Mededeling

Collapse
No announcement yet.

system integrity scan wizard

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • system integrity scan wizard

    hallo,

    Ik kreeg gisteren constant een popup met system integrity scan wizard.
    Vandaag steeds de waarschuwing dat ik spyware op mijn computer heb en
    Ik zou iets moeten downloaden via de website top rated spyware removers.
    Tuurlijk is dit alles spyware, maar hoe kom ik er vanaf.
    Kan en wil iemand mij daar mee helpen?
    Alvast bedankt!

    Hier volgt alvast een hyack this log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:05:56, on 28-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
    C:\Program Files\@home\bin\tgcmd.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\rclavahu.exe
    C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\IncrediMail\bin\IncMail.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
    O4 - HKLM\..\Run: [hcenter] "C:\Program Files\@home\bin\tgcmd.exe" /server /startmonitor
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [qavluzyh] C:\WINDOWS\system32\rclavahu.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: .protected
    O4 - Global Startup: .protected
    O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184770827281
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 7819 bytes

  • #2
    Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regel:
    O4 - HKCU\..\Run: [qavluzyh] C:\WINDOWS\system32\rclavahu.exe
    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    Herstart je computer even.

    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      Ok, heb Deckard's System Scanner v20071014.68
      Run by Hoogeboom on 2008-03-28 11:55:31
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 5 Restore Point(s) --
      55: 2008-03-28 10:55:40 UTC - RP239 - Deckard's System Scanner Restore Point
      54: 2008-03-27 16:21:43 UTC - RP238 - Removed ijji Auto Installer
      53: 2008-03-27 09:38:14 UTC - RP237 - Software Distribution Service 3.0
      52: 2008-03-25 16:09:29 UTC - RP236 - Controlepunt van systeem
      51: 2008-03-23 07:52:42 UTC - RP235 - Controlepunt van systeem


      -- First Restore Point --
      1: 2007-12-28 16:21:49 UTC - RP185 - Removed WG111v2 Configuration Utility


      Backed up registry hives.
      Performed disk cleanup.



      -- HijackThis (run as Hoogeboom.exe) -------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:56:52, on 28-3-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
      C:\Program Files\@home\bin\tgcmd.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\slserv.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\WINDOWS\system32\wscntfy.exe
      C:\Documents and Settings\Hoogeboom\Bureaublad\dss.exe
      C:\PROGRA~1\TRENDM~1\HIJACK~1\Hoogeboom.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
      O4 - HKLM\..\Run: [hcenter] "C:\Program Files\@home\bin\tgcmd.exe" /server /startmonitor
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: .protected
      O4 - Global Startup: .protected
      O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184770827281
      O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

      --
      End of file - 7807 bytes

      -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

      backup-20070929-104933-209 O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      backup-20070929-104933-483 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      backup-20070929-104933-868 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
      backup-20070929-104933-934 O2 - BHO: Internet Explorer Helper - {4B2C442C-4C2C-472B-4129-24AC2BC4C2DE} - C:\WINDOWS\system\wkccts32.dll
      backup-20070929-104934-830 O20 - Winlogon Notify: fccyxxv - fccyxxv.dll (file missing)
      backup-20080328-114916-415 O4 - HKCU\..\Run: [qavluzyh] C:\WINDOWS\system32\rclavahu.exe

      -- File Associations -----------------------------------------------------------

      All associations okay.


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
      R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
      R3 scrcap - c:\windows\system32\drivers\scrcap.sys <Not Verified; ZD Soft; ZD Soft Screen Capture Series>
      R3 SjyPkt - c:\windows\system32\drivers\sjypkt.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>

      S1 a2ae1498.sys - c:\windows\system32\drivers\a2ae1498.sys (file missing)
      S3 catchme - c:\docume~1\hoogeb~1\locals~1\temp\catchme.sys (file missing)
      S3 Ip6Fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)
      S3 XDva068 - c:\windows\system32\xdva068.sys (file missing)


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>


      -- Device Manager: Disabled ----------------------------------------------------

      No disabled devices found.


