Mededeling

Collapse
No announcement yet.

Spyware waarschuwing taakbalk

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Spyware waarschuwing taakbalk

    Heey,
    gisteravond kreeg ik na het downloaden van een bestand spyware op mijn computer. ik kon ook niet meer naar taakbeheer (is nu verholpen).
    dus heb ik vandaag wat spyware programmaatjes laten runnen op mijn computer, maar het schiet nog steeds niet echt op. Er is wel redelijk wat verwijderd, maar volgens mij heb ik nog steeds ergens last van, want internet is ook vrij langzaam.
    ook krijg ik nu bij het opstarten 2 foutmeldingen:

    Rundll:
    er is een fout opgetreden tijdens het laden van c:\windows\system 32\drvrag.dit kan opgegeven module niet vinden

    en regsvr32:
    het in het geheugen laden van de bibliotheek
    C:\documetnsandsettings\allusers\aplication data\grobcjcd.dll) is mislukt, kan opgegeven module niet vinden.

    Ik hoop dat jullie mij kunnen helpen!
    alvast heel erg bedankt!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:45:19, on 31-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\phcudgns.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsGui.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\PC-Cleaner\PC-Cleaner.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.wur.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1D04CDB9-767F-15DD-5E30-081FD0F44FE3} - C:\WINDOWS\system32\wbjnamcn.dll (file missing)
    O2 - BHO: {1223334b-9318-d94a-5074-0f54e95ea3a2} - {2a3ae59e-45f0-4705-a49d-8139b4333221} - C:\WINDOWS\system32\ncxphnij.dll
    O2 - BHO: (no name) - {402E1CE2-B129-FB65-D237-064B47248AEA} - C:\WINDOWS\system32\nyilyart.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {BFA7416F-6EBA-43E5-B485-D32C6C78E1DB} - C:\WINDOWS\system32\khfGyxWp.dll
    O2 - BHO: (no name) - {FA2EA65E-4F8C-4C8C-8B62-FFF4D716D002} - C:\WINDOWS\system32\cbXNDVLE.dll (file missing)
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [psambuon] C:\WINDOWS\system32\psambuon.exe
    O4 - HKLM\..\Run: [grobcjcd] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\grobcjcd.dll"
    O4 - HKLM\..\Run: [48f31bc7] rundll32.exe "C:\WINDOWS\system32\sbgngycc.dll",b
    O4 - HKLM\..\Run: [phcudgns] C:\WINDOWS\system32\phcudgns.exe
    O4 - HKLM\..\Run: [bgjihqja] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\bgjihqja.dll"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [BM4bc0285b] Rundll32.exe "C:\WINDOWS\system32\fylfneod.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PC-Cleaner] "C:\Program Files\PC-Cleaner\PC-Cleaner.exe" hide
    O4 - HKLM\..\Policies\Explorer\Run: [SEuYbqZ9Uj] C:\WINDOWS\TEMP\win4A1.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200840103968
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: khfGyxWp - C:\WINDOWS\SYSTEM32\khfGyxWp.dll
    O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)
    O21 - SSODL: KbdService - {493363bf-afc4-4807-a0f1-518fb457414f} - C:\WINDOWS\Installer\{493363bf-afc4-4807-a0f1-518fb457414f}\KbdService.dll (file missing)
    O21 - SSODL: UnknownWin - {636d7045-cf1c-49e6-bd3c-c26801abe1c5} - C:\WINDOWS\Installer\{636d7045-cf1c-49e6-bd3c-c26801abe1c5}\UnknownWin.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 9386 bytes

  • #2
    Start Hijackthis en vink alleen de volgende regels aan:

    O2 - BHO: (no name) - {1D04CDB9-767F-15DD-5E30-081FD0F44FE3} - C:\WINDOWS\system32\wbjnamcn.dll (file missing)
    O2 - BHO: {1223334b-9318-d94a-5074-0f54e95ea3a2} - {2a3ae59e-45f0-4705-a49d-8139b4333221} - C:\WINDOWS\system32\ncxphnij.dll
    O2 - BHO: (no name) - {402E1CE2-B129-FB65-D237-064B47248AEA} - C:\WINDOWS\system32\nyilyart.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {FA2EA65E-4F8C-4C8C-8B62-FFF4D716D002} - C:\WINDOWS\system32\cbXNDVLE.dll (file missing)
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [psambuon] C:\WINDOWS\system32\psambuon.exe
    O4 - HKLM\..\Run: [grobcjcd] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\grobcjcd.dll"
    O4 - HKLM\..\Run: [48f31bc7] rundll32.exe "C:\WINDOWS\system32\sbgngycc.dll",b
    O4 - HKLM\..\Run: [phcudgns] C:\WINDOWS\system32\phcudgns.exe
    O4 - HKLM\..\Run: [bgjihqja] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\bgjihqja.dll"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [BM4bc0285b] Rundll32.exe "C:\WINDOWS\system32\fylfneod.dll",s
    O4 - HKLM\..\Policies\Explorer\Run: [SEuYbqZ9Uj] C:\WINDOWS\TEMP\win4A1.exe
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)
    O21 - SSODL: KbdService - {493363bf-afc4-4807-a0f1-518fb457414f} - C:\WINDOWS\Installer\{493363bf-afc4-4807-a0f1-518fb457414f}\KbdService.dll (file missing)
    O21 - SSODL: UnknownWin - {636d7045-cf1c-49e6-bd3c-c26801abe1c5} - C:\WINDOWS\Installer\{636d7045-cf1c-49e6-bd3c-c26801abe1c5}\UnknownWin.dll (file missing)


    Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".


    Download VirtumundoBegone (mirror)
    Sla dit op op je bureaublad.

    Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

    Post ook een nieuw logje van Hijackthis

    Comment


    • #3
      Heey Smeenk!

      dank je wel voor je help! de 2 foutmeldingen bij het opstarten zijn weg! Ik krijg tot nu toe ook geen melding, dat er spyware op de computer zit.

      logje:
      [03/31/2008, 16:20:19] - VirtumundoBeGone v1.5 ( "C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Rar$EX00.672\VirtumundoBeGone.exe" )
      [03/31/2008, 16:20:32] - Detected System Information:
      [03/31/2008, 16:20:32] - Windows Version: 5.1.2600, Service Pack 2
      [03/31/2008, 16:20:32] - Current Username: Christian (Admin)
      [03/31/2008, 16:20:32] - Windows is in NORMAL mode.
      [03/31/2008, 16:20:32] - Searching for Browser Helper Objects:
      [03/31/2008, 16:20:32] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
      [03/31/2008, 16:20:32] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
      [03/31/2008, 16:20:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/31/2008, 16:20:32] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [03/31/2008, 16:20:32] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [03/31/2008, 16:20:32] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [03/31/2008, 16:20:32] - BHO 4: {BFA7416F-6EBA-43E5-B485-D32C6C78E1DB} ()
      [03/31/2008, 16:20:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/31/2008, 16:20:32] - Checking for HKLM\...\Winlogon\Notify\khfGyxWp
      [03/31/2008, 16:20:32] - Found: HKLM\...\Winlogon\Notify\khfGyxWp - This is probably Virtumundo.
      [03/31/2008, 16:20:32] - Assigning {BFA7416F-6EBA-43E5-B485-D32C6C78E1DB} MSEvents Object
      [03/31/2008, 16:20:32] - BHO list has been changed! Starting over...
      [03/31/2008, 16:20:32] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
      [03/31/2008, 16:20:32] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
      [03/31/2008, 16:20:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/31/2008, 16:20:32] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [03/31/2008, 16:20:32] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [03/31/2008, 16:20:32] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [03/31/2008, 16:20:32] - BHO 4: {BFA7416F-6EBA-43E5-B485-D32C6C78E1DB} (MSEvents Object)
      [03/31/2008, 16:20:32] - ALERT: Found MSEvents Object!
      [03/31/2008, 16:20:32] - BHO 5: {FA2EA65E-4F8C-4C8C-8B62-FFF4D716D002} ()
      [03/31/2008, 16:20:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/31/2008, 16:20:32] - Checking for HKLM\...\Winlogon\Notify\cbXNDVLE
      [03/31/2008, 16:20:32] - Key not found: HKLM\...\Winlogon\Notify\cbXNDVLE, continuing.
      [03/31/2008, 16:20:32] - Finished Searching Browser Helper Objects
      [03/31/2008, 16:20:32] - *** Detected MSEvents Object
      [03/31/2008, 16:20:32] - Trying to remove MSEvents Object...
      [03/31/2008, 16:20:33] - Terminating Process: IEXPLORE.EXE
      [03/31/2008, 16:20:34] - Terminating Process: RUNDLL32.EXE
      [03/31/2008, 16:20:34] - Disabling Automatic Shell Restart
      [03/31/2008, 16:20:34] - Terminating Process: EXPLORER.EXE
      [03/31/2008, 16:20:34] - Suspending the NT Session Manager System Service
      [03/31/2008, 16:20:34] - Terminating Windows NT Logon/Logoff Manager
      [03/31/2008, 16:20:34] - Re-enabling Automatic Shell Restart
      [03/31/2008, 16:20:34] - File to disable: C:\WINDOWS\system32\khfGyxWp.dll
      [03/31/2008, 16:20:34] - Renaming C:\WINDOWS\system32\khfGyxWp.dll -> C:\WINDOWS\system32\khfGyxWp.dll.vir
      [03/31/2008, 16:20:34] - File successfully renamed!
      [03/31/2008, 16:20:34] - Removing HKLM\...\Browser Helper Objects\{BFA7416F-6EBA-43E5-B485-D32C6C78E1DB}
      [03/31/2008, 16:20:34] - Removing HKCR\CLSID\{BFA7416F-6EBA-43E5-B485-D32C6C78E1DB}
      [03/31/2008, 16:20:34] - Adding Kill Bit for ActiveX for GUID: {BFA7416F-6EBA-43E5-B485-D32C6C78E1DB}
      [03/31/2008, 16:20:34] - Deleting ATLEvents/MSEvents Registry entries
      [03/31/2008, 16:20:35] - Removing HKLM\...\Winlogon\Notify\khfGyxWp
      [03/31/2008, 16:20:35] - Searching for Browser Helper Objects:
      [03/31/2008, 16:20:35] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
      [03/31/2008, 16:20:35] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
      [03/31/2008, 16:20:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/31/2008, 16:20:35] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [03/31/2008, 16:20:35] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [03/31/2008, 16:20:35] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [03/31/2008, 16:20:35] - BHO 4: {FA2EA65E-4F8C-4C8C-8B62-FFF4D716D002} ()
      [03/31/2008, 16:20:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/31/2008, 16:20:35] - Checking for HKLM\...\Winlogon\Notify\cbXNDVLE
      [03/31/2008, 16:20:35] - Key not found: HKLM\...\Winlogon\Notify\cbXNDVLE, continuing.
      [03/31/2008, 16:20:35] - Finished Searching Browser Helper Objects
      [03/31/2008, 16:20:35] - Finishing up...
      [03/31/2008, 16:20:35] - A restart is needed.
      [03/31/2008, 16:20:46] - Attempting to Restart via STOP error (Blue Screen!)

