Mededeling

Collapse
No announcement yet.

Internet explorer en firefox openen bepaalde sites niet

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Internet explorer en firefox openen bepaalde sites niet

    hallo mensen,

    ik heb hier een aardig probleempje, een week geleden zat mijn pc vol spyware die we gelukkig allemaal hebben kunnen weghalen. maar tevergeefs heb ik een probleem erbij gekregen. sinds de spyware eraf ligt <althans volgens Ad-aware nod32 en norman malware cleaner> kan ik op bepaalde sites niet meerkomen. nu heb ik op mijn laptop geprobeerd of ik daarmee wel op de sites kan komen en daar lukt het dus wel mee.

    zowel firefox als iexplorer opent ze niet. ik kan op google niet zoeken of ik kan niet op fok.nl komen ook kan ik niet op mijn gmail komen.

    ik heb dus een mooi hijackthis logje gemaakt. ik hoop dat jullie mij kunnen helpen.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:06:58, on 26-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    H:\WINDOWS\Explorer.EXE
    H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    H:\WINDOWS\system32\spoolsv.exe
    H:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\CameraFixer.exe
    H:\WINDOWS\tsnpstd3.exe
    H:\WINDOWS\vsnpstd3.exe
    H:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
    H:\WINDOWS\RTHDCPL.EXE
    H:\WINDOWS\system32\RUNDLL32.EXE
    H:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    H:\WINDOWS\system32\Rundll32.exe
    H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    H:\Program Files\POP Peeper\POPPeeper.exe
    H:\WINDOWS\system32\ctfmon.exe
    H:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
    H:\Program Files\DAEMON Tools Lite\daemon.exe
    H:\Program Files\PeerGuardian2\pg2.exe
    H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    H:\Program Files\Bonjour\mDNSResponder.exe
    H:\Program Files\COMODO\Firewall\cmdagent.exe
    H:\WINDOWS\eHome\ehRecvr.exe
    H:\WINDOWS\eHome\ehSched.exe
    H:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
    H:\Program Files\Common Files\LightScribe\LSSrvc.exe
    H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    H:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    H:\WINDOWS\system32\nvsvc32.exe
    H:\WINDOWS\System32\snmp.exe
    H:\WINDOWS\system32\svchost.exe
    H:\Program Files\iPod\bin\iPodService.exe
    H:\WINDOWS\system32\dllhost.exe
    H:\WINDOWS\system32\wuauclt.exe
    H:\Program Files\Mozilla Firefox\firefox.exe
    H:\WINDOWS\system32\wuauclt.exe
    H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {01A33D85-4706-452A-B71A-99510ADA8C0C} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {EDB7D913-2BC8-4BC1-A0B8-97B5A31D1A60} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [CloneCDTray] "H:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" H:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [tsnpstd3] H:\WINDOWS\tsnpstd3.exe
    O4 - HKLM\..\Run: [snpstd3] H:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] //~rundll32.exe bthprops.cpl,,bluetoothauthenticationagent
    O4 - HKLM\..\Run: [Name of App] "H:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" r
    O4 - HKLM\..\Run: [QuickTime Task] //~h:\program files\quicktime\qttask.exe -atboottime
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [egui] "H:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "H:\Program Files\COMODO\Firewall\cfp.exe" -h
    O4 - HKLM\..\Run: [BMdff7f22d] Rundll32.exe "H:\WINDOWS\system32\fjwxauek.dll",s
    O4 - HKCU\..\Run: [Fraps] //~h:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [POP Peeper] "H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
    O4 - HKCU\..\Run: [LightScribe Control Panel] "H:\Program Files\POP Peeper\POPPeeper.exe" -min
    O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AGEIA PhysX SysTray] "H:\Program Files\AGEIA Technologies\bin\TrayIcon.exe"
    O4 - HKCU\..\Run: [NVIDIA nTune] "H:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [PeerGuardian] "H:\Program Files\PeerGuardian2\pg2.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - Winlogon Notify: fccdbCtU - H:\WINDOWS\
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - H:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - H:\WINDOWS\ATKKBService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - H:\Program Files\COMODO\Firewall\cmdagent.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - H:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - H:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IIS-beheer (IISADMIN) - Unknown owner - H:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - H:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - H:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - H:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SMTP (Simple Mail Transfer Protocol) (SMTPSVC) - Unknown owner - H:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - H:\WINDOWS\System32\TuneUpDefragService.exe