      -- Files created between 2008-02-28 and 2008-03-28 -----------------------------

      2008-03-27 18:11:54 0 d-------- C:\Documents and Settings\Hoogeboom\Application Data\Grisoft
      2008-03-27 18:11:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-03-27 17:57:35 0 d-------- C:\Program Files\PC-Antispyware
      2008-03-27 15:46:07 4096 --a------ C:\WINDOWS\userconfig9x.dll
      2008-03-27 15:46:07 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
      2008-03-27 15:46:07 4096 --a------ C:\WINDOWS\system32taack.exe
      2008-03-27 15:46:07 4096 --a------ C:\WINDOWS\system32taack.dat
      2008-03-27 15:46:07 4096 --a------ C:\WINDOWS\system32sncntr.exe
      2008-03-27 15:46:07 4096 --a------ C:\WINDOWS\system32mwin32.exe
      2008-03-27 15:46:07 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
      2008-03-27 15:46:07 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
      2008-03-27 15:46:07 4096 --a------ C:\WINDOWS\system32hoproxy.dll
      2008-03-27 15:46:07 4096 --a------ C:\WINDOWS\FVProtect.exe
      2008-03-27 15:46:07 4096 --a------ C:\WINDOWS\a.bat
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\winsystem.exe
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32winsystem.exe
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32vbsys2.dll
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32thun32.dll
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32thun.dll
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32temp#01.exe
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32sysreq.exe
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32ssvchost.exe
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32ssvchost.com
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32ssurf022.dll
      2008-03-27 15:46:06 0 d-------- C:\WINDOWS\system32smp
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32Rundl1.exe
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32regm64.dll
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32regc64.dll
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32psoft1.exe
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32psof1.exe
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32ps1.exe
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32newsd32.exe
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32netode.exe
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32mtr2.exe
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32msvchost.exe
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32mssecu.exe
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32msnbho.dll
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32msgp.exe
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32medup020.dll
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32medup012.dll
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\[email protected]@@k.dll
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32emesx.dll
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32bdn.com
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32awtoolb.dll
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32anticipator.dll
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\system32akttzn.exe
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\mssecu.exe
      2008-03-27 15:46:06 0 d-------- C:\WINDOWS\mslagent
      2008-03-27 15:46:06 4096 --a------ C:\WINDOWS\bdn.com
      2008-03-27 15:46:06 0 d-------- C:\Program Files\Inet Delivery
      2008-03-27 15:46:06 4096 --a------ C:\Documents and Settings\Hoogeboom\BureaubladFWebdEditor.exe
      2008-03-27 15:46:06 4096 --a------ C:\Documents and Settings\Hoogeboom\Bureaubladfwebd.exe
      2008-03-27 15:46:06 4096 --a------ C:\Documents and Settings\Hoogeboom\Bureaubladfilemanagerclient.exe
      2008-03-27 15:45:54 98304 --a------ C:\WINDOWS\system32\rclavahu.exe
      2008-03-27 15:45:54 0 d-------- C:\Documents and Settings\All Users\Application Data\lytsrybo
      2008-03-27 11:19:32 0 d-------- C:\WINDOWS\ERUNT
      2008-03-26 18:30:59 106 --a------ C:\WINDOWS\system32\delself.bat
      2008-03-25 07:25:36 0 d-------- C:\Documents and Settings\Hoogeboom\Application Data\Sony Setup
      2008-03-25 07:23:41 0 d-------- C:\Program Files\Sony Setup
      2008-03-12 14:30:18 0 d-------- C:\Program Files\QuickTime
      2008-03-05 16:14:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
      2008-03-05 16:05:11 0 d-------- C:\Program Files\Alwil Software


      -- Find3M Report ---------------------------------------------------------------

      2008-03-27 17:21:44 0 d--h----- C:\Program Files\InstallShield Installation Information
      2008-03-27 17:20:43 0 d-------- C:\Program Files\Hitman Pro
      2008-03-27 10:47:19 461834 --a------ C:\WINDOWS\system32\perfh013.dat
      2008-03-27 10:47:19 78662 --a------ C:\WINDOWS\system32\perfc013.dat
      2008-03-25 20:02:29 0 d-------- C:\Documents and Settings\Hoogeboom\Application Data\uTorrent
      2008-03-16 11:58:14 0 d-------- C:\Documents and Settings\Hoogeboom\Application Data\LimeWire
      2008-03-15 12:27:48 0 d-------- C:\Program Files\nintendo ds
      2008-03-13 16:14:29 0 d-------- C:\Program Files\Java
      2008-03-05 18:15:03 0 d-------- C:\Program Files\ALCATEL PC Suite
      2008-03-02 17:17:02 0 d-------- C:\Program Files\Alcohol Soft
      2008-03-02 14:28:23 0 d-------- C:\Program Files\playstation
      2008-02-20 18:46:30 0 d-------- C:\Program Files\Common Files\Adobe
      2008-02-20 17:16:22 0 d-------- C:\Program Files\Belastingdienst
      2008-02-01 19:10:56 0 d-------- C:\Documents and Settings\Hoogeboom\Application Data\BearShare


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [17-09-2007 01:07]
      "nwiz"="nwiz.exe" [17-09-2007 01:07 C:\WINDOWS\system32\nwiz.exe]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 10:50]
      "Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [13-02-2004 14:07]
      "hcenter"="C:\Program Files\@home\bin\tgcmd.exe" [06-02-2005 00:31]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [17-09-2007 01:07]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 22:16]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12-03-2008 14:30]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04-12-2007 14:00]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11-06-2007 10:25]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [02-03-2006 13:00]
      "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [22-02-2008 16:58]

      C:\Documents and Settings\Hoogeboom\Menu Start\Programma's\Opstarten\
      .protected [27-3-2008 17:58:50]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      .protected [27-3-2008 17:58:50]
      WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [28-12-2007 17:22:50]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "DisableRegistryTools"=0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hoogeboom^Menu Start^Programma's^Opstarten^Xfire.lnk]
      path=C:\Documents and Settings\Hoogeboom\Menu Start\Programma's\Opstarten\Xfire.lnk
      backup=C:\WINDOWS\pss\Xfire.lnkStartup

      *Newly Created Service* - SJYPKT



      -- End of Deckard's System Scanner: finished at 2008-03-28 11:58:02 ------------

      ik gedaan!

      Comment


      • #4
        Open een kladblokbestand.
        Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