      ander logje:
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:25:47, on 31-3-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\HP\HP Software Update\HPWuSchd.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      C:\WINDOWS\system32\Rundll32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.wur.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {FA2EA65E-4F8C-4C8C-8B62-FFF4D716D002} - C:\WINDOWS\system32\cbXNDVLE.dll (file missing)
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
      O4 - HKLM\..\Run: [BM4bc0285b] Rundll32.exe "C:\WINDOWS\system32\fylfneod.dll",s
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200840103968
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
      O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

      --
      End of file - 7125 bytes

      Comment


      • #4
        Open een kladblokbestand.
        Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

        @ECHO OFF
        IF EXIST log.txt DEL log.txt
        ECHO Deleting files>>log.txt
        FOR %%g in (
        C:\WINDOWS\BM4bc0285b.xml
        C:\WINDOWS\BM4bc0285b.txt
        C:\WINDOWS\system32\fylfneod.dll
        C:\WINDOWS\system32\khfGyxWp.dll.vir) DO (
        IF EXIST %%g (
        ATTRIB -r -s -h %%g
        DEL /Q %%g
        ren %%g %%g.bak
        IF EXIST %%g (
        ECHO %%g not deleted>>log.txt
        ) ELSE (
        ECHO %%g deleted>>log.txt
        IF EXIST %%g.bak (
        ECHO %%g.bak found>>log.txt))
        ) ELSE (
        ECHO %%g not found>>log.txt))
        START NOTEPAD.EXE log.txt

        Ga naar Bestand - Opslaan als.
        Bij "Opslaan in" kies je: Bureaublad
        Bij "Bestandsnaam" zet je: del.bat
        Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
        Klik op de knop Opslaan.

        Dubbelklik op del.bat en post de inhoud van de logfile die opent.

        Comment


        • #5
          heey!

          dank je wel voor je reactie!
          volgend logje:

          Deleting files
          C:\WINDOWS\BM4bc0285b.xml deleted
          C:\WINDOWS\BM4bc0285b.txt deleted
          C:\WINDOWS\system32\fylfneod.dll not deleted
          C:\WINDOWS\system32\khfGyxWp.dll.vir deleted

          Comment


          • #6
            Maak even een nieuwe, het werkte nog niet helemaal.

            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            ren C:\WINDOWS\system32\fylfneod.dll fylfneod.bak
            ECHO Deleting files>>log.txt
            FOR %%g in (
            C:\WINDOWS\BM4bc0285b.txt
            C:\WINDOWS\system32\fylfneod.bak
            C:\WINDOWS\system32\fylfneod.dll) DO (
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL /Q %%g
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.

            Dubbelklik op del.bat en post de inhoud van de logfile die opent.

            Comment


            • #7
              dank je wel voor je snelle reactie!

              er staat nu:

              Deleting files
              C:\WINDOWS\BM4bc0285b.txt deleted
              C:\WINDOWS\system32\fylfneod.bak not deleted
              C:\WINDOWS\system32\fylfneod.dll not found

              Comment


              • #8
                Herstart je computer en dubbelklik nad de herstart nog een keer op de laatste del.bat

                Start Hijackthis en vink dan de volgende regels aan:
                O2 - BHO: (no name) - {FA2EA65E-4F8C-4C8C-8B62-FFF4D716D002} - C:\WINDOWS\system32\cbXNDVLE.dll (file missing)
                O4 - HKLM\..\Run: [BM4bc0285b] Rundll32.exe "C:\WINDOWS\system32\fylfneod.dll",s

                Verwijder deze regels met behulp van "Fix checked".

                Download dit bestand: zoek.exe
                Dubbelklik het, na een tijdje opent er een logje.
                Post de inhoud van dit logje in je volgende bericht

                Comment


                • #9
                  dank je wel voor je reactie!
                  computer opnieuw gestart logje van del.bat:
                  Deleting files
                  C:\WINDOWS\BM4bc0285b.txt not found
                  C:\WINDOWS\system32\fylfneod.bak not found
                  C:\WINDOWS\system32\fylfneod.dll not found


                  hijjackthis uitgevoerd
                  en daarna zoek.exe, volgend logje:
                  ======C:\WINDOWS====
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\a.bat
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\base64.tmp
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\bdn.com
                  --s-a-w 2,048 2008-03-31 15:02:35 C:\WINDOWS\bootstat.dat
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\FVProtect.exe
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\iTunesMusic.exe
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\mssecu.exe
                  ----a-w 116 2008-03-25 16:25:30 C:\WINDOWS\NeroDigital.ini
                  ----a-w 22 2008-03-31 14:21:46 C:\WINDOWS\pskt.ini
                  ---ha-w 54,156 2008-03-31 15:07:19 C:\WINDOWS\QTFont.qfn
                  ----a-w 32,604 2008-03-31 14:57:21 C:\WINDOWS\SchedLgU.Txt
                  ----a-w 0 2008-03-31 13:22:16 C:\WINDOWS\Sti_Trace.log
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32akttzn.exe
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32anticipator.dll
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32awtoolb.dll
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32bdn.com
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32bsva-egihsg52.exe
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32dpcproxy.exe
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32emesx.dll
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\[email protected]@@k.dll
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32hoproxy.dll
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32hxiwlgpm.dat
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32hxiwlgpm.exe
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32medup012.dll
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32medup020.dll
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32msgp.exe
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32msnbho.dll
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32mssecu.exe
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32msvchost.exe
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32mtr2.exe
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32mwin32.exe
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32netode.exe
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32newsd32.exe
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32ps1.exe
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32psof1.exe
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32psoft1.exe
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32regc64.dll
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32regm64.dll
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32Rundl1.exe
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32sncntr.exe
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32ssurf022.dll
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32ssvchost.com
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32ssvchost.exe
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32sysreq.exe
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32taack.dat
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32taack.exe
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32temp#01.exe
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32thun.dll
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32thun32.dll
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32VBIEWER.OCX
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32vbsys2.dll
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32vcatchpi.dll
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32winlogonpc.exe
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32winsystem.exe
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32WINWGPX.EXE
                  ----a-w 2,550 2008-03-31 10:56:50 C:\WINDOWS\unins000.dat
                  ----a-w 691,545 2008-03-31 10:47:56 C:\WINDOWS\unins000.exe
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\userconfig9x.dll
                  ----a-w 157 2008-03-31 13:22:17 C:\WINDOWS\wiadebug.log
                  ----a-w 49 2008-03-31 13:22:18 C:\WINDOWS\wiaservc.log
                  ----a-w 715 2008-03-29 23:43:29 C:\WINDOWS\win.ini
                  ----a-w 1,912,569 2008-03-31 15:03:29 C:\WINDOWS\WindowsUpdate.log
                  ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\winsystem.exe
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\zip1.tmp
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\zip2.tmp
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\zip3.tmp
                  ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\zipped.tmp

