Mededeling

Collapse
No announcement yet.

Spyware/pop-ups

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Spyware/pop-ups

    Hey,
    Ik heb last van spyware denk ik.
    Er kwam (net als ErrorSafe, DriveCleaner) een ander soort spyware waarop stond: MonitorBescherming. Installeren: Ok, annuleren.
    Ik op annuleren drukken en het begon ineens te installeren, ik kon het niet op tijd weg klikken, en het had zich geínstalleerd.
    Nu krijg ik met firefox, IE7 de hele tijd ineens pop-ups en komt er om de uur zoiets van: Explorer.exe won't run, en dan gaat mijn taakbalk weg !
    Ook heb ik in mijn processenlijstje gekeken, en heb ik gezien dat ik 3 rundll.exe files heb

    Pc is ook wat trager, en soms wilt google niet zoeken...

    Hier HijackThis logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:35:58, on 21-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    D:\Program Files\PowerISO\PWRISOVM.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\Winamp\winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    D:\Program Files\Ares\Ares.exe
    D:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\explorer.exe
    D:\Program Files\mOzilla fiReFoX\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\ReaDer\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [sXe Injected] C:\Program Files\sXe Injected\sXe Injected.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [a8836cec] rundll32.exe "C:\WINDOWS\system32\tlckwxbv.dll",b
    O4 - HKLM\..\Run: [BMabb05f70] Rundll32.exe "C:\WINDOWS\system32\lcplbuet.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ6\ICQ.exe" silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MSOFFI~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Ventrilo - Unknown owner - D:\Program Files\VentriLoserver\ventrilo_svc.exe (file missing)

    --
    End of file - 9018 bytes

  • #2
    Download VirtumundoBegone (mirror)
    Sla dit op op je bureaublad.

    Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Post ook een nieuw logje van Hijackthis

    Comment


    • #3
      Ik heb gedaan wat u mij vroeg, Smeenk.

      Hier is het logje van VBG:

      [04/22/2008, 16:24:13] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Bayer\Bureaublad\VirtumundoBeGone.exe" )
      [04/22/2008, 16:24:42] - Detected System Information:
      [04/22/2008, 16:24:42] - Windows Version: 5.1.2600, Service Pack 2
      [04/22/2008, 16:24:42] - Current Username: Bayer (Admin)
      [04/22/2008, 16:24:42] - Windows is in NORMAL mode.
      [04/22/2008, 16:24:42] - Searching for Browser Helper Objects:
      [04/22/2008, 16:24:42] - BHO 1: {055FD26D-3A88-4e15-963D-DC8493744B1D} (XTTBPos00 Class)
      [04/22/2008, 16:24:42] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
      [04/22/2008, 16:24:42] - BHO 3: {5142ADAE-9A53-4460-B05C-38FACFDEC047} ()
      [04/22/2008, 16:24:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/22/2008, 16:24:42] - Checking for HKLM\...\Winlogon\Notify\wvUNeeCU
      [04/22/2008, 16:24:42] - Key not found: HKLM\...\Winlogon\Notify\wvUNeeCU, continuing.
      [04/22/2008, 16:24:42] - BHO 4: {708eee01-7cd7-4078-a72a-21cc00ce423f} ()
      [04/22/2008, 16:24:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/22/2008, 16:24:42] - Checking for HKLM\...\Winlogon\Notify\jvxuoqld
      [04/22/2008, 16:24:42] - Key not found: HKLM\...\Winlogon\Notify\jvxuoqld, continuing.
      [04/22/2008, 16:24:42] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [04/22/2008, 16:24:42] - BHO 6: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
      [04/22/2008, 16:24:42] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [04/22/2008, 16:24:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/22/2008, 16:24:42] - No filename found. Continuing.
      [04/22/2008, 16:24:42] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
      [04/22/2008, 16:24:42] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [04/22/2008, 16:24:42] - Finished Searching Browser Helper Objects
      [04/22/2008, 16:24:42] - Finishing up...
      [04/22/2008, 16:24:42] - Nothing found! Exiting...