        @ECHO OFF
        sc delete a2ae1498.sys
        sc delete catchme
        sc delete Ip6Fw
        sc delete XDva068
        ren C:\WINDOWS\system32temp?01.exe system32tempZ01.exe
        ren C:\WINDOWS\system32h?tkeysh??k.dll system32hZtkeyshZZk.dll
        IF EXIST log.txt DEL log.txt
        ECHO Deleting files>>log.txt
        FOR %%g in (
        C:\WINDOWS\userconfig9x.dll
        C:\WINDOWS\system32winlogonpc.exe
        C:\WINDOWS\system32taack.exe
        C:\WINDOWS\system32taack.dat
        C:\WINDOWS\system32sncntr.exe
        C:\WINDOWS\system32mwin32.exe
        C:\WINDOWS\system32hxiwlgpm.exe
        C:\WINDOWS\system32hxiwlgpm.dat
        C:\WINDOWS\system32hoproxy.dll
        C:\WINDOWS\FVProtect.exe
        C:\WINDOWS\a.bat
        C:\WINDOWS\winsystem.exe
        C:\WINDOWS\system32WINWGPX.EXE
        C:\WINDOWS\system32winsystem.exe
        C:\WINDOWS\system32vcatchpi.dll
        C:\WINDOWS\system32vbsys2.dll
        C:\WINDOWS\system32thun32.dll
        C:\WINDOWS\system32thun.dll
        C:\WINDOWS\system32tempZ01.exe
        C:\WINDOWS\system32sysreq.exe
        C:\WINDOWS\system32ssvchost.exe
        C:\WINDOWS\system32ssvchost.com
        C:\WINDOWS\system32ssurf022.dll
        C:\WINDOWS\system32Rundl1.exe
        C:\WINDOWS\system32regm64.dll
        C:\WINDOWS\system32regc64.dll
        C:\WINDOWS\system32psoft1.exe
        C:\WINDOWS\system32psof1.exe
        C:\WINDOWS\system32ps1.exe
        C:\WINDOWS\system32newsd32.exe
        C:\WINDOWS\system32netode.exe
        C:\WINDOWS\system32mtr2.exe
        C:\WINDOWS\system32msvchost.exe
        C:\WINDOWS\system32mssecu.exe
        C:\WINDOWS\system32msnbho.dll
        C:\WINDOWS\system32msgp.exe
        C:\WINDOWS\system32medup020.dll
        C:\WINDOWS\system32medup012.dll
        C:\WINDOWS\system32hZtkeyshZZk.dll
        C:\WINDOWS\system32emesx.dll
        C:\WINDOWS\system32dpcproxy.exe
        C:\WINDOWS\system32bsva-egihsg52.exe
        C:\WINDOWS\system32bdn.com
        C:\WINDOWS\system32awtoolb.dll
        C:\WINDOWS\system32anticipator.dll
        C:\WINDOWS\system32akttzn.exe
        C:\WINDOWS\mssecu.exe
        C:\WINDOWS\bdn.com
        "C:\Documents and Settings\Hoogeboom\BureaubladFWebdEditor.exe"
        "C:\Documents and Settings\Hoogeboom\Bureaubladfwebd.exe"
        "C:\Documents and Settings\Hoogeboom\Bureaubladfilemanagerclient.exe"
        C:\WINDOWS\system32\rclavahu.exe) DO (
        IF EXIST %%g (
        ATTRIB -r -s -h %%g
        DEL %%g
        IF EXIST %%g (
        ECHO %%g not deleted>>log.txt
        ) ELSE (
        ECHO %%g deleted>>log.txt)
        ) ELSE (
        ECHO %%g not found>>log.txt))
        >>log.txt (
        ECHO.
        ECHO Deleting folders)
        FOR %%I in (
        C:\WINDOWS\mslagent
        C:\WINDOWS\system32smp
        "C:\Program Files\Inet Delivery"
        "C:\Documents and Settings\All Users\Application Data\lytsrybo") DO (
        IF EXIST %%I (
        RD /S /Q %%I
        IF EXIST %%I (
        ECHO %%I not deleted>>log.txt
        ) ELSE (
        ECHO %%I deleted>>log.txt)
        ) ELSE (
        ECHO %%I not found>>log.txt))
        START NOTEPAD.EXE log.txt

        Ga naar Bestand - Opslaan als.
        Bij "Opslaan in" kies je: Bureaublad
        Bij "Bestandsnaam" zet je: del.bat
        Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
        Klik op de knop Opslaan.

        Dubbelklik op del.bat en post de inhoud van de logfile die opent.
        Last edited by smeenk; 28-03-08, 14:08.

        Comment


        • #5
          ok dan, hier komt ie:
          Ik moet trouwens zeggen dat ik al een hele tijd geen popup meer heb gezien vandaag. Dat is al super!!


          Deleting files
          C:\WINDOWS\userconfig9x.dll deleted
          C:\WINDOWS\system32winlogonpc.exe deleted
          C:\WINDOWS\system32taack.exe deleted
          C:\WINDOWS\system32taack.dat deleted
          C:\WINDOWS\system32sncntr.exe deleted
          C:\WINDOWS\system32mwin32.exe deleted
          C:\WINDOWS\system32hxiwlgpm.exe deleted
          C:\WINDOWS\system32hxiwlgpm.dat deleted
          C:\WINDOWS\system32hoproxy.dll deleted
          C:\WINDOWS\FVProtect.exe deleted
          C:\WINDOWS\a.bat deleted
          C:\WINDOWS\winsystem.exe deleted
          C:\WINDOWS\system32WINWGPX.EXE deleted
          C:\WINDOWS\system32winsystem.exe deleted
          C:\WINDOWS\system32vcatchpi.dll deleted
          C:\WINDOWS\system32vbsys2.dll deleted
          C:\WINDOWS\system32thun32.dll deleted
          C:\WINDOWS\system32thun.dll deleted
          C:\WINDOWS\system32tempZ01.exe deleted
          C:\WINDOWS\system32sysreq.exe deleted
          C:\WINDOWS\system32ssvchost.exe deleted
          C:\WINDOWS\system32ssvchost.com deleted
          C:\WINDOWS\system32ssurf022.dll deleted
          C:\WINDOWS\system32Rundl1.exe deleted
          C:\WINDOWS\system32regm64.dll deleted
          C:\WINDOWS\system32regc64.dll deleted
          C:\WINDOWS\system32psoft1.exe deleted
          C:\WINDOWS\system32psof1.exe deleted
          C:\WINDOWS\system32ps1.exe deleted
          C:\WINDOWS\system32newsd32.exe deleted
          C:\WINDOWS\system32netode.exe deleted
          C:\WINDOWS\system32mtr2.exe deleted
          C:\WINDOWS\system32msvchost.exe deleted
          C:\WINDOWS\system32mssecu.exe deleted
          C:\WINDOWS\system32msnbho.dll deleted
          C:\WINDOWS\system32msgp.exe deleted
          C:\WINDOWS\system32medup020.dll deleted
          C:\WINDOWS\system32medup012.dll deleted
          C:\WINDOWS\system32hZtkeyshZZk.dll deleted
          C:\WINDOWS\system32emesx.dll deleted
          C:\WINDOWS\system32dpcproxy.exe deleted
          C:\WINDOWS\system32bsva-egihsg52.exe deleted
          C:\WINDOWS\system32bdn.com deleted
          C:\WINDOWS\system32awtoolb.dll deleted
          C:\WINDOWS\system32anticipator.dll deleted
          C:\WINDOWS\system32akttzn.exe deleted
          C:\WINDOWS\mssecu.exe deleted
          C:\WINDOWS\bdn.com deleted
          "C:\Documents and Settings\Hoogeboom\BureaubladFWebdEditor.exe" deleted
          "C:\Documents and Settings\Hoogeboom\Bureaubladfwebd.exe" deleted
          "C:\Documents and Settings\Hoogeboom\Bureaubladfilemanagerclient.exe" deleted
          C:\WINDOWS\system32\rclavahu.exe deleted