                  Entries: 67 (65)
                  Directories: 0 Files: 67
                  Bytes: 2,921,811 Blocks: 5,712
                  ======C:\WINDOWS\system32=====
                  ----a-w 267,776 2008-03-29 15:23:46 C:\WINDOWS\System32\cbXNDVLE.dll__DELETE_ON_REBOOT
                  --sh--w 1,586,509 2008-03-31 13:25:15 C:\WINDOWS\System32\ccygngbs.ini
                  --sha-w 174,020 2008-03-31 12:20:41 C:\WINDOWS\System32\ELVDNXbc.ini
                  --sha-w 163,485 2008-03-31 11:45:08 C:\WINDOWS\System32\ELVDNXbc.ini2
                  ----a-w 192,976 2008-03-20 19:29:24 C:\WINDOWS\System32\FNTCACHE.DAT
                  ----a-w 6,300 2008-03-24 18:18:13 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
                  ----a-w 62,422 2008-03-31 10:49:56 C:\WINDOWS\System32\perfc009.dat
                  ----a-w 81,436 2008-03-31 10:49:56 C:\WINDOWS\System32\perfc013.dat
                  ----a-w 400,760 2008-03-31 10:49:56 C:\WINDOWS\System32\perfh009.dat
                  ----a-w 465,586 2008-03-31 10:49:56 C:\WINDOWS\System32\perfh013.dat
                  ----a-w 1,021,640 2008-03-31 10:49:54 C:\WINDOWS\System32\PerfStringBackup.INI
                  ----a-w 98,304 2008-03-31 12:15:29 C:\WINDOWS\System32\phcudgns.exe
                  ----a-w 82,496 2008-03-31 11:42:06 C:\WINDOWS\System32\sbgngycc.dll
                  ----a-w 38,912 2008-03-29 15:19:00 C:\WINDOWS\System32\urqOEwxX.dll
                  ----a-w 24,576 2008-03-29 15:23:42 C:\WINDOWS\System32\winrnt32.dll__DELETE_ON_REBOOT
                  ----a-w 87,040 2008-03-31 12:15:28 C:\WINDOWS\System32\winupdate.exe
                  ----a-w 2,228 2008-03-30 22:29:56 C:\WINDOWS\System32\wpa.dbl

                  Entries: 17 (14)
                  Directories: 0 Files: 17
                  Bytes: 4,756,466 Blocks: 9,296
                  =======C:\Program Files=====
                  ----a-w 0 2008-03-29 15:25:14 C:\Program Files\tmp19853375.exe
                  ----a-w 0 2008-03-29 15:25:14 C:\Program Files\tmp19853546.exe
                  ----a-w 16,536 2008-03-31 11:39:39 C:\Program Files\tmp4164281.exe
                  ----a-w 16,564 2008-03-31 11:39:39 C:\Program Files\tmp4164312.exe
                  ----a-w 16,528 2008-03-31 11:39:50 C:\Program Files\tmp4164687.exe
                  ----a-w 16,524 2008-03-31 11:39:50 C:\Program Files\tmp4167093.exe
                  ----a-w 16,576 2008-03-31 11:40:01 C:\Program Files\tmp4172140.exe
                  ----a-w 16,564 2008-03-31 11:39:41 C:\Program Files\tmp4177250.exe
                  ----a-w 16,528 2008-03-31 11:40:00 C:\Program Files\tmp4196062.exe
                  ----a-w 16,528 2008-03-31 11:40:00 C:\Program Files\tmp4196515.exe
                  ----a-w 16,528 2008-03-31 11:40:01 C:\Program Files\tmp4196578.exe
                  ----a-w 16,576 2008-03-31 11:40:04 C:\Program Files\tmp4200328.exe
                  ----a-w 16,576 2008-03-31 12:10:33 C:\Program Files\tmp6029234.exe
                  ----a-w 16,576 2008-03-31 12:10:34 C:\Program Files\tmp6029859.exe
                  ----a-w 16,576 2008-03-31 12:10:35 C:\Program Files\tmp6031093.exe
                  ----a-w 16,576 2008-03-31 12:10:36 C:\Program Files\tmp6032125.exe
                  ----a-w 16,576 2008-03-31 12:10:47 C:\Program Files\tmp6043296.exe
                  ----a-w 16,576 2008-03-31 12:10:47 C:\Program Files\tmp6043421.exe
                  ----a-w 16,576 2008-03-31 12:11:06 C:\Program Files\tmp6061968.exe
                  ----a-w 16,576 2008-03-31 12:11:07 C:\Program Files\tmp6062968.exe
                  ----a-w 16,576 2008-03-31 12:11:09 C:\Program Files\tmp6064406.exe
                  ----a-w 16,548 2008-03-31 12:16:22 C:\Program Files\tmp6369109.exe
                  ----a-w 16,544 2008-03-31 12:16:22 C:\Program Files\tmp6370109.exe
                  ----a-w 16,592 2008-03-31 12:16:33 C:\Program Files\tmp6370140.exe
                  ----a-w 16,640 2008-03-31 12:16:33 C:\Program Files\tmp6370171.exe

                  Entries: 25 (25)
                  Directories: 0 Files: 25
                  Bytes: 380,960 Blocks: 759
                  =======C:=====
                  ----a-w 1,024 2008-03-29 15:18:42 C:\akts.exe
                  ----a-w 5,120 2008-03-29 15:18:31 C:\ator.exe
                  ----a-w 164 2008-03-29 23:42:44 C:\install.dat
                  ----a-w 47,104 2008-03-29 15:18:35 C:\kqmhioib.exe
                  --sha-w 2,145,386,496 2008-03-31 15:02:30 C:\pagefile.sys

                  Entries: 5 (4)
                  Directories: 0 Files: 5
                  Bytes: 2,145,439,908 Blocks: 4,190,313
                  ======C:\Documents and Settings\Christian\Application Data======
                  Entries: 0 (0)
                  Directories: 0 Files: 0
                  Bytes: 0 Blocks: 0
                  ======C:\Temp======
                  Entries: 0 (0)
                  Directories: 0 Files: 0
                  Bytes: 0 Blocks: 0
                  ======C:\Documents and Settings\Christian======
                  ----a-w 4,096 2008-03-29 15:24:14 C:\Documents and Settings\Christian\Bureaubladblackbird.jpg
                  ----a-w 4,096 2008-03-29 15:24:13 C:\Documents and Settings\Christian\BureaubladEditorFKWP1.5.exe
                  ----a-w 4,096 2008-03-29 15:24:13 C:\Documents and Settings\Christian\BureaubladEditorFKWP2.0.exe
                  ----a-w 4,096 2008-03-29 15:24:13 C:\Documents and Settings\Christian\Bureaubladfilemanagerclient.exe
                  ----a-w 4,096 2008-03-29 15:24:13 C:\Documents and Settings\Christian\Bureaubladfkwp1.5.exe
                  ----a-w 4,096 2008-03-29 15:24:13 C:\Documents and Settings\Christian\Bureaubladfkwp2.0.exe
                  ----a-w 4,096 2008-03-29 15:24:13 C:\Documents and Settings\Christian\Bureaubladfwebd.exe
                  ----a-w 4,096 2008-03-29 15:24:13 C:\Documents and Settings\Christian\BureaubladFWebdEditor.exe
                  ----a-w 4,096 2008-03-29 15:24:14 C:\Documents and Settings\Christian\BureaubladTrojan.Win32.BlackBird.exe
                  ---ha-w 4,718,592 2008-03-31 14:57:41 C:\Documents and Settings\Christian\NTUSER.DAT
                  ---ha-w 274,432 2008-03-31 15:13:45 C:\Documents and Settings\Christian\ntuser.dat.LOG
                  --sh--w 188 2008-03-31 14:57:19 C:\Documents and Settings\Christian\ntuser.ini
                  --sha-r 444 2008-03-31 10:27:42 C:\Documents and Settings\Christian\ntuser.pol

                  Entries: 13 (9)
                  Directories: 0 Files: 13
                  Bytes: 5,030,520 Blocks: 9,826
                  =============

                  Comment


                  • #10
                    Er zit nog veel op, even proberen of het volgende tooltje dit enigzins reduceren kan:

                    Download: RVAXO.exe
                    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
                    • Start de computer in veilige modus.
                    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
                      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
                    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
                    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
                      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
                    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
                    • Post de inhoud van de logfile in je volgende bericht.
                    Post dan maar een nieuw logje van zoek.exe

                    Comment


                    • #11
                      Heey bedankt voor de hulp!
                      kreeg dit logje:

                      ---RVAXO.exe Updated: 2008-03-31---first run---
                      Uninstallers:

                      Files found:
                      C:\WINDOWS\system32\cbXNDVLE.dll__DELETE_ON_REBOOT
                      C:\WINDOWS\system32\winrnt32.dll__DELETE_ON_REBOOT
                      C:\WINDOWS\system32\ELVDNXbc.ini2
                      C:\WINDOWS\pskt.ini
                      C:\Program Files\tmp19853375.exe
                      C:\Program Files\tmp19853546.exe
                      C:\Program Files\tmp4164281.exe
                      C:\Program Files\tmp4164312.exe
                      C:\Program Files\tmp4164687.exe
                      C:\Program Files\tmp4167093.exe
                      C:\Program Files\tmp4172140.exe
                      C:\Program Files\tmp4177250.exe
                      C:\Program Files\tmp4196062.exe
                      C:\Program Files\tmp4196515.exe
                      C:\Program Files\tmp4196578.exe
                      C:\Program Files\tmp4200328.exe
                      C:\Program Files\tmp6029234.exe
                      C:\Program Files\tmp6029859.exe
                      C:\Program Files\tmp6031093.exe
                      C:\Program Files\tmp6032125.exe
                      C:\Program Files\tmp6043296.exe
                      C:\Program Files\tmp6043421.exe
                      C:\Program Files\tmp6061968.exe
                      C:\Program Files\tmp6062968.exe
                      C:\Program Files\tmp6064406.exe
                      C:\Program Files\tmp6369109.exe
                      C:\Program Files\tmp6370109.exe
                      C:\Program Files\tmp6370140.exe
                      C:\Program Files\tmp6370171.exe
                      C:\WINDOWS\system32\winupdate.exe

                      Folders Found:
                      C:\Program Files\IE Extensions

                      Hosts-file was reset, If you use a custom hosts file please replace it...

                      --------------RVAXO.exe last run---------------
                      Not deleted items:

                      --------------RVAXO.exe finished----------------

                      logje van zoek.exe

                      ======C:\WINDOWS====
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\a.bat
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\base64.tmp
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\bdn.com
                      --s-a-w 2,048 2008-03-31 17:12:44 C:\WINDOWS\bootstat.dat
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\FVProtect.exe
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\iTunesMusic.exe
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\mssecu.exe
                      ----a-w 116 2008-03-25 16:25:30 C:\WINDOWS\NeroDigital.ini
                      ----a-w 107,260 2008-03-31 17:05:41 C:\WINDOWS\ntbtlog.txt
                      ---ha-w 54,156 2008-03-31 17:13:13 C:\WINDOWS\QTFont.qfn
                      ----a-w 32,604 2008-03-31 17:03:48 C:\WINDOWS\SchedLgU.Txt
                      ----a-w 0 2008-03-31 13:22:16 C:\WINDOWS\Sti_Trace.log
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32akttzn.exe
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32anticipator.dll
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32awtoolb.dll
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32bdn.com
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32bsva-egihsg52.exe
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32dpcproxy.exe
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32emesx.dll
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\[email protected]@@k.dll
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32hoproxy.dll
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32hxiwlgpm.dat
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32hxiwlgpm.exe
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32medup012.dll
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32medup020.dll
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32msgp.exe
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32msnbho.dll
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32mssecu.exe
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32msvchost.exe
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32mtr2.exe
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32mwin32.exe
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32netode.exe
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32newsd32.exe
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32ps1.exe
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32psof1.exe
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32psoft1.exe
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32regc64.dll
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32regm64.dll
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32Rundl1.exe
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32sncntr.exe
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32ssurf022.dll
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32ssvchost.com
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32ssvchost.exe
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32sysreq.exe
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32taack.dat
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32taack.exe
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32temp#01.exe
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32thun.dll
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32thun32.dll
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32VBIEWER.OCX
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32vbsys2.dll
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32vcatchpi.dll
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32winlogonpc.exe
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32winsystem.exe
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\system32WINWGPX.EXE
                      ----a-w 2,550 2008-03-31 10:56:50 C:\WINDOWS\unins000.dat
                      ----a-w 691,545 2008-03-31 10:47:56 C:\WINDOWS\unins000.exe
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\userconfig9x.dll
                      ----a-w 159 2008-03-31 17:14:20 C:\WINDOWS\wiadebug.log
                      ----a-w 49 2008-03-31 17:14:20 C:\WINDOWS\wiaservc.log
                      ----a-w 715 2008-03-29 23:43:29 C:\WINDOWS\win.ini
                      ----a-w 1,948,854 2008-03-31 17:13:38 C:\WINDOWS\WindowsUpdate.log
                      ----a-w 4,096 2008-03-29 15:24:13 C:\WINDOWS\winsystem.exe
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\zip1.tmp
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\zip2.tmp
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\zip3.tmp
                      ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\zipped.tmp

                      Entries: 67 (65)
                      Directories: 0 Files: 67
                      Bytes: 3,065,336 Blocks: 5,992
                      ======C:\WINDOWS\system32=====
                      --sh--w 1,586,509 2008-03-31 13:25:15 C:\WINDOWS\System32\ccygngbs.ini
                      --sha-w 174,020 2008-03-31 12:20:41 C:\WINDOWS\System32\ELVDNXbc.ini
                      ----a-w 192,976 2008-03-20 19:29:24 C:\WINDOWS\System32\FNTCACHE.DAT
                      ----a-w 6,300 2008-03-24 18:18:13 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
                      ----a-w 62,422 2008-03-31 10:49:56 C:\WINDOWS\System32\perfc009.dat
                      ----a-w 81,436 2008-03-31 10:49:56 C:\WINDOWS\System32\perfc013.dat
                      ----a-w 400,760 2008-03-31 10:49:56 C:\WINDOWS\System32\perfh009.dat
                      ----a-w 465,586 2008-03-31 10:49:56 C:\WINDOWS\System32\perfh013.dat
                      ----a-w 1,021,640 2008-03-31 10:49:54 C:\WINDOWS\System32\PerfStringBackup.INI
                      ----a-w 98,304 2008-03-31 12:15:29 C:\WINDOWS\System32\phcudgns.exe
                      ----a-w 775,126 2008-03-31 07:35:08 C:\WINDOWS\System32\RVAXO.bat
                      ----a-w 82,496 2008-03-31 11:42:06 C:\WINDOWS\System32\sbgngycc.dll
                      ----a-w 38,912 2008-03-29 15:19:00 C:\WINDOWS\System32\urqOEwxX.dll
                      ----a-w 2,228 2008-03-30 22:29:56 C:\WINDOWS\System32\wpa.dbl

                      Entries: 14 (12)
                      Directories: 0 Files: 14
                      Bytes: 4,988,715 Blocks: 9,749
                      =======C:\Program Files=====
                      Entries: 0 (0)
                      Directories: 0 Files: 0
                      Bytes: 0 Blocks: 0
                      =======C:=====
                      ----a-w 1,024 2008-03-29 15:18:42 C:\akts.exe
                      ----a-w 5,120 2008-03-29 15:18:31 C:\ator.exe
                      ----a-w 1,268 2008-03-31 17:08:19 C:\firstrun5.log
                      ----a-w 164 2008-03-29 23:42:44 C:\install.dat
                      ----a-w 47,104 2008-03-29 15:18:35 C:\kqmhioib.exe
                      --sha-w 2,145,386,496 2008-03-31 17:12:40 C:\pagefile.sys
                      ----a-w 1,403 2008-03-31 17:10:10 C:\RVAXO-results.log
                      ----a-w 20,819 2008-03-31 17:10:46 C:\RVAXO-Vfind.log

                      Entries: 8 (7)
                      Directories: 0 Files: 8
                      Bytes: 2,145,463,398 Blocks: 4,190,360
                      ======C:\Documents and Settings\Christian\Application Data======
                      Entries: 0 (0)
                      Directories: 0 Files: 0
                      Bytes: 0 Blocks: 0
                      ======C:\Temp======
                      Entries: 0 (0)
                      Directories: 0 Files: 0
                      Bytes: 0 Blocks: 0
                      ======C:\Documents and Settings\Christian======
                      ----a-w 4,096 2008-03-29 15:24:14 C:\Documents and Settings\Christian\Bureaubladblackbird.jpg
                      ----a-w 4,096 2008-03-29 15:24:13 C:\Documents and Settings\Christian\BureaubladEditorFKWP1.5.exe
                      ----a-w 4,096 2008-03-29 15:24:13 C:\Documents and Settings\Christian\BureaubladEditorFKWP2.0.exe
                      ----a-w 4,096 2008-03-29 15:24:13 C:\Documents and Settings\Christian\Bureaubladfilemanagerclient.exe
                      ----a-w 4,096 2008-03-29 15:24:13 C:\Documents and Settings\Christian\Bureaubladfkwp1.5.exe
                      ----a-w 4,096 2008-03-29 15:24:13 C:\Documents and Settings\Christian\Bureaubladfkwp2.0.exe
                      ----a-w 4,096 2008-03-29 15:24:13 C:\Documents and Settings\Christian\Bureaubladfwebd.exe
                      ----a-w 4,096 2008-03-29 15:24:13 C:\Documents and Settings\Christian\BureaubladFWebdEditor.exe
                      ----a-w 4,096 2008-03-29 15:24:14 C:\Documents and Settings\Christian\BureaubladTrojan.Win32.BlackBird.exe
                      ---ha-w 4,718,592 2008-03-31 17:11:33 C:\Documents and Settings\Christian\NTUSER.DAT
                      ---ha-w 32,768 2008-03-31 17:17:31 C:\Documents and Settings\Christian\ntuser.dat.LOG
                      --sh--w 188 2008-03-31 17:11:33 C:\Documents and Settings\Christian\ntuser.ini
                      --sha-r 444 2008-03-31 10:27:42 C:\Documents and Settings\Christian\ntuser.pol