      __

      En hier het logje van RVAXO-results:

      ---RVAXO.exe Updated: 2008-04-22---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\BMabb05f70.xml
      C:\WINDOWS\BMabb05f70.txt
      C:\WINDOWS\system32\TwabKRqr.ini2
      C:\WINDOWS\system32\UCeeNUvw.ini2
      C:\WINDOWS\system32\wvUNeeCU.dll_old
      C:\WINDOWS\pskt.ini
      C:\WINDOWS\wininit.ini
      C:\WINDOWS\cookies.ini
      C:\WINDOWS\system32\clkcnt.txt
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\ijjiSetup.exe

      Folders Found:

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------

      __

      En hier het 2de logje van HijackThis:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:56:17, on 22-4-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
      C:\Program Files\McAfee\Common Framework\UdaterUI.exe
      C:\Program Files\McAfee\Common Framework\McTray.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      D:\Program Files\PowerISO\PWRISOVM.EXE
      C:\WINDOWS\AGRSMMSG.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      D:\Program Files\Winamp\winampa.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      D:\Program Files\Ares\Ares.exe
      D:\Program Files\DAEMON Tools\daemon.exe
      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      D:\Program Files\ICQ6\ICQ.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\ATKKBService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\McAfee\Common Framework\FrameworkService.exe
      C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
      C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\WgaTray.exe
      C:\WINDOWS\system32\wuauclt.exe
      D:\Program Files\mOzilla fiReFoX\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {5142ADAE-9A53-4460-B05C-38FACFDEC047} - C:\WINDOWS\system32\wvUNeeCU.dll (file missing)
      O2 - BHO: {f324ec00-cc12-a27a-8704-7dc710eee807} - {708eee01-7cd7-4078-a72a-21cc00ce423f} - C:\WINDOWS\system32\jvxuoqld.dll (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\ReaDer\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [sXe Injected] C:\Program Files\sXe Injected\sXe Injected.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [a8836cec] rundll32.exe "C:\WINDOWS\system32\tlckwxbv.dll",b
      O4 - HKLM\..\Run: [BMabb05f70] Rundll32.exe "C:\WINDOWS\system32\lcplbuet.dll",s
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares\Ares.exe" -h
      O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ6\ICQ.exe" silent
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MSOFFI~1\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
      O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
      O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
      O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
      O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
      O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
      O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
      O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: Ventrilo - Unknown owner - D:\Program Files\VentriLoserver\ventrilo_svc.exe (file missing)

      --
      End of file - 10136 bytes

      ______
      En als pc opnieuw is opgestart heb ik gemerkt dat ik 2 rundll errors krijg met het volgende:


      +++
      Ik hoop dat u mij verder kunt helpen,
      BrkyB.

      Comment


      • #4
        Start Hijackthis nog een keer en vink alleen de volgende regels aan:
        O2 - BHO: (no name) - {5142ADAE-9A53-4460-B05C-38FACFDEC047} - C:\WINDOWS\system32\wvUNeeCU.dll (file missing)
        O2 - BHO: {f324ec00-cc12-a27a-8704-7dc710eee807} - {708eee01-7cd7-4078-a72a-21cc00ce423f} - C:\WINDOWS\system32\jvxuoqld.dll (file missing)
        O4 - HKLM\..\Run: [a8836cec] rundll32.exe "C:\WINDOWS\system32\tlckwxbv.dll",b
        O4 - HKLM\..\Run: [BMabb05f70] Rundll32.exe "C:\WINDOWS\system32\lcplbuet.dll",s

        Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

        Herstart je computer.