          Deleting folders
          C:\WINDOWS\mslagent deleted
          C:\WINDOWS\system32smp deleted
          "C:\Program Files\Inet Delivery" deleted
          "C:\Documents and Settings\All Users\Application Data\lytsrybo" deleted

          Comment


          • #6
            Download: RVAXO.exe
            • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
            • Start de computer in veilige modus.
            • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
              Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
            • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
            • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
              Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
            • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
            • Post de inhoud van de logfile in je volgende bericht.
            Post ook het 2e logje van RVAXO: C:\RVAXO-Vfind.log

            Comment


            • #7
              Ik kan alleen de results log zenden. Het tweede log vfind heb ik niet(?)

              ---RVAXO.exe Updated: 2008-03-28---first run---
              Uninstallers:

              Files found:
              C:\WINDOWS\system32\actskn45.ocx

              Folders Found:

              Hosts-file was reset, If you use a custom hosts file please replace it...

              --------------RVAXO.exe last run---------------
              Not deleted items:

              --------------RVAXO.exe finished----------------

              Comment


              • #8
                Misschien heb je het zwarte cmd-venster te vroeg afgesloten.
                Je zou RunMe.cmd nog een keer kunnen dubbelklikken en afwachten tot deze vanzelf sluit.
                Kijk dan of je C:\RVAXO-Vfind.log vinden kunt

                Comment


                • #9
                  Ik heb even op "zoeken" gekeken en dit gevonden . Denk wel dat het goed is