                      Entries: 13 (9)
                      Directories: 0 Files: 13
                      Bytes: 4,788,856 Blocks: 9,354
                      =============

                      Comment


                      • #12
                        Open een kladblokbestand.
                        Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                        @ECHO OFF
                        IF EXIST log.txt DEL log.txt
                        ren C:\WINDOWS\system32temp#01.exe system32tempZ01.exe
                        ECHO Deleting files>>log.txt
                        FOR %%g in (
                        C:\WINDOWS\a.bat
                        C:\WINDOWS\base64.tmp
                        C:\WINDOWS\bdn.com
                        C:\WINDOWS\bootstat.dat
                        C:\WINDOWS\FVProtect.exe
                        C:\WINDOWS\iTunesMusic.exe
                        C:\WINDOWS\mssecu.exe
                        C:\WINDOWS\system32akttzn.exe
                        C:\WINDOWS\system32anticipator.dll
                        C:\WINDOWS\system32awtoolb.dll
                        C:\WINDOWS\system32bdn.com
                        C:\WINDOWS\system32bsva-egihsg52.exe
                        C:\WINDOWS\system32dpcproxy.exe
                        C:\WINDOWS\system32emesx.dll
                        C:\WINDOWS\[email protected]@@k.dll
                        C:\WINDOWS\system32hoproxy.dll
                        C:\WINDOWS\system32hxiwlgpm.dat
                        C:\WINDOWS\system32hxiwlgpm.exe
                        C:\WINDOWS\system32medup012.dll
                        C:\WINDOWS\system32medup020.dll
                        C:\WINDOWS\system32msgp.exe
                        C:\WINDOWS\system32msnbho.dll
                        C:\WINDOWS\system32mssecu.exe
                        C:\WINDOWS\system32msvchost.exe
                        C:\WINDOWS\system32mtr2.exe
                        C:\WINDOWS\system32mwin32.exe
                        C:\WINDOWS\system32netode.exe
                        C:\WINDOWS\system32newsd32.exe
                        C:\WINDOWS\system32ps1.exe
                        C:\WINDOWS\system32psof1.exe
                        C:\WINDOWS\system32psoft1.exe
                        C:\WINDOWS\system32regc64.dll
                        C:\WINDOWS\system32regm64.dll
                        C:\WINDOWS\system32Rundl1.exe
                        C:\WINDOWS\system32sncntr.exe
                        C:\WINDOWS\system32ssurf022.dll
                        C:\WINDOWS\system32ssvchost.com
                        C:\WINDOWS\system32ssvchost.exe
                        C:\WINDOWS\system32sysreq.exe
                        C:\WINDOWS\system32taack.dat
                        C:\WINDOWS\system32taack.exe
                        C:\WINDOWS\system32tempZ01.exe
                        C:\WINDOWS\system32thun.dll
                        C:\WINDOWS\system32thun32.dll
                        C:\WINDOWS\system32VBIEWER.OCX
                        C:\WINDOWS\system32vbsys2.dll
                        C:\WINDOWS\system32vcatchpi.dll
                        C:\WINDOWS\system32winlogonpc.exe
                        C:\WINDOWS\system32winsystem.exe
                        C:\WINDOWS\system32WINWGPX.EXE
                        C:\WINDOWS\userconfig9x.dll
                        C:\WINDOWS\winsystem.exe
                        C:\WINDOWS\zip1.tmp
                        C:\WINDOWS\zip2.tmp
                        C:\WINDOWS\zip3.tmp
                        C:\WINDOWS\zipped.tmp
                        C:\WINDOWS\System32\ccygngbs.ini
                        C:\WINDOWS\System32\ELVDNXbc.ini
                        C:\WINDOWS\System32\phcudgns.exe
                        C:\WINDOWS\System32\sbgngycc.dll
                        C:\WINDOWS\System32\urqOEwxX.dll
                        C:\akts.exe
                        C:\ator.exe
                        C:\kqmhioib.exe
                        "C:\Documents and Settings\Christian\Bureaubladblackbird.jpg"
                        "C:\Documents and Settings\Christian\BureaubladEditorFKWP1.5.exe"
                        "C:\Documents and Settings\Christian\BureaubladEditorFKWP2.0.exe"
                        "C:\Documents and Settings\Christian\Bureaubladfilemanagerclient.exe"
                        "C:\Documents and Settings\Christian\Bureaubladfkwp1.5.exe"
                        "C:\Documents and Settings\Christian\Bureaubladfkwp2.0.exe"
                        "C:\Documents and Settings\Christian\Bureaubladfwebd.exe"
                        "C:\Documents and Settings\Christian\BureaubladFWebdEditor.exe"
                        "C:\Documents and Settings\Christian\BureaubladTrojan.Win32.BlackBird.exe") DO (
                        IF EXIST %%g (
                        ATTRIB -r -s -h %%g
                        DEL /Q %%g
                        ren %%g %%g.bak
                        IF EXIST %%g (
                        ECHO %%g not deleted>>log.txt
                        ) ELSE (
                        ECHO %%g deleted>>log.txt
                        IF EXIST %%g.bak (
                        ECHO %%g.bak found>>log.txt))
                        ) ELSE (
                        ECHO %%g not found>>log.txt))
                        START NOTEPAD.EXE log.txt

                        Ga naar Bestand - Opslaan als.
                        Bij "Opslaan in" kies je: Bureaublad
                        Bij "Bestandsnaam" zet je: del.bat
                        Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                        Klik op de knop Opslaan.

                        Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                        Maak een nieuw logje met zoek.exe en post dat

                        Comment


                        • #13
                          super!

                          hier het logje van del.bat:

                          Deleting files
                          C:\WINDOWS\a.bat deleted
                          C:\WINDOWS\base64.tmp deleted
                          C:\WINDOWS\bdn.com deleted
                          C:\WINDOWS\bootstat.dat deleted
                          C:\WINDOWS\FVProtect.exe deleted
                          C:\WINDOWS\iTunesMusic.exe deleted
                          C:\WINDOWS\mssecu.exe deleted
                          C:\WINDOWS\system32akttzn.exe deleted
                          C:\WINDOWS\system32anticipator.dll deleted
                          C:\WINDOWS\system32awtoolb.dll deleted
                          C:\WINDOWS\system32bdn.com deleted
                          C:\WINDOWS\system32bsva-egihsg52.exe deleted
                          C:\WINDOWS\system32dpcproxy.exe deleted
                          C:\WINDOWS\system32emesx.dll deleted
                          C:\WINDOWS\[email protected]@@k.dll deleted
                          C:\WINDOWS\system32hoproxy.dll deleted
                          C:\WINDOWS\system32hxiwlgpm.dat deleted
                          C:\WINDOWS\system32hxiwlgpm.exe deleted
                          C:\WINDOWS\system32medup012.dll deleted
                          C:\WINDOWS\system32medup020.dll deleted
                          C:\WINDOWS\system32msgp.exe deleted
                          C:\WINDOWS\system32msnbho.dll deleted
                          C:\WINDOWS\system32mssecu.exe deleted
                          C:\WINDOWS\system32msvchost.exe deleted
                          C:\WINDOWS\system32mtr2.exe deleted
                          C:\WINDOWS\system32mwin32.exe deleted
                          C:\WINDOWS\system32netode.exe deleted
                          C:\WINDOWS\system32newsd32.exe deleted
                          C:\WINDOWS\system32ps1.exe deleted
                          C:\WINDOWS\system32psof1.exe deleted
                          C:\WINDOWS\system32psoft1.exe deleted
                          C:\WINDOWS\system32regc64.dll deleted
                          C:\WINDOWS\system32regm64.dll deleted
                          C:\WINDOWS\system32Rundl1.exe deleted
                          C:\WINDOWS\system32sncntr.exe deleted
                          C:\WINDOWS\system32ssurf022.dll deleted
                          C:\WINDOWS\system32ssvchost.com deleted
                          C:\WINDOWS\system32ssvchost.exe deleted
                          C:\WINDOWS\system32sysreq.exe deleted
                          C:\WINDOWS\system32taack.dat deleted
                          C:\WINDOWS\system32taack.exe deleted
                          C:\WINDOWS\system32tempZ01.exe deleted
                          C:\WINDOWS\system32thun.dll deleted
                          C:\WINDOWS\system32thun32.dll deleted
                          C:\WINDOWS\system32VBIEWER.OCX deleted
                          C:\WINDOWS\system32vbsys2.dll deleted
                          C:\WINDOWS\system32vcatchpi.dll deleted
                          C:\WINDOWS\system32winlogonpc.exe deleted
                          C:\WINDOWS\system32winsystem.exe deleted
                          C:\WINDOWS\system32WINWGPX.EXE deleted
                          C:\WINDOWS\userconfig9x.dll deleted
                          C:\WINDOWS\winsystem.exe deleted
                          C:\WINDOWS\zip1.tmp deleted
                          C:\WINDOWS\zip2.tmp deleted
                          C:\WINDOWS\zip3.tmp deleted
                          C:\WINDOWS\zipped.tmp deleted
                          C:\WINDOWS\System32\ccygngbs.ini deleted
                          C:\WINDOWS\System32\ELVDNXbc.ini deleted
                          C:\WINDOWS\System32\phcudgns.exe deleted
                          C:\WINDOWS\System32\sbgngycc.dll deleted
                          C:\WINDOWS\System32\urqOEwxX.dll deleted
                          C:\akts.exe deleted
                          C:\ator.exe deleted
                          C:\kqmhioib.exe deleted
                          "C:\Documents and Settings\Christian\Bureaubladblackbird.jpg" deleted
                          "C:\Documents and Settings\Christian\BureaubladEditorFKWP1.5.exe" deleted
                          "C:\Documents and Settings\Christian\BureaubladEditorFKWP2.0.exe" deleted
                          "C:\Documents and Settings\Christian\Bureaubladfilemanagerclient.exe" deleted
                          "C:\Documents and Settings\Christian\Bureaubladfkwp1.5.exe" deleted
                          "C:\Documents and Settings\Christian\Bureaubladfkwp2.0.exe" deleted
                          "C:\Documents and Settings\Christian\Bureaubladfwebd.exe" deleted
                          "C:\Documents and Settings\Christian\BureaubladFWebdEditor.exe" deleted
                          "C:\Documents and Settings\Christian\BureaubladTrojan.Win32.BlackBird.exe" deleted