        Post na de herstart een nieuw logje van Hijackthis ter controle

        Comment


        • #5
          En hier is mijn 3de HijackThis logje:

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 17:16:23, on 22-4-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
          C:\Program Files\McAfee\Common Framework\UdaterUI.exe
          C:\Program Files\McAfee\Common Framework\McTray.exe
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          D:\Program Files\PowerISO\PWRISOVM.EXE
          C:\WINDOWS\AGRSMMSG.exe
          C:\WINDOWS\system32\RUNDLL32.EXE
          D:\Program Files\Winamp\winampa.exe
          C:\Program Files\iTunes\iTunesHelper.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
          D:\Program Files\Ares\Ares.exe
          D:\Program Files\DAEMON Tools\daemon.exe
          C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
          C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
          D:\Program Files\ICQ6\ICQ.exe
          C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\WINDOWS\ATKKBService.exe
          C:\Program Files\Bonjour\mDNSResponder.exe
          C:\Program Files\McAfee\Common Framework\FrameworkService.exe
          C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
          C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\PnkBstrA.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\WINDOWS\system32\WgaTray.exe
          C:\WINDOWS\system32\wuauclt.exe
          D:\Program Files\mOzilla fiReFoX\firefox.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
          O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
          O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
          O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
          O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\ReaDer\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [sXe Injected] C:\Program Files\sXe Injected\sXe Injected.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
          O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares\Ares.exe" -h
          O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
          O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ6\ICQ.exe" silent
          O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MSOFFI~1\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
          O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
          O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
          O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
          O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
          O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
          O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
          O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
          O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
          O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
          O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
          O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
          O23 - Service: Ventrilo - Unknown owner - D:\Program Files\VentriLoserver\ventrilo_svc.exe (file missing)

          --
          End of file - 9721 bytes

          ___
          Nou, nadat ik mijn pc opnieuw heb opgestart komt er in ieder geval geen rindll error meer, maar zie ik (ik heb 'verborgen bestanden/mappen laten zien' aangedaan bij mapopties) een bestand genaamd: Thumbs.db.

          Kan ik hier iets mee, moet ik het verwijderen?

          ;Alvast Bedankt,
          BrkyB.

          Comment


          • #6
            Nee dat is een heel normaal bestand dat je alleen maar ziet als verborgen bestanden en mappen weergegeven worden.

            Laten we nog even speuren naar restantjes:
            Download Deckard's System Scanner naar je Bureaublad.
            • Sluit alle toepassingen en vensters.
            • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
            • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
            • Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

            Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
            - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
            Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
            Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)


            Download dit bestand: zoek.exe
            Dubbelklik het, na een tijdje opent er een logje.
            Post de inhoud van dit logje ook

            Comment


            • #7
              Nee, want verborgen mappen staat al heel lang aan, en dat is er nog nooit gekomen. Nadat ik heb gedaan wat u zei kwam het pas.
              Maar ik mag het dus verwijderen?

              __

              main.txt:

              Deckard's System Scanner v20071014.68
              Run by Bayer on 2008-04-22 18:23:16
              Computer is in Normal Mode.
              --------------------------------------------------------------------------------



              -- HijackThis (run as Bayer.exe) -----------------------------------------------

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 18:23:17, on 22-4-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16574)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
              C:\Program Files\McAfee\Common Framework\UdaterUI.exe
              C:\Program Files\McAfee\Common Framework\McTray.exe
              C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
              D:\Program Files\PowerISO\PWRISOVM.EXE
              C:\WINDOWS\AGRSMMSG.exe
              C:\WINDOWS\system32\RUNDLL32.EXE
              D:\Program Files\Winamp\winampa.exe
              C:\Program Files\iTunes\iTunesHelper.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
              D:\Program Files\Ares\Ares.exe
              D:\Program Files\DAEMON Tools\daemon.exe
              C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
              C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
              D:\Program Files\ICQ6\ICQ.exe
              C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              C:\WINDOWS\ATKKBService.exe
              C:\Program Files\Bonjour\mDNSResponder.exe
              C:\Program Files\McAfee\Common Framework\FrameworkService.exe
              C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
              C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
              C:\WINDOWS\system32\nvsvc32.exe
              C:\WINDOWS\system32\PnkBstrA.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\iPod\bin\iPodService.exe
              C:\WINDOWS\system32\WgaTray.exe
              D:\Program Files\mOzilla fiReFoX\firefox.exe
              C:\Documents and Settings\Bayer\Bureaublad\dss.exe
              C:\PROGRA~1\TRENDM~1\HIJACK~1\Bayer.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
              O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
              O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
              O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
              O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
              O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
              O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
              O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
              O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\ReaDer\Reader\Reader_sl.exe"
              O4 - HKLM\..\Run: [sXe Injected] C:\Program Files\sXe Injected\sXe Injected.exe
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
              O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares\Ares.exe" -h
              O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
              O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
              O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ6\ICQ.exe" silent
              O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
              O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MSOFFI~1\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
              O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
              O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
              O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
              O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
              O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
              O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
              O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
              O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
              O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
              O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
              O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
              O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
              O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
              O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
              O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
              O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
              O23 - Service: Ventrilo - Unknown owner - D:\Program Files\VentriLoserver\ventrilo_svc.exe (file missing)