                  ----a-w 4,096 2008-03-27 14:46:06 C:\Documents and Settings\Hoogeboom\BureaubladEditorFKWP1.5.exe
                  ----a-w 4,096 2008-03-27 14:46:06 C:\Documents and Settings\Hoogeboom\BureaubladEditorFKWP2.0.exe
                  ----a-w 4,096 2008-03-27 14:46:06 C:\Documents and Settings\Hoogeboom\Bureaubladfkwp1.5.exe
                  ----a-w 4,096 2008-03-27 14:46:06 C:\Documents and Settings\Hoogeboom\Bureaubladfkwp2.0.exe
                  ----a-w 4,096 2008-03-27 14:46:07 C:\Documents and Settings\Hoogeboom\BureaubladTrojan.Win32.BlackBird.exe
                  ----a-w 4,506,256 2008-03-16 10:59:08 C:\Documents and Settings\Hoogeboom\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
                  ----a-w 23,510,720 2008-03-25 06:27:39 C:\Documents and Settings\Hoogeboom\Application Data\Sony Setup\09063B41-0916-4360-A80D-0C2A2B89D300\dotnetfx.exe
                  ----a-w 686,630 2008-03-28 10:54:06 C:\Documents and Settings\Hoogeboom\Bureaublad\dss.exe
                  ----a-w 413,696 2008-03-28 12:36:31 C:\Documents and Settings\Hoogeboom\Bureaublad\RVAXO.exe
                  ----a-w 193,389 2008-03-27 16:57:33 C:\Documents and Settings\Hoogeboom\Local Settings\Temporary Internet Files\Content.IE5\6AHJIUO5\PCAntispyware_Installer[1].exe
                  ----a-w 14,113,576 2008-03-27 17:11:12 C:\Documents and Settings\Hoogeboom\Local Settings\Temporary Internet Files\Content.IE5\Y3SW3HNB\avgas-setup-7.5.1.43-3339[1].exe
                  ----a-w 19,693,376 2008-03-05 15:03:45 C:\Documents and Settings\Hoogeboom\Mijn documenten\setupdut.exe
                  ----a-w 1,194,496 2008-03-02 14:42:33 C:\Program Files\Alcohol Soft\Alcohol 120% (Retail) Activation Keymaker v3.8-BetaMaster\keymaker.exe
                  ----a-w 475,893 2008-03-27 17:11:49 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
                  ----a-w 10,352,128 2008-03-15 22:16:10 C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
                  ----a-w 385,024 2008-03-12 13:30:19 C:\Program Files\QuickTime\qttask.exe
                  ----a-w 142,336 2008-03-26 06:15:46 C:\SDFix\catchme.exe
                  ----a-w 10,240 2008-03-26 06:15:42 C:\SDFix\apps\cliptext.exe
                  ----a-w 61,440 2008-03-26 06:15:42 C:\SDFix\apps\download.exe
                  ----a-w 157,696 2008-03-26 06:15:43 C:\SDFix\apps\ERUNT.EXE
                  ----a-w 27,136 2008-03-26 06:15:43 C:\SDFix\apps\FixPath.exe
                  ----a-w 80,412 2008-03-26 06:15:43 C:\SDFix\apps\grep.exe
                  ----a-w 33,280 2008-03-26 06:15:44 C:\SDFix\apps\isadmin.exe
                  ----a-w 49,152 2008-03-26 06:15:44 C:\SDFix\apps\LS.exe
                  ----a-w 6,656 2008-03-26 06:15:44 C:\SDFix\apps\MD5File.exe
                  ----a-w 53,248 2008-03-26 06:15:44 C:\SDFix\apps\Process.exe
                  ----a-w 16,414 2008-03-26 06:15:44 C:\SDFix\apps\procs.exe
                  ----a-w 61,440 2008-03-26 06:15:44 C:\SDFix\apps\psservice.exe
                  ----a-w 8,192 2008-03-26 06:15:45 C:\SDFix\apps\RestartIt!.exe
                  ----a-w 31,232 2008-03-26 06:15:45 C:\SDFix\apps\sc.exe
                  ----a-w 98,816 2008-03-26 06:15:45 C:\SDFix\apps\sed.exe
                  ----a-w 49,152 2008-03-26 06:15:45 C:\SDFix\apps\SF.exe
                  ----a-w 19,456 2008-03-26 06:15:45 C:\SDFix\apps\shutdown.exe
                  ----a-w 278,016 2008-03-26 06:15:46 C:\SDFix\apps\swreg.exe
                  ----a-w 40,960 2008-03-26 06:15:46 C:\SDFix\apps\swsc.exe
                  ----a-w 167,936 2008-03-26 06:15:46 C:\SDFix\apps\unzip.exe
                  ----a-w 49,152 2008-03-26 06:15:46 C:\SDFix\apps\vfind.exe
                  ----a-w 41,472 2008-03-26 06:15:46 C:\SDFix\apps\WINMSG.EXE
                  ----a-w 126,976 2008-03-26 06:15:46 C:\SDFix\apps\zip.exe
                  ----a-w 146,432 2008-03-26 06:15:44 C:\SDFix\apps\Replace\regedit.exe
                  ----a-w 94,208 2008-03-26 06:15:45 C:\SDFix\apps\Replace\W2K.exe
                  ----a-w 94,208 2008-03-26 06:15:45 C:\SDFix\apps\Replace\XP.exe
                  ------w 9,046,472 2008-03-02 14:43:38 C:\WINDOWS\alcohol120_retail_1.9.7.6221.exe
                  ----a-w 15,360 2008-03-27 10:44:54 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
                  ----a-w 163,328 2008-03-26 06:15:43 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
                  ----a-w 163,328 2008-03-26 06:15:43 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
                  ----a-r 593,920 2008-03-21 18:15:31 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
                  ----a-r 12,288 2008-03-21 18:15:31 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
                  ----a-r 86,016 2008-03-21 18:15:31 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
                  ----a-r 135,168 2008-03-21 18:15:30 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
                  ----a-r 11,264 2008-03-21 18:15:31 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
                  ----a-r 27,136 2008-03-21 18:15:31 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
                  ----a-r 4,096 2008-03-21 18:15:31 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
                  ----a-r 794,624 2008-03-21 18:15:31 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
                  ----a-r 249,856 2008-03-21 18:15:31 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
                  ----a-r 61,440 2008-03-21 18:15:30 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
                  ----a-r 23,040 2008-03-21 18:15:31 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
                  ----a-r 286,720 2008-03-21 18:15:30 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
                  ----a-r 409,600 2008-03-21 18:15:30 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
                  ----a-w 19,148,408 2008-03-05 16:30:54 C:\WINDOWS\system32\MRT.exe

                  Entries: 60 (60)
                  Directories: 0 Files: 60
                  Bytes: 108,723,386 Blocks: 212,357
                  =============
                  ----a-w 169,336 2008-03-28 12:46:45 C:\Program Files\Alwil Software\Avast4\DATA\aswar0.dll
                  ----a-w 391,216 2008-03-28 12:46:45 C:\Program Files\Alwil Software\Avast4\DATA\clnr0.dll
                  ----a-w 9,080 2008-03-28 12:46:45 C:\Program Files\Alwil Software\Avast4\DATA\exts0.dll
                  ----a-w 127,024 2008-03-27 09:49:31 C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll
                  ----a-w 69,120 2008-03-27 09:46:46 C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
                  ----a-w 72,192 2008-03-27 09:46:56 C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
                  ----a-w 4,444,160 2008-03-27 09:46:16 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
                  ----a-w 3,036,160 2008-03-27 09:46:33 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
                  ----a-w 483,840 2008-03-27 09:46:59 C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClie nt.dll
                  ----a-w 258,048 2008-03-27 09:47:04 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.dll
                  ----a-w 113,664 2008-03-27 09:47:04 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.Wrapper.dll
                  ----a-w 261,120 2008-03-27 09:46:57 C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
                  ----a-w 5,431,296 2008-03-27 09:46:28 C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
                  ----a-w 10,752 2008-03-27 09:46:42 C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
                  ----a-w 507,904 2008-03-27 09:46:31 C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
                  ----a-w 13,312 2008-03-27 09:46:45 C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
                  ----a-w 8,192 2008-03-27 09:46:49 C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
                  ----a-w 77,824 2008-03-27 09:46:51 C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
                  ----a-w 6,656 2008-03-27 09:46:52 C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
                  ----a-w 348,160 2008-03-27 09:47:05 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine .dll
                  ----a-w 36,864 2008-03-27 09:47:05 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Fra mework.dll
                  ----a-w 655,360 2008-03-27 09:47:07 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.d ll
                  ----a-w 77,824 2008-03-27 09:47:08 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Uti lities.dll
                  ----a-w 749,568 2008-03-27 09:46:53 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
                  ----a-w 671,744 2008-03-27 09:46:48 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.d ll
                  ----a-w 372,736 2008-03-27 09:46:49 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft .VisualBasic.Compatibility.dll
                  ----a-w 110,592 2008-03-27 09:46:50 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Micr osoft.VisualBasic.Compatibility.Data.dll
                  ----a-w 28,672 2008-03-27 09:47:00 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBas ic.Vsa.dll
                  ----a-w 5,632 2008-03-27 09:46:21 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
                  ----a-w 32,768 2008-03-27 09:46:47 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
                  ----a-w 12,800 2008-03-27 09:47:02 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.V sa.Vb.CodeDOMProcessor.dll
                  ----a-w 7,168 2008-03-27 09:46:47 C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
                  ----a-w 110,592 2008-03-27 09:46:54 C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
                  ----a-w 3,076,096 2008-03-27 09:46:38 C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
                  ----a-w 425,984 2008-03-27 09:46:32 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
                  ----a-w 81,920 2008-03-27 09:46:55 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configura tion.Install.dll
                  ----a-w 741,376 2008-03-27 09:46:35 C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
                  ----a-w 933,888 2008-03-27 09:46:36 C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
                  ----a-w 5,070,848 2008-03-27 09:47:10 C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
                  ----a-w 401,408 2008-03-27 09:46:43 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServ ices.dll
                  ----a-w 188,416 2008-03-27 09:47:06 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.Dir ectoryServices.Protocols.dll
                  ----a-w 630,784 2008-03-27 09:46:23 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
                  ----a-w 81,920 2008-03-27 09:47:01 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.d ll
                  ----a-w 372,736 2008-03-27 09:47:03 C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
                  ----a-w 258,048 2008-03-27 09:47:01 C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
                  ----a-w 299,008 2008-03-27 09:46:58 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoti ng.dll
                  ----a-w 131,072 2008-03-27 09:46:57 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\ System.Runtime.Serialization.Formatters.Soap.dll
                  ----a-w 258,048 2008-03-27 09:46:23 C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
                  ----a-w 114,688 2008-03-27 09:46:25 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.d ll
                  ----a-w 884,736 2008-03-27 09:46:40 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
                  ----a-w 90,112 2008-03-27 09:46:41 C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.Regu larExpressions.dll
                  ----a-w 839,680 2008-03-27 09:46:39 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
                  ----a-w 5,013,504 2008-03-27 09:46:44 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
                  ----a-w 2,068,480 2008-03-27 09:46:27 C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
                  ----a-w 27,136 2008-03-27 10:44:34 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Access ibility.ni.dll
                  ----a-w 884,736 2008-03-27 10:44:52 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetM MCExt.ni.dll
                  ----a-w 237,568 2008-03-27 10:44:56 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\Cus tomMarshalers.ni.dll
                  ----a-w 876,544 2008-03-27 10:45:01 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b \Microsoft.Build.Engine.ni.dll
                  ----a-w 81,920 2008-03-27 10:45:02 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e \Microsoft.Build.Framework.ni.dll
                  ----a-w 1,695,744 2008-03-27 10:45:12 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8 \Microsoft.Build.Tasks.ni.dll
                  ----a-w 167,936 2008-03-27 10:45:15 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489 \Microsoft.Build.Utilities.ni.dll
                  ----a-w 1,740,800 2008-03-27 10:45:22 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f \Microsoft.VisualBasic.ni.dll
                  ----a-w 11,722,752 2008-03-27 09:53:11 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni .dll
                  ----a-w 8,265,728 2008-03-27 09:56:59 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
                  ----a-w 1,011,712 2008-03-27 10:45:26 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b \System.Configuration.ni.dll
                  ----a-w 7,049,216 2008-03-27 09:57:30 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.D ata.ni.dll
                  ----a-w 1,798,144 2008-03-27 10:45:31 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\Sy stem.Deployment.ni.dll
                  ----a-w 10,969,088 2008-03-27 09:58:09 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System .Design.ni.dll
                  ----a-w 1,224,704 2008-03-27 10:45:35 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881 \System.DirectoryServices.ni.dll
                  ----a-w 512,000 2008-03-27 10:45:37 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d \System.DirectoryServices.Protocols.ni.dll
                  ----a-w 1,667,072 2008-03-27 09:58:16 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\Syste m.Drawing.ni.dll
                  ----a-w 229,376 2008-03-27 09:58:18 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa \System.Drawing.Design.ni.dll
                  ----a-w 659,456 2008-03-27 10:45:41 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56 \System.EnterpriseServices.ni.dll
                  ----a-w 294,912 2008-03-27 10:45:41 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56 \System.EnterpriseServices.Wrapper.dll
                  ----a-w 733,184 2008-03-27 10:45:44 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\Syst em.Security.ni.dll
                  ----a-w 233,472 2008-03-27 10:45:46 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9 \System.ServiceProcess.ni.dll
                  ----a-w 679,936 2008-03-27 10:45:48 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\ System.Transactions.ni.dll
                  ----a-w 12,509,184 2008-03-27 10:46:35 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.We b.ni.dll
                  ----a-w 2,342,912 2008-03-27 11:15:20 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\Sy stem.Web.Mobile.ni.dll
                  ----a-w 237,568 2008-03-27 11:15:22 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa \System.Web.RegularExpressions.ni.dll
                  ----a-w 1,986,560 2008-03-27 11:15:29 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\ System.Web.Services.ni.dll
                  ----a-w 13,193,216 2008-03-27 09:59:24 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5 \System.Windows.Forms.ni.dll
                  ----a-w 5,771,264 2008-03-27 09:59:49 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xm l.ni.dll
                  ----a-w 8,192 2008-03-27 09:46:49 C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
                  ----a-w 258,048 2008-03-27 09:47:04 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
                  ----a-w 113,664 2008-03-27 09:47:04 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

                  Entries: 86 (86)
                  Directories: 0 Files: 86
                  Bytes: 129,857,872 Blocks: 253,631
                  =============
                  ----a-w 2,559 2008-03-28 12:13:27 C:\Documents and Settings\Hoogeboom\Bureaublad\del.bat
                  ----a-w 512,303 2008-03-26 06:15:47 C:\SDFix\RunThis.bat
                  ----a-w 106 2008-03-26 17:30:59 C:\WINDOWS\system32\delself.bat
                  ----a-w 767,957 2008-03-28 13:30:40 C:\WINDOWS\system32\RVAXO.bat

                  Entries: 4 (4)
                  Directories: 0 Files: 4
                  Bytes: 1,282,925 Blocks: 2,507
                  =============
                  --sha-w 805,306,368 2008-03-28 12:46:30 C:\pagefile.sys
                  ---ha-w 1,024 2008-03-26 06:15:46 C:\SDFix\dummy.sys
                  ----a-w 1,024 2008-03-26 06:15:42 C:\SDFix\apps\dummy.sys
                  ----a-w 4,080 2008-03-26 06:15:44 C:\SDFix\apps\Replace\w2k\beep.sys
                  ----a-w 2,800 2008-03-26 06:15:44 C:\SDFix\apps\Replace\w2k\null.sys
                  ----a-w 4,224 2008-03-26 06:15:45 C:\SDFix\apps\Replace\xp\beep.sys
                  ----a-w 2,944 2008-03-26 06:15:45 C:\SDFix\apps\Replace\xp\null.sys
                  -c--a-w 4,224 2008-03-26 06:15:45 C:\WINDOWS\system32\dllcache\beep.sys
                  ----a-w 4,224 2008-03-26 06:15:45 C:\WINDOWS\system32\drivers\beep.sys

                  Entries: 9 (7)
                  Directories: 0 Files: 9
                  Bytes: 805,330,912 Blocks: 1,572,915
                  =============

                  Comment


                  • #10
                    Open een kladblokbestand.
                    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                    @ECHO OFF
                    rd /s /q C:\SDFix
                    IF EXIST log.txt DEL log.txt
                    ECHO Deleting files>>log.txt
                    FOR %%g in (
                    C:\WINDOWS\system32\delself.bat
                    "C:\Documents and Settings\Hoogeboom\BureaubladEditorFKWP1.5.exe"
                    "C:\Documents and Settings\Hoogeboom\BureaubladEditorFKWP2.0.exe"
                    "C:\Documents and Settings\Hoogeboom\Bureaubladfkwp1.5.exe"
                    "C:\Documents and Settings\Hoogeboom\Bureaubladfkwp2.0.exe"
                    "C:\Documents and Settings\Hoogeboom\BureaubladTrojan.Win32.BlackBird.exe") DO (
                    IF EXIST %%g (
                    ATTRIB -r -s -h %%g
                    DEL %%g
                    IF EXIST %%g (
                    ECHO %%g not deleted>>log.txt
                    ) ELSE (
                    ECHO %%g deleted>>log.txt)
                    ) ELSE (
                    ECHO %%g not found>>log.txt))
                    START NOTEPAD.EXE log.txt

                    Ga naar Bestand - Opslaan als.
                    Bij "Opslaan in" kies je: Bureaublad
                    Bij "Bestandsnaam" zet je: del.bat
                    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                    Klik op de knop Opslaan.

                    Dubbelklik op del.bat en post de inhoud van de logfile die opent.
                    Post ook een nieuw logje van Deckard's System Scanner
                    Last edited by smeenk; 28-03-08, 15:25.

                    Comment


                    • #11
                      Gedaan

                      Deleting files
                      C:\WINDOWS\system32\delself.bat not found
                      "C:\Documents and Settings\Hoogeboom\BureaubladEditorFKWP1.5.exe" not found
                      "C:\Documents and Settings\Hoogeboom\BureaubladEditorFKWP2.0.exe" not found
                      "C:\Documents and Settings\Hoogeboom\Bureaubladfkwp1.5.exe" not found
                      "C:\Documents and Settings\Hoogeboom\Bureaubladfkwp2.0.exe" not found
                      "C:\Documents and Settings\Hoogeboom\BureaubladTrojan.Win32.BlackBird.exe" not found


                      dit is de dss log:

                      Deckard's System Scanner v20071014.68
                      Run by Hoogeboom on 2008-03-28 14:32:32
                      Computer is in Normal Mode.
                      --------------------------------------------------------------------------------



                      -- HijackThis (run as Hoogeboom.exe) -------------------------------------------

                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 14:32:46, on 28-3-2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                      C:\Program Files\Alwil Software\Avast4\ashServ.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\WINDOWS\system32\LEXBCES.EXE
                      C:\WINDOWS\system32\LEXPPS.EXE
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                      C:\WINDOWS\system32\nvsvc32.exe
                      C:\WINDOWS\system32\slserv.exe
                      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                      C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
                      C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
                      C:\Program Files\@home\bin\tgcmd.exe
                      C:\WINDOWS\system32\RUNDLL32.EXE
                      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
                      C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\Program Files\IncrediMail\bin\IncMail.exe
                      C:\PROGRA~1\INCRED~1\bin\IMApp.exe
                      C:\Program Files\Internet Explorer\IEXPLORE.EXE
                      C:\WINDOWS\system32\notepad.exe
                      C:\Documents and Settings\Hoogeboom\Bureaublad\dss.exe
                      C:\PROGRA~1\TRENDM~1\HIJACK~1\HOOGEB~1.EXE

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                      O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
                      O4 - HKLM\..\Run: [hcenter] "C:\Program Files\@home\bin\tgcmd.exe" /server /startmonitor
                      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
                      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                      O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
                      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
                      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
                      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
                      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184770827281
                      O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
                      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
                      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                      O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
                      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
                      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
                      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
                      O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

                      --
                      End of file - 7666 bytes

                      -- Files created between 2008-02-28 and 2008-03-28 -----------------------------

                      2008-03-28 13:46:43 0 d-------- C:\RVAXO
                      2008-03-28 13:43:51 767957 --a------ C:\WINDOWS\system32\RVAXO.bat
                      2008-03-28 13:43:51 69632 --a------ C:\WINDOWS\system32\remove.exe
                      2008-03-27 18:11:54 0 d-------- C:\Documents and Settings\Hoogeboom\Application Data\Grisoft
                      2008-03-27 18:11:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
                      2008-03-27 17:57:35 0 d-------- C:\Program Files\PC-Antispyware
                      2008-03-27 11:19:32 0 d-------- C:\WINDOWS\ERUNT
                      2008-03-25 07:25:36 0 d-------- C:\Documents and Settings\Hoogeboom\Application Data\Sony Setup
                      2008-03-25 07:23:41 0 d-------- C:\Program Files\Sony Setup
                      2008-03-12 14:30:18 0 d-------- C:\Program Files\QuickTime
                      2008-03-05 16:14:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
                      2008-03-05 16:05:11 0 d-------- C:\Program Files\Alwil Software


                      -- Find3M Report ---------------------------------------------------------------

                      2008-03-27 17:21:44 0 d--h----- C:\Program Files\InstallShield Installation Information
                      2008-03-27 17:20:43 0 d-------- C:\Program Files\Hitman Pro
                      2008-03-27 10:47:19 461834 --a------ C:\WINDOWS\system32\perfh013.dat
                      2008-03-27 10:47:19 78662 --a------ C:\WINDOWS\system32\perfc013.dat
                      2008-03-25 20:02:29 0 d-------- C:\Documents and Settings\Hoogeboom\Application Data\uTorrent
                      2008-03-16 11:58:14 0 d-------- C:\Documents and Settings\Hoogeboom\Application Data\LimeWire
                      2008-03-15 12:27:48 0 d-------- C:\Program Files\nintendo ds
                      2008-03-13 16:14:29 0 d-------- C:\Program Files\Java
                      2008-03-05 18:15:03 0 d-------- C:\Program Files\ALCATEL PC Suite
                      2008-03-02 17:17:02 0 d-------- C:\Program Files\Alcohol Soft
                      2008-03-02 14:28:23 0 d-------- C:\Program Files\playstation
                      2008-02-20 18:46:30 0 d-------- C:\Program Files\Common Files\Adobe
                      2008-02-20 17:16:22 0 d-------- C:\Program Files\Belastingdienst
                      2008-02-01 19:10:56 0 d-------- C:\Documents and Settings\Hoogeboom\Application Data\BearShare


                      -- Registry Dump ---------------------------------------------------------------

                      *Note* empty entries & legit default entries are not shown


                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [17-09-2007 01:07]
                      "nwiz"="nwiz.exe" [17-09-2007 01:07 C:\WINDOWS\system32\nwiz.exe]
                      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
                      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 10:50]
                      "Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [13-02-2004 14:07]
                      "hcenter"="C:\Program Files\@home\bin\tgcmd.exe" [06-02-2005 00:31]
                      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [17-09-2007 01:07]
                      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 22:16]
                      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12-03-2008 14:30]
                      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04-12-2007 14:00]
                      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11-06-2007 10:25]

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [02-03-2006 13:00]
                      "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [22-02-2008 16:58]

                      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                      WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [28-12-2007 17:22:50]

                      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
                      "DisableRegistryTools"=0 (0x0)

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hoogeboom^Menu Start^Programma's^Opstarten^Xfire.lnk]
                      path=C:\Documents and Settings\Hoogeboom\Menu Start\Programma's\Opstarten\Xfire.lnk
                      backup=C:\WINDOWS\pss\Xfire.lnkStartup

                      *Newly Created Service* - SJYPKT



                      -- End of Deckard's System Scanner: finished at 2008-03-28 14:33:24 ------------

                      Comment


                      • #12
                        Ik denk dat we er wel zijn

                        Doe dit nog:
                        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
                        Dit zal alles van RVAXO doen verwijderen.


                        Download ATF cleaner (mirror)(gemaakt door Atribune)

                        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                        Dubbelklik op ATF cleaner om het programma te starten.
                        Op het tabblad "Main", plaats je een vinkje bij Select All.
                        Klik op de knop Empty Selected.

                        Het volgende doen als je ook FireFox als browser hebt:
                        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                        Klik op de knop Empty Selected.

                        Het volgende doen als je ook Opera als browser hebt:
                        Klik op tabblad "Opera", plaats een vinkje bij Select All.
                        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        Klik op de knop Empty Selected.
                        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                        Kijk hier hoe je je systeemherstel moet uitschakelen.
                        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                        Alle gebruikte programma's mag je verwijderen

                        Comment


                        • #13
                          Super Smeenk!
                          Ontzettend bedankt!

                          Comment


                          • #14
                            Graag gedaan hoor

                            Comment

                            Sorry, you are not authorized to view this page
                            Working...
                            X