                          en van zoek.exe

                          ======C:\WINDOWS====
                          ----a-w 116 2008-03-31 18:52:34 C:\WINDOWS\NeroDigital.ini
                          ----a-w 107,260 2008-03-31 17:05:41 C:\WINDOWS\ntbtlog.txt
                          ---ha-w 54,156 2008-03-31 17:13:13 C:\WINDOWS\QTFont.qfn
                          ----a-w 32,604 2008-03-31 17:03:48 C:\WINDOWS\SchedLgU.Txt
                          ----a-w 1,045 2008-03-31 17:55:33 C:\WINDOWS\setupapi.log
                          ----a-w 0 2008-03-31 13:22:16 C:\WINDOWS\Sti_Trace.log
                          ----a-w 2,550 2008-03-31 10:56:50 C:\WINDOWS\unins000.dat
                          ----a-w 691,545 2008-03-31 10:47:56 C:\WINDOWS\unins000.exe
                          ----a-w 159 2008-03-31 17:14:20 C:\WINDOWS\wiadebug.log
                          ----a-w 49 2008-03-31 17:14:20 C:\WINDOWS\wiaservc.log
                          ----a-w 715 2008-03-29 23:43:29 C:\WINDOWS\win.ini
                          ----a-w 1,950,258 2008-03-31 18:54:12 C:\WINDOWS\WindowsUpdate.log

                          Entries: 12 (11)
                          Directories: 0 Files: 12
                          Bytes: 2,840,457 Blocks: 5,554
                          ======C:\WINDOWS\system32=====
                          ----a-w 192,976 2008-03-20 19:29:24 C:\WINDOWS\System32\FNTCACHE.DAT
                          ----a-w 6,300 2008-03-24 18:18:13 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
                          ----a-w 62,422 2008-03-31 10:49:56 C:\WINDOWS\System32\perfc009.dat
                          ----a-w 81,436 2008-03-31 10:49:56 C:\WINDOWS\System32\perfc013.dat
                          ----a-w 400,760 2008-03-31 10:49:56 C:\WINDOWS\System32\perfh009.dat
                          ----a-w 465,586 2008-03-31 10:49:56 C:\WINDOWS\System32\perfh013.dat
                          ----a-w 1,021,640 2008-03-31 10:49:54 C:\WINDOWS\System32\PerfStringBackup.INI
                          ----a-w 775,126 2008-03-31 07:35:08 C:\WINDOWS\System32\RVAXO.bat
                          ----a-w 2,228 2008-03-30 22:29:56 C:\WINDOWS\System32\wpa.dbl

                          Entries: 9 (9)
                          Directories: 0 Files: 9
                          Bytes: 3,008,474 Blocks: 5,880
                          =======C:\Program Files=====
                          Entries: 0 (0)
                          Directories: 0 Files: 0
                          Bytes: 0 Blocks: 0
                          =======C:=====
                          ----a-w 1,268 2008-03-31 17:08:19 C:\firstrun5.log
                          ----a-w 164 2008-03-29 23:42:44 C:\install.dat
                          --sha-w 2,145,386,496 2008-03-31 17:12:40 C:\pagefile.sys
                          ----a-w 1,403 2008-03-31 17:10:10 C:\RVAXO-results.log
                          ----a-w 20,819 2008-03-31 17:10:46 C:\RVAXO-Vfind.log

                          Entries: 5 (4)
                          Directories: 0 Files: 5
                          Bytes: 2,145,410,150 Blocks: 4,190,256
                          ======C:\Documents and Settings\Christian\Application Data======
                          Entries: 0 (0)
                          Directories: 0 Files: 0
                          Bytes: 0 Blocks: 0
                          ======C:\Temp======
                          Entries: 0 (0)
                          Directories: 0 Files: 0
                          Bytes: 0 Blocks: 0
                          ======C:\Documents and Settings\Christian======
                          ---ha-w 4,718,592 2008-03-31 17:11:33 C:\Documents and Settings\Christian\NTUSER.DAT
                          ---ha-w 24,576 2008-03-31 19:05:39 C:\Documents and Settings\Christian\ntuser.dat.LOG
                          --sh--w 188 2008-03-31 17:11:33 C:\Documents and Settings\Christian\ntuser.ini
                          --sha-r 444 2008-03-31 10:27:42 C:\Documents and Settings\Christian\ntuser.pol

                          Entries: 4 (0)
                          Directories: 0 Files: 4
                          Bytes: 4,743,800 Blocks: 9,266
                          =============

                          dat is al heel wat minder lijkt erop dat het voor een groot deel weg is
                          moet ik nog een logje plaatsen van hijack this?
                          bedankt nogmaals!

                          Comment


                          • #14
                            Verwijder dit bestand:
                            C:\RVAXO-Vfind.log

                            Draai RVAXO.cmd opnieuw en wacht tot het cmd-venster vanzelf afsluit.
                            Als het goed is dan is het bestand C:\RVAXO-Vfind.log nu weer opnieuw aangemaakt.
                            Post de inhoud van dit logje in je volgende bericht

                            Comment


                            • #15
                              Ik heb in veilige modus RVAXO, run me gedraaid, moest wel in veilige modus computer opnieuw opstarten. (edit: ik las ergens anders (op dit forum) dat ik beter hitmapro kan verwijderen, zal ik dat dan maar doen?
                              dit is het logje:

                              ----a-w 75,048 2008-03-05 14:25:39 C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.1.9\iTunesSetupAdmin.exe
                              ----a-w 21,364,592 2008-03-31 11:49:23 C:\Documents and Settings\Christian\Bureaublad\aaw2007.exe
                              ----a-w 812,344 2008-03-31 11:57:43 C:\Documents and Settings\Christian\Bureaublad\HJTInstall.exe
                              ----a-w 2,438,536 2008-03-31 15:59:59 C:\Documents and Settings\Christian\Bureaublad\ib2007_win_setup.exe
                              ----a-w 413,696 2008-03-31 16:31:04 C:\Documents and Settings\Christian\Bureaublad\RVAXO.exe
                              ----a-w 9,723,880 2008-03-31 10:56:41 C:\Documents and Settings\Christian\Bureaublad\spybotsd152.exe
                              ----a-w 2,671,816 2008-03-31 18:24:10 C:\Documents and Settings\Christian\Bureaublad\spywareblastersetup40.exe
                              ----a-w 147,456 2008-03-31 15:13:45 C:\Documents and Settings\Christian\Bureaublad\zoek.exe
                              ----a-w 4,096 2008-03-29 15:24:14 C:\Documents and Settings\Christian\Bureaubladvirii\Trojan-Downloader.Win32.Agent.bl.exe
                              ----a-w 4,096 2008-03-29 15:24:14 C:\Documents and Settings\Christian\Bureaubladvirii\Trojan-Downloader.Win32.Agent.p.exe
                              ----a-w 4,096 2008-03-29 15:24:14 C:\Documents and Settings\Christian\Bureaubladvirii\Trojan-Downloader.Win32.Agent.r.exe
                              ----a-w 4,096 2008-03-29 15:24:14 C:\Documents and Settings\Christian\Bureaubladvirii\Trojan-Downloader.Win32.Agent.t.exe
                              ----a-w 4,096 2008-03-29 15:24:14 C:\Documents and Settings\Christian\Bureaubladvirii\Trojan-Downloader.Win32.Agent.v.exe
                              ----a-w 2,727,816 2008-03-04 15:49:06 C:\Documents and Settings\Christian\Local Settings\Temp\is-B3OTE.tmp\pctsGui.exe
                              ----a-w 2,727,816 2008-03-04 15:49:06 C:\Documents and Settings\Christian\Local Settings\Temp\is-N75U5.tmp\pctsGui.exe
                              ----a-w 413,696 2008-03-31 16:30:59 C:\Documents and Settings\Christian\Local Settings\Temporary Internet Files\Content.IE5\22S8MKYS\RVAXO[1].exe
                              ----a-w 2,671,816 2008-03-31 18:24:04 C:\Documents and Settings\Christian\Local Settings\Temporary Internet Files\Content.IE5\KOQB4EFV\spywareblastersetup40[1].exe
                              ----a-w 147,456 2008-03-31 15:13:43 C:\Documents and Settings\Christian\Local Settings\Temporary Internet Files\Content.IE5\QA1W5H0N\zoek[1].exe
                              ----a-w 75,048 2008-03-05 14:25:39 C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KRK0J126\iTunesSetupAdmin[1].exe
                              ----a-w 304,520 2008-03-07 15:49:38 C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A81200000003}\Setup.exe
                              ------r 128,384 2008-03-31 16:00:08 C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2007\ib2007u.exe
                              ----a-w 906,480 2008-03-25 09:48:28 C:\Program Files\CCleaner\CCleaner.exe
                              ----a-w 114,122 2008-03-31 12:52:28 C:\Program Files\CCleaner\uninst.exe
                              ----a-w 667,914 2008-03-25 11:37:17 C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe
                              ----a-w 3,147,008 2008-03-31 10:38:28 C:\Program Files\Hitman Pro\hitmanpro2.exe
                              ----a-w 547,912 2008-03-31 10:41:43 C:\Program Files\Hitman Pro\srhelper.exe
                              ----a-w 751,480 2008-03-31 10:41:42 C:\Program Files\Hitman Pro\surfright.exe
                              ----a-w 683,563 2008-03-31 10:32:05 C:\Program Files\Hitman Pro\unins000.exe
                              ----a-w 2,855,080 2008-03-31 12:21:20 C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe
                              ----a-w 532,480 2008-03-31 10:40:59 C:\Program Files\Hitman Pro\downloads\cwshredder.exe
                              ----a-w 153,144 2008-03-31 10:41:31 C:\Program Files\Hitman Pro\downloads\ewido_micro.exe
                              ----a-w 1,563,704 2008-03-31 10:41:48 C:\Program Files\Hitman Pro\downloads\PrevxcsiPP3642.EXE
                              ----a-w 17,646,136 2008-03-31 12:44:03 C:\Program Files\Hitman Pro\downloads\sdsetup.exe
                              ----a-w 5,037,072 2008-03-31 10:41:28 C:\Program Files\Hitman Pro\downloads\spybotsd14.exe
                              ----a-w 2,566,736 2008-03-31 10:41:01 C:\Program Files\Hitman Pro\downloads\spywareblastersetup351.exe
                              ----a-w 547,912 2008-03-31 10:41:43 C:\Program Files\Hitman Pro\downloads\srhelper.exe
                              ----a-w 5,039,856 2008-03-31 10:50:05 C:\Program Files\Hitman Pro\updates\WindowsXP-KB912812-x86-NLD.exe
                              ----a-w 607,576 2008-03-31 11:52:12 C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                              ----a-w 2,858,320 2008-03-31 11:52:14 C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
                              ----a-w 7,660,656 2008-03-27 09:14:40 C:\Program Files\Mozilla Firefox\firefox.exe
                              ----a-w 132,232 2008-03-27 09:14:43 C:\Program Files\Mozilla Firefox\updater.exe
                              ----a-w 73,336 2008-03-27 09:14:43 C:\Program Files\Mozilla Firefox\xpicleanup.exe
                              ----a-w 407,040 2008-03-27 09:14:38 C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\talkback.exe
                              ----a-w 451,664 2008-03-27 09:14:42 C:\Program Files\Mozilla Firefox\uninstall\helper.exe
                              ------w 204,800 2008-03-31 13:30:46 C:\Program Files\PC-Cleaner\Uninstall.exe
                              ----a-w 649,378 2008-03-31 10:47:21 C:\Program Files\Spybot - Search & Destroy\unins000.exe
                              ----a-w 2,727,816 2008-03-04 15:49:06 C:\Program Files\Spyware Doctor\pctsGui.exe
                              ----a-w 948,616 2008-03-04 15:49:08 C:\Program Files\Spyware Doctor\pctsSvc.exe
                              ----a-w 190,344 2008-03-04 15:49:18 C:\Program Files\Spyware Doctor\sdloader.exe
                              ----a-w 707,976 2008-03-31 12:45:07 C:\Program Files\Spyware Doctor\unins000.exe
                              ----a-w 161,672 2008-03-04 15:49:04 C:\Program Files\Spyware Doctor\NetworkLayer\Driver.exe
                              ----a-w 691,481 2008-03-31 18:24:10 C:\Program Files\SpywareBlaster\unins000.exe
                              ----a-w 396,288 2008-03-31 11:57:54 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                              ----a-w 131,999 2008-03-13 17:17:50 C:\Program Files\Winamp\UninstWA.exe
                              ----a-w 691,545 2008-03-31 10:47:56 C:\WINDOWS\unins000.exe
                              ----a-r 10,134 2008-03-25 11:37:12 C:\WINDOWS\Installer\{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}\callmsi.exe
                              ----a-r 136,448 2008-03-25 11:37:12 C:\WINDOWS\Installer\{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}\egui.exe
                              ----a-r 102,400 2008-03-05 14:26:43 C:\WINDOWS\Installer\{80FD852F-5AAC-4129-B931-06AAFFA43138}\iTunesIco.exe
                              ----a-r 295,606 2008-03-07 15:49:39 C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe
                              ----a-r 1,038,336 2008-03-31 11:51:22 C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
                              ----a-r 178,688 2008-03-31 11:51:22 C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
                              ----a-r 171,008 2008-03-31 11:51:22 C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
                              ----a-r 8,704 2008-03-31 11:51:22 C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
                              ----a-w 19,148,408 2008-03-05 16:30:54 C:\WINDOWS\system32\MRT.exe
                              ----a-w 4,096 2008-03-29 15:24:14 C:\WINDOWS\system32smp\msrc.exe
                              ----a-w 0 2008-03-31 12:16:22 C:\WINDOWS\Temp\fOG14s63.exe
                              ----a-w 0 2008-03-31 12:16:34 C:\WINDOWS\Temp\KGpEagCY.exe
                              ----a-w 0 2008-03-31 12:16:33 C:\WINDOWS\Temp\MBF6VuMP.exe
                              ----a-w 87,040 2008-03-31 12:15:28 C:\WINDOWS\Temp\win4A6.exe
                              ----a-w 0 2008-03-31 12:16:22 C:\WINDOWS\Temp\zTKU4tnW.exe

                              Entries: 70 (70)
                              Directories: 0 Files: 70
                              Bytes: 130,498,606 Blocks: 254,903
                              =============
                              ----a-w 41,984 2008-03-07 13:52:52 C:\Documents and Settings\Christian\Local Settings\Temp\is-B3OTE.tmp\helper.dll
                              ----a-w 229,376 2008-03-07 13:52:54 C:\Documents and Settings\Christian\Local Settings\Temp\is-B3OTE.tmp\InnoHelpers.dll
                              ----a-w 49,664 2008-03-07 13:52:54 C:\Documents and Settings\Christian\Local Settings\Temp\is-B3OTE.tmp\isxdl.dll
                              ----a-w 102,400 2008-03-07 13:52:54 C:\Documents and Settings\Christian\Local Settings\Temp\is-B3OTE.tmp\PCTLicHelper.dll
                              ----a-w 558,600 2008-03-07 13:52:54 C:\Documents and Settings\Christian\Local Settings\Temp\is-B3OTE.tmp\PCTLicReset.dll
                              ----a-w 86,016 2008-03-07 13:52:54 C:\Documents and Settings\Christian\Local Settings\Temp\is-B3OTE.tmp\SecurityUtil.dll
                              ----a-w 23,312 2008-03-31 12:24:13 C:\Documents and Settings\Christian\Local Settings\Temp\is-B3OTE.tmp\_isetup\_shfoldr.dll
                              ----a-w 41,984 2008-03-07 13:52:52 C:\Documents and Settings\Christian\Local Settings\Temp\is-N75U5.tmp\helper.dll
                              ----a-w 229,376 2008-03-07 13:52:54 C:\Documents and Settings\Christian\Local Settings\Temp\is-N75U5.tmp\InnoHelpers.dll
                              ----a-w 49,664 2008-03-07 13:52:54 C:\Documents and Settings\Christian\Local Settings\Temp\is-N75U5.tmp\isxdl.dll
                              ----a-w 102,400 2008-03-07 13:52:54 C:\Documents and Settings\Christian\Local Settings\Temp\is-N75U5.tmp\PCTLicHelper.dll
                              ----a-w 558,600 2008-03-07 13:52:54 C:\Documents and Settings\Christian\Local Settings\Temp\is-N75U5.tmp\PCTLicReset.dll
                              ----a-w 86,016 2008-03-07 13:52:54 C:\Documents and Settings\Christian\Local Settings\Temp\is-N75U5.tmp\SecurityUtil.dll
                              ----a-w 23,312 2008-03-31 12:32:50 C:\Documents and Settings\Christian\Local Settings\Temp\is-N75U5.tmp\_isetup\_shfoldr.dll
                              ----a-w 6,144 2008-03-31 14:20:33 C:\Documents and Settings\Christian\Local Settings\Temp\nse10EF.tmp\ExecDos.dll
                              ----a-w 12,800 2008-03-31 14:20:15 C:\Documents and Settings\Christian\Local Settings\Temp\nse10EF.tmp\InstallOptions.dll
                              ----a-w 10,240 2008-03-31 14:20:06 C:\Documents and Settings\Christian\Local Settings\Temp\nse10EF.tmp\System.dll
                              ----a-w 4,096 2008-03-31 14:20:06 C:\Documents and Settings\Christian\Local Settings\Temp\nse10EF.tmp\UserInfo.dll
                              ----a-w 23,040 2008-03-25 10:04:44 C:\Program Files\CCleaner\lang-1043.dll
                              ----a-w 525,664 2008-03-31 11:52:01 C:\Program Files\Lavasoft\Ad-Aware 2007\update.dll
                              ----a-w 271,712 2008-03-31 11:52:02 C:\Program Files\Lavasoft\Ad-Aware 2007\upmanager.dll
                              ----a-w 13,952 2008-03-27 09:14:37 C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll
                              ----a-w 200,829 2008-03-27 09:14:41 C:\Program Files\Mozilla Firefox\freebl3.dll
                              ----a-w 458,856 2008-03-27 09:14:41 C:\Program Files\Mozilla Firefox\js3250.dll
                              ----a-w 161,392 2008-03-27 09:14:41 C:\Program Files\Mozilla Firefox\nspr4.dll
                              ----a-w 378,472 2008-03-27 09:14:41 C:\Program Files\Mozilla Firefox\nss3.dll
                              ----a-w 276,080 2008-03-27 09:14:41 C:\Program Files\Mozilla Firefox\nssckbi.dll
                              ----a-w 34,424 2008-03-27 09:14:41 C:\Program Files\Mozilla Firefox\plc4.dll
                              ----a-w 30,320 2008-03-27 09:14:41 C:\Program Files\Mozilla Firefox\plds4.dll
                              ----a-w 112,232 2008-03-27 09:14:41 C:\Program Files\Mozilla Firefox\smime3.dll
                              ----a-w 254,060 2008-03-27 09:14:41 C:\Program Files\Mozilla Firefox\softokn3.dll
                              ----a-w 132,712 2008-03-27 09:14:41 C:\Program Files\Mozilla Firefox\ssl3.dll
                              ----a-w 13,416 2008-03-27 09:14:43 C:\Program Files\Mozilla Firefox\xpcom.dll
                              ----a-w 73,848 2008-03-27 09:14:43 C:\Program Files\Mozilla Firefox\xpcom_compat.dll
                              ----a-w 422,000 2008-03-27 09:14:43 C:\Program Files\Mozilla Firefox\xpcom_core.dll
                              ----a-w 12,400 2008-03-27 09:14:43 C:\Program Files\Mozilla Firefox\xpistub.dll
                              ----a-w 67,696 2008-03-27 09:14:38 C:\Program Files\Mozilla Firefox\components\jar50.dll
                              ----a-w 54,376 2008-03-27 09:14:38 C:\Program Files\Mozilla Firefox\components\jsd3250.dll
                              ----a-w 34,952 2008-03-27 09:14:38 C:\Program Files\Mozilla Firefox\components\myspell.dll
                              ----a-w 46,720 2008-03-27 09:14:38 C:\Program Files\Mozilla Firefox\components\spellchk.dll
                              ----a-w 172,144 2008-03-27 09:14:38 C:\Program Files\Mozilla Firefox\components\xpinstal.dll
                              ----a-w 99,840 2008-03-27 09:14:38 C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\BrandRes.dll
                              ----a-w 156,544 2008-03-27 09:14:38 C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\fullsoft.dll
                              ----a-w 14,456 2008-03-27 09:14:38 C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\qfaservices.dll
                              ----a-w 22,664 2008-03-27 09:14:41 C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
                              ----a-w 112,008 2008-03-04 15:48:58 C:\Program Files\Spyware Doctor\commhlpr.dll
                              ----a-w 919,432 2008-03-04 15:49:30 C:\Program Files\Spyware Doctor\commom.dll
                              ----a-w 140,680 2008-03-04 15:48:58 C:\Program Files\Spyware Doctor\filehlpr.dll
                              ----a-w 179,080 2008-03-04 15:49:02 C:\Program Files\Spyware Doctor\inethlpr.dll
                              ----a-w 229,376 2008-03-07 13:52:54 C:\Program Files\Spyware Doctor\InnoHelpers.dll
                              ----a-w 626,688 2008-03-07 13:52:54 C:\Program Files\Spyware Doctor\msvcr80.dll
                              ----a-w 178,056 2008-03-04 15:49:10 C:\Program Files\Spyware Doctor\PCTWSC.dll
                              ----a-w 185,224 2008-03-04 15:49:16 C:\Program Files\Spyware Doctor\PWindow.dll
                              ----a-w 143,240 2008-03-04 15:49:20 C:\Program Files\Spyware Doctor\smumhook.dll
                              ----a-w 190,344 2008-03-04 15:49:06 C:\Program Files\Spyware Doctor\NetworkLayer\PCTLsp.dll
                              ----a-w 90,688 2008-03-31 11:45:06 C:\Program Files\Trend Micro\HijackThis\backups\backup-20080331-161837-446.dll
                              ----a-w 38,912 2008-03-29 15:18:45 C:\Program Files\Trend Micro\HijackThis\backups\backup-20080331-161837-626.dll
                              ----a-w 223,232 2008-03-29 15:15:07 C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
                              ----a-w 53,248 2008-03-29 15:15:07 C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft. DirectX.AudioVideoPlayback.dll
                              ----a-w 12,800 2008-03-29 15:15:07 C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .Diagnostics.dll
                              ----a-w 473,600 2008-03-29 15:15:07 C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Di rect3D.dll
                              ----a-w 576,000 2008-03-29 15:15:07 C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
                              ----a-w 145,920 2008-03-29 15:15:07 C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX. DirectDraw.dll
                              ----a-w 159,232 2008-03-29 15:15:07 C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .DirectInput.dll
                              ----a-w 364,544 2008-03-29 15:15:08 C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX. DirectPlay.dll
                              ----a-w 178,176 2008-03-29 15:15:08 C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .DirectSound.dll

                              Entries: 66 (66)
                              Directories: 0 Files: 66
                              Bytes: 11,501,265 Blocks: 22,487
                              =============
                              ----a-w 2,888 2008-03-31 19:03:05 C:\Documents and Settings\Christian\Bureaublad\del.bat
                              ----a-w 774 2008-03-25 11:33:04 C:\Documents and Settings\Christian\Local Settings\Temp\zoek.bat
                              ----a-w 775,126 2008-03-31 07:35:08 C:\WINDOWS\system32\RVAXO.bat

                              Entries: 3 (3)
                              Directories: 0 Files: 3
                              Bytes: 778,788 Blocks: 1,522
                              =============
                              --sha-w 2,145,386,496 2008-03-31 22:48:43 C:\pagefile.sys

                              Entries: 1 (0)
                              Directories: 0 Files: 1
                              Bytes: 2,145,386,496 Blocks: 4,190,208
                              =============

                              Bedankt!
                              Christian
                              Last edited by Christian1986; 01-04-08, 01:00. Reden: hitman?

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X