    --
    End of file - 10796 bytes

  • #2
    Start Hijackthis en vink alleen de volgende regels aan:
    O2 - BHO: (no name) - {01A33D85-4706-452A-B71A-99510ADA8C0C} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: (no name) - {EDB7D913-2BC8-4BC1-A0B8-97B5A31D1A60} - (no file)
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [BMdff7f22d] Rundll32.exe "H:\WINDOWS\system32\fjwxauek.dll",s
    O4 - HKCU\..\Run: [Fraps] //~h:\windows\system32\ctfmon.exe
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O20 - Winlogon Notify: fccdbCtU - H:\WINDOWS\

    Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)
    Last edited by smeenk; 26-04-08, 20:24.

    Comment


    • #3
      ik ga het meteen proberen ik laat het meteen weten als het is gelukt

      Comment


      • #4
        ok deit is de log van rvaxo.exe

        ---RVAXO.exe Updated: 2008-04-25---first run---
        Uninstallers:

        Files found:
        H:\WINDOWS\BMdff7f22d.xml
        H:\WINDOWS\BMdff7f22d.txt
        H:\WINDOWS\system32\bJQqAcdd.ini2
        H:\WINDOWS\system32\IlnVCJlm.ini2
        H:\WINDOWS\system32\lTvELnnn.ini2
        H:\WINDOWS\pskt.ini
        H:\WINDOWS\wininit.ini
        H:\WINDOWS\system32\clkcnt.txt

        Folders Found:
        H:\Documents and Settings\All Users.WINDOWS\Application Data\SalesMon
        H:\Program Files\VeiligheidsAgent
        H:\Program Files\Common Files\VeiligheidsAgent
        H:\Documents and Settings\greenie\Application Data\VeiligheidsAgent

        Hosts-file was reset, If you use a custom hosts file please replace it...

        --------------RVAXO.exe last run---------------
        Not deleted items:
        H:\WINDOWS\pskt.ini
        H:\Program Files\VeiligheidsAgent
        H:\Program Files\Common Files\VeiligheidsAgent
        H:\Documents and Settings\greenie\Application Data\VeiligheidsAgent

        --------------RVAXO.exe finished----------------

        ik ga nu deckards doen

        Comment


        • #5
          dit is de log van DSS

          Deckard's System Scanner v20071014.68
          Run by greenie on 2008-04-26 21:56:45
          Computer is in Normal Mode.
          --------------------------------------------------------------------------------

          -- System Restore --------------------------------------------------------------

          Successfully created a Deckard's System Scanner Restore Point.


          -- Last 5 Restore Point(s) --
          91: 2008-04-26 19:56:51 UTC - RP91 - Deckard's System Scanner Restore Point
          90: 2008-04-26 17:36:29 UTC - RP90 - Software Distribution Service 3.0
          89: 2008-04-26 17:32:50 UTC - RP89 - Software Distribution Service 3.0
          88: 2008-04-26 17:31:58 UTC - RP88 - Software Distribution Service 3.0
          87: 2008-04-26 17:27:23 UTC - RP87 - Software Distribution Service 3.0


          -- First Restore Point --
          1: 2008-04-10 10:45:14 UTC - RP1 - Controlepunt van systeem


          Backed up registry hives.
          Performed disk cleanup.



          -- HijackThis (run as greenie.exe) ---------------------------------------------

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 21:58:43, on 26-4-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16640)
          Boot mode: Normal

          Running processes:
          H:\WINDOWS\System32\smss.exe
          H:\WINDOWS\system32\winlogon.exe
          H:\WINDOWS\system32\services.exe
          H:\WINDOWS\system32\lsass.exe
          H:\WINDOWS\system32\svchost.exe
          H:\WINDOWS\System32\svchost.exe
          H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          H:\WINDOWS\Explorer.EXE
          H:\WINDOWS\system32\spoolsv.exe
          H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          H:\Program Files\Bonjour\mDNSResponder.exe
          H:\Program Files\COMODO\Firewall\cmdagent.exe
          H:\WINDOWS\eHome\ehRecvr.exe
          H:\WINDOWS\eHome\ehSched.exe
          H:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
          H:\Program Files\Common Files\LightScribe\LSSrvc.exe
          H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
          H:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
          H:\WINDOWS\system32\nvsvc32.exe
          H:\WINDOWS\System32\snmp.exe
          H:\WINDOWS\system32\svchost.exe
          H:\WINDOWS\system32\dllhost.exe
          H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
          H:\Program Files\iTunes\iTunesHelper.exe
          C:\WINDOWS\CameraFixer.exe
          H:\WINDOWS\tsnpstd3.exe
          H:\WINDOWS\vsnpstd3.exe
          H:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
          H:\WINDOWS\RTHDCPL.EXE
          H:\WINDOWS\system32\RUNDLL32.EXE
          H:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
          H:\WINDOWS\system32\Rundll32.exe
          H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
          H:\Program Files\POP Peeper\POPPeeper.exe
          H:\WINDOWS\system32\ctfmon.exe
          H:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
          H:\Program Files\DAEMON Tools Lite\daemon.exe
          H:\Program Files\PeerGuardian2\pg2.exe
          H:\Program Files\iPod\bin\iPodService.exe
          H:\WINDOWS\system32\wuauclt.exe
          H:\Documents and Settings\greenie\Bureaublad\dss.exe
          H:\PROGRA~1\TRENDM~1\HIJACK~1\greenie.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
          O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
          O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
          O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
          O4 - HKLM\..\Run: [CloneCDTray] "H:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
          O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" H:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
          O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
          O4 - HKLM\..\Run: [tsnpstd3] H:\WINDOWS\tsnpstd3.exe
          O4 - HKLM\..\Run: [snpstd3] H:\WINDOWS\vsnpstd3.exe
          O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
          O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] //~rundll32.exe bthprops.cpl,,bluetoothauthenticationagent
          O4 - HKLM\..\Run: [Name of App] "H:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" r
          O4 - HKLM\..\Run: [QuickTime Task] //~h:\program files\quicktime\qttask.exe -atboottime
          O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
          O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
          O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [egui] "H:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
          O4 - HKLM\..\Run: [COMODO Firewall Pro] "H:\Program Files\COMODO\Firewall\cfp.exe" -h
          O4 - HKLM\..\Run: [BMdff7f22d] Rundll32.exe "H:\WINDOWS\system32\fjwxauek.dll",s
          O4 - HKCU\..\Run: [POP Peeper] "H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
          O4 - HKCU\..\Run: [LightScribe Control Panel] "H:\Program Files\POP Peeper\POPPeeper.exe" -min
          O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [AGEIA PhysX SysTray] "H:\Program Files\AGEIA Technologies\bin\TrayIcon.exe"
          O4 - HKCU\..\Run: [NVIDIA nTune] "H:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
          O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
          O4 - HKCU\..\Run: [PeerGuardian] "H:\Program Files\PeerGuardian2\pg2.exe"
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
          O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
          O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
          O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
          O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - H:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
          O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - H:\WINDOWS\ATKKBService.exe
          O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
          O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - H:\Program Files\COMODO\Firewall\cmdagent.exe
          O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - H:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
          O23 - Service: Eset Service (ekrn) - ESET - H:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: IIS-beheer (IISADMIN) - Unknown owner - H:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
          O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
          O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
          O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
          O23 - Service: nTune Service (nTuneService) - NVIDIA - H:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: SMTP (Simple Mail Transfer Protocol) (SMTPSVC) - Unknown owner - H:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
          O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - H:\WINDOWS\System32\TuneUpDefragService.exe

          --
          End of file - 10076 bytes

          -- HijackThis Fixed Entries (H:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

          backup-20080426-214450-101 O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
          backup-20080426-214450-281 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
          backup-20080426-214450-292 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
          backup-20080426-214450-467 O2 - BHO: (no name) - {EDB7D913-2BC8-4BC1-A0B8-97B5A31D1A60} - (no file)
          backup-20080426-214450-635 O4 - HKLM\..\Run: [BMdff7f22d] Rundll32.exe "H:\WINDOWS\system32\fjwxauek.dll",s
          backup-20080426-214450-844 O2 - BHO: (no name) - {01A33D85-4706-452A-B71A-99510ADA8C0C} - (no file)
          backup-20080426-214450-902 O4 - HKCU\..\Run: [Fraps] //~h:\windows\system32\ctfmon.exe
          backup-20080426-214450-924 O20 - Winlogon Notify: fccdbCtU - H:\WINDOWS\

          -- File Associations -----------------------------------------------------------

          .js - JSFile - DefaultIcon - "H:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


          -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

          R0 JGOGO (JMicron Hot-Plug Driver) - h:\windows\system32\drivers\jgogo.sys <Not Verified; JMicron; SCSI Port upper filter driver>
          R0 JRAID - h:\windows\system32\drivers\jraid.sys <Not Verified; JMicron Technology Corp.; JMicron JMB36X RAID Driver>
          R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - h:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
          R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - h:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
          R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - h:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
          R1 EIO - h:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
          R1 FileDisk - h:\windows\system32\drivers\filedisk.sys <Not Verified; Bo Brantén; filedisk>
          R1 SCDEmu - h:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
          R3 MTsensor (ATK0110 ACPI UTILITY) - h:\windows\system32\drivers\asacpi.sys <Not Verified; ; ATK0110 ACPI Utility>
          R3 NVR0Dev - h:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
          R3 pcouffin (VSO Software pcouffin) - h:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
          R3 pgfilter - h:\program files\peerguardian2\pgfilter.sys
          R3 SNPSTD3 (USB PC Camera (SNPSTD3)) - h:\windows\system32\drivers\snpstd3.sys <Not Verified; ; PC Camera driver>

          S1 asusgsb (ASUS Virtual Video Capture Device Driver) - h:\windows\system32\drivers\asusgsb32.sys (file missing)
          S1 asuskbnt (Enhanced Display Driver Helper Service) - h:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
          S3 61883 (61883-eenheidsapparaat) - h:\windows\system32\drivers\61883.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
          S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - h:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
          S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - h:\windows\system32\drivers\awrtpd.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
          S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - h:\windows\system32\drivers\awrtrd.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
          S3 Avc (AVC-apparaat) - h:\windows\system32\drivers\avc.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
          S3 Bridge (MAC-brug) - h:\windows\system32\drivers\bridge.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
          S3 BridgeMP (MAC-brugminipoort) - h:\windows\system32\drivers\bridge.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
          S3 BthEnum (Stuurprogramma voor Bluetooth-aanvraagblok) - h:\windows\system32\drivers\bthenum.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
          S3 BthPan (Bluetooth-apparaat (PAN - Personal Area Network)) - h:\windows\system32\drivers\bthpan.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
          S3 BTHPORT (Poortstuurprogramma voor Bluetooth) - h:\windows\system32\drivers\bthport.sys <Not Verified; Microsoft Corporation; Microsoft® Windows®-besturingssysteem>
          S3 BTHUSB (USB-stuurprogramma voor Bluetooth-radio's) - h:\windows\system32\drivers\bthusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
          S3 MSDV (Microsoft DV Camera and VCR) - h:\windows\system32\drivers\msdv.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
          S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - h:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
          S3 usbbus (LGE Mobile Composite USB Device) - h:\windows\system32\drivers\lgusbbus.sys <Not Verified; LG Electronics Inc.; LG CDMA USB Multi function Driver>
          S3 UsbDiag (LGE Mobile USB Serial Port) - h:\windows\system32\drivers\lgusbdiag.sys <Not Verified; LG Electronics Inc.; LG CDMA USB Diagnostics Driver>
          S3 USBModem (LGE Mobile USB Modem) - h:\windows\system32\drivers\lgusbmodem.sys <Not Verified; LG Electronics Inc.; LG CDMA USB Modem Driver>
          S3 Video3D (ASUS Video3D Service) - h:\windows\system32\drivers\video3d32.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Video3D driver>


          -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

          R2 Apple Mobile Device - "h:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
          R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "h:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
          R2 BthServ (Bluetooth Support Service) - h:\windows\system32\svchost.exe -k bthsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
          R2 Nero BackItUp Scheduler 3 - h:\program files\nero\nero8\nero backitup\nbservice.exe
          R2 nTuneService (nTune Service) - h:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
          R2 SNMP (