              --
              End of file - 9669 bytes

              -- Files created between 2008-03-22 and 2008-04-22 -----------------------------

              2008-04-22 16:42:05 0 d-------- C:\RVAXO
              2008-04-22 16:39:08 800405 --a------ C:\WINDOWS\system32\RVAXO.bat
              2008-04-22 16:39:08 69632 --a------ C:\WINDOWS\system32\remove.exe
              2008-04-22 14:58:33 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
              2008-04-22 14:58:11 0 d-------- C:\Program Files\SUPERAntiSpyware
              2008-04-22 14:58:11 0 d-------- C:\Documents and Settings\Bayer\Application Data\SUPERAntiSpyware.com
              2008-04-21 19:35:38 0 d-------- C:\Program Files\Trend Micro
              2008-04-21 16:37:43 0 d-------- C:\Documents and Settings\Bayer\.housecall6.6
              2008-04-21 07:21:20 0 d-------- C:\Program Files\Lavasoft
              2008-04-21 07:21:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
              2008-04-21 07:20:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
              2008-04-20 18:35:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
              2008-04-20 13:49:14 0 d-------- C:\WINDOWS\system32\GroupPolicy
              2008-04-20 13:48:59 0 d-------- C:\Program Files\Hitman Pro
              2008-04-19 11:10:06 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
              2008-04-19 10:51:47 0 d-------- C:\Documents and Settings\Bayer\Application Data\Styler
              2008-04-14 18:57:35 0 d-------- C:\Documents and Settings\Bayer\WINDOWS
              2008-04-14 18:11:59 27264 --a------ C:\WINDOWS\system32\drivers\BTKbFltr.sys <Not Verified; Anuj Infotech, India; Bontempi Keyboard>
              2008-04-14 17:43:44 0 d-------- C:\Program Files\Native Instruments
              2008-04-14 17:43:31 0 d-------- C:\Program Files\Common Files\Digidesign


              -- Find3M Report ---------------------------------------------------------------

              2008-04-21 07:20:55 0 d-------- C:\Program Files\Common Files
              2008-04-18 20:52:14 0 d-------- C:\Documents and Settings\Bayer\Application Data\Azureus
              2008-04-15 20:10:11 0 d-------- C:\Documents and Settings\Bayer\Application Data\Vso
              2008-04-14 17:43:29 0 d-------- C:\Program Files\VstPlugins
              2008-04-14 09:36:52 0 d-------- C:\Documents and Settings\Bayer\Application Data\Winamp
              2008-04-10 07:48:03 0 d--h----- C:\Program Files\InstallShield Installation Information
              2008-04-05 09:03:28 0 d-------- C:\Documents and Settings\Bayer\Application Data\LimeWire
              2008-03-30 13:35:57 458518 --a------ C:\WINDOWS\system32\perfh013.dat
              2008-03-30 13:35:57 77426 --a------ C:\WINDOWS\system32\perfc013.dat
              2008-03-29 12:46:56 0 d-------- C:\Program Files\Messenger Plus! Live
              2008-03-26 20:54:31 0 d-------- C:\Program Files\Google
              2008-03-20 16:35:01 0 d-------- C:\Program Files\Mplayer
              2008-03-20 16:31:07 0 d-------- C:\Program Files\Bonjour
              2008-03-15 17:09:30 0 d-------- C:\Program Files\iTunes
              2008-03-15 17:09:16 0 d-------- C:\Program Files\iPod
              2008-02-28 22:36:41 0 d-------- C:\Documents and Settings\Bayer\Application Data\Macromedia


              -- Registry Dump ---------------------------------------------------------------

              *Note* empty entries & legit default entries are not shown


              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [30-11-2006 08:50]
              "McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [17-11-2006 13:39]
              "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [17-09-2007 01:07]
              "nwiz"="nwiz.exe" [17-09-2007 01:07 C:\WINDOWS\system32\nwiz.exe]
              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 02:11]
              "PWRISOVM.EXE"="D:\Program Files\PowerISO\PWRISOVM.EXE" [07-08-2007 02:05]
              "AGRSMMSG"="AGRSMMSG.exe" [29-06-2004 09:06 C:\WINDOWS\AGRSMMSG.exe]
              "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12-01-2006 15:40]
              "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [17-09-2007 01:07]
              "WinampAgent"="D:\Program Files\Winamp\winampa.exe" [10-10-2007 07:28]
              "Adobe Reader Speed Launcher"="D:\Program Files\ReaDer\Reader\Reader_sl.exe" [11-05-2007 04:06]
              "sXe Injected"="C:\Program Files\sXe Injected\sXe Injected.exe"
              "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01-02-2008 00:13]
              "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19-02-2008 14:10]

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 10:03]
              "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18-10-2007 12:34]
              "ares"="D:\Program Files\Ares\Ares.exe" [15-05-2007 00:37]
              "DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [04-04-2007 00:29]
              "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [16-11-2006 19:04]
              "ICQ"="D:\Program Files\ICQ6\ICQ.exe" [19-04-2008 10:55]
              "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [29-02-2008 16:03]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
              "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20-12-2006 12:55 77824]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
              C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19-04-2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
              @="Service"

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
              @="Service"

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
              @="Volume shadow copy"




              -- End of Deckard's System Scanner: finished at 2008-04-22 18:23:41 ------------

              ik krijg geen extra.txt omdat ik dit al eerder heb laten scannen en toen extra.txt heb afgesloten, excuses daarvoor.

              __

              Logje van Zoek.exe:

              ======C:\WINDOWS====
              ----a-w 0 2008-04-22 15:13:37 C:\WINDOWS\0.log
              --s-a-w 2,048 2008-04-22 15:12:49 C:\WINDOWS\bootstat.dat
              ----a-w 59 2008-04-03 08:43:20 C:\WINDOWS\FakeInlogPass.txt
              ----a-w 7,791 2008-04-09 03:03:13 C:\WINDOWS\KB941693.log
              ----a-w 7,610 2008-04-09 03:03:10 C:\WINDOWS\KB945553.log
              ----a-w 7,700 2008-04-09 03:03:15 C:\WINDOWS\KB948590.log
              ----a-w 217 2008-03-20 14:50:05 C:\WINDOWS\MPPAGER.INI
              ----a-w 116 2008-04-05 13:33:49 C:\WINDOWS\NeroDigital.ini
              ----a-w 509,786 2008-04-22 14:38:14 C:\WINDOWS\ntbtlog.txt
              ----a-w 841 2008-03-20 14:35:05 C:\WINDOWS\QIII.INI
              ----a-w 1,409 2008-03-15 15:10:05 C:\WINDOWS\QTFont.for
              ---ha-w 54,156 2008-04-22 15:13:01 C:\WINDOWS\QTFont.qfn
              ----a-w 32,570 2008-04-22 14:35:52 C:\WINDOWS\SchedLgU.Txt
              ----a-w 181,552 2008-04-21 14:55:50 C:\WINDOWS\setupapi.log
              ----a-w 10,666 2008-04-22 12:00:08 C:\WINDOWS\sntmp1.txt
              ----a-w 37 2008-04-05 12:45:12 C:\WINDOWS\vbaddin.ini
              ----a-w 157 2008-04-22 15:13:31 C:\WINDOWS\wiadebug.log
              ----a-w 0 2008-04-22 15:13:23 C:\WINDOWS\wiaservc.log
              ----a-w 1,026 2008-03-11 17:17:26 C:\WINDOWS\win.ini
              ----a-w 1,904,859 2008-04-22 15:15:19 C:\WINDOWS\WindowsUpdate.log
              ----a-w 57,830 2008-04-09 17:42:19 C:\WINDOWS\wmsetup.log
              ----a-w 2,560 2008-04-19 09:10:06 C:\WINDOWS\_MSRSTRT.EXE

              Entries: 22 (20)
              Directories: 0 Files: 22
              Bytes: 2,782,990 Blocks: 5,445
              ======C:\WINDOWS\system32=====
              ----a-w 1,498,272 2008-04-11 07:02:28 C:\WINDOWS\System32\FNTCACHE.DAT
              ----a-w 17,087 2008-04-16 13:52:56 C:\WINDOWS\System32\ijjiSetup.log
              --sh--w 1,540,737 2008-04-20 18:14:35 C:\WINDOWS\System32\jgqfdnfh.ini
              --sh--w 1,540,806 2008-04-21 14:45:16 C:\WINDOWS\System32\jtlstjbe.ini
              ----a-w 59,440 2008-03-30 11:35:57 C:\WINDOWS\System32\perfc009.dat
              ----a-w 77,426 2008-03-30 11:35:57 C:\WINDOWS\System32\perfc013.dat
              ----a-w 395,200 2008-03-30 11:35:57 C:\WINDOWS\System32\perfh009.dat
              ----a-w 458,518 2008-03-30 11:35:57 C:\WINDOWS\System32\perfh013.dat
              ----a-w 1,002,430 2008-03-30 11:35:56 C:\WINDOWS\System32\PerfStringBackup.INI
              ----a-w 800,405 2008-04-21 22:01:46 C:\WINDOWS\System32\RVAXO.bat
              --sha-w 242,862 2008-04-22 13:18:17 C:\WINDOWS\System32\TwabKRqr.ini
              --sha-w 207,820 2008-04-21 14:42:17 C:\WINDOWS\System32\UCeeNUvw.ini
              --sh--w 1,540,677 2008-04-21 16:34:57 C:\WINDOWS\System32\vbxwkclt.ini
              ----a-w 2,206 2008-04-20 18:13:52 C:\WINDOWS\System32\wpa.dbl

              Entries: 14 (9)
              Directories: 0 Files: 14
              Bytes: 9,383,886 Blocks: 18,336
              ======C:\WINDOWS\system32\drivers=====
              ----a-w 27,264 2008-04-14 16:11:59 C:\WINDOWS\System32\drivers\BTKbFltr.sys

              Entries: 1 (1)
              Directories: 0 Files: 1
              Bytes: 27,264 Blocks: 54
              =======C:\Program Files=====
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              =======C:=====
              ----a-w 545 2008-04-22 14:41:10 C:\firstrun5.log
              --sha-w 804,835,328 2008-04-22 15:12:47 C:\hiberfil.sys
              ----a-w 488 2008-04-15 15:29:00 C:\hpfr5550.xml
              ----a-w 53,670 2008-04-10 21:24:49 C:\log.txt
              --sha-w 1,207,959,552 2008-04-22 15:12:46 C:\pagefile.sys
              ----a-w 680 2008-04-22 14:43:45 C:\RVAXO-results.log
              ----a-w 6,550 2008-04-22 14:44:46 C:\RVAXO-Vfind.log
              ---ha-w 268 2008-04-22 14:49:08 C:\sqmdata00.sqm
              ---ha-w 268 2008-04-22 15:11:44 C:\sqmdata01.sqm
              ---ha-w 244 2008-04-22 14:49:08 C:\sqmnoopt00.sqm
              ---ha-w 244 2008-04-22 15:11:44 C:\sqmnoopt01.sqm

              Entries: 11 (5)
              Directories: 0 Files: 11
              Bytes: 2,012,857,837 Blocks: 3,931,367
              ======C:\Documents and Settings\Bayer\Application Data======
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              ======C:\Temp======
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              ======C:\Documents and Settings\Bayer======
              ----a-w 7,864,320 2008-04-22 15:12:13 C:\Documents and Settings\Bayer\ntuser.dat
              ---ha-w 53,248 2008-04-22 16:24:47 C:\Documents and Settings\Bayer\ntuser.dat.LOG

              Entries: 2 (1)
              Directories: 0 Files: 2
              Bytes: 7,917,568 Blocks: 15,464
              ======C:\WINDOWS\Downloaded Program Files====
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              =============

              __
              Bij Voorbaat Dank,
              BrkyB.

              Comment


              • #8
                Open een kladblokbestand.
                Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                @ECHO OFF
                sc delete xseaqwt
                IF EXIST log.txt DEL log.txt
                ECHO Deleting files>>log.txt
                FOR %%g in (
                C:\WINDOWS\System32\jgqfdnfh.ini
                C:\WINDOWS\System32\jtlstjbe.ini
                C:\WINDOWS\System32\TwabKRqr.ini
                C:\WINDOWS\System32\UCeeNUvw.ini
                C:\WINDOWS\System32\vbxwkclt.ini) DO (
                del /q %%gNUCIA
                IF EXIST %%g (
                ATTRIB -r -s -h %%g
                DEL %%g
                REN %%g *NUCIA
                IF EXIST %%gNUCIA (
                ECHO renamed to %%gNUCIA>>log.txt)
                IF EXIST %%g (
                ECHO %%g not deleted>>log.txt
                ) ELSE (
                ECHO %%g deleted>>log.txt)
                ) ELSE (
                ECHO %%g not found>>log.txt))
                START NOTEPAD.EXE log.txt

                Ga naar Bestand - Opslaan als.
                Bij "Opslaan in" kies je: Bureaublad
                Bij "Bestandsnaam" zet je: del.bat
                Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                Klik op de knop Opslaan.

                Dubbelklik op del.bat en bewaar de inhoud van de logfile die opent.

                Comment


                • #9
                  uh, logje hier:

                  Deleting files
                  C:\WINDOWS\System32\jgqfdnfh.ini deleted
                  C:\WINDOWS\System32\jtlstjbe.ini deleted
                  C:\WINDOWS\System32\TwabKRqr.ini deleted
                  C:\WINDOWS\System32\UCeeNUvw.ini deleted
                  C:\WINDOWS\System32\vbxwkclt.ini deleted

                  __
                  Maar kan ik thumbs.db gewoon verwijderen?!

                  Comment


                  • #10
                    Haal maar weg als je hem kwijt wil.

                    Je Java software is verouderd.
                    Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                    Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                    • Download Java Runtime Environment (JRE) 6u6 en bewaar het naar je Bureaublad.
                    • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                    • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                    • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                    • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                    • Herhaal dit tot alle oudere versies verdwenen zijn.
                    • Na het verwijderen van alle oudere versies, herstart je pc.
                    • Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                    Download ATF cleaner (mirror)(gemaakt door Atribune)

                    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                    Dubbelklik op ATF cleaner om het programma te starten.
                    Op het tabblad "Main", plaats je een vinkje bij Select All.
                    Klik op de knop Empty Selected.

                    Het volgende doen als je ook FireFox als browser hebt:
                    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                    Klik op de knop Empty Selected.

                    Het volgende doen als je ook Opera als browser hebt:
                    Klik op tabblad "Opera", plaats een vinkje bij Select All.
                    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                    Klik op de knop Empty Selected.
                    Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                    Kijk hier hoe je je systeemherstel moet uitschakelen.
                    Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                    Zijn alle problemen nu voorbij?

                    Comment


                    • #11
                      Jep tot zover hoop ik.
                      Bedankt voor alles, ik 10 replies is mijn probleem opgelost.
                      Hoop dat ik niet meer van die irritante virus-pop;ups krijg !

                      Het was fijn om zaken met u te doen !
                      Nogmaals bedankt voor al uw hulp!!
                      Last edited by BrkyB; 22-04-08, 19:33.

                      Comment


                      • #12
                        Graag gedaan hoor

                        Comment

                        Sorry, you are not authorized to view this page
                        Working...
                        X