-02-01 19:10:56 0 d-------- C:\Documents and Settings\Hoogeboom\Application Data\BearShare

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [17-09-2007 01:07]
"nwiz"="nwiz.exe" [17-09-2007 01:07 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 10:50]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [13-02-2004 14:07]
"hcenter"="C:\Program Files\@home\bin\tgcmd.exe" [06-02-2005 00:31]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [17-09-2007 01:07]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 22:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12-03-2008 14:30]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04-12-2007 14:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11-06-2007 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [02-03-2006 13:00]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [22-02-2008 16:58]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [28-12-2007 17:22:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hoogeboom^Menu Start^Programma's^Opstarten^Xfire.lnk]
path=C:\Documents and Settings\Hoogeboom\Menu Start\Programma's\Opstarten\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

*Newly Created Service* - SJYPKT

-- End of Deckard's System Scanner: finished at 2008-03-28 14:33:24 ------------

**smeenk** · 28-03-08, 15:41

Ik denk dat we er wel zijn

Doe dit nog:
Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
Dit zal alles van RVAXO doen verwijderen.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Alle gebruikte programma's mag je verwijderen

**ridia** · 28-03-08, 15:55

Super Smeenk!
Ontzettend bedankt!

**smeenk** · 28-03-08, 16:39

Graag gedaan hoor

Mededeling

system integrity scan wizard

system integrity scan wizard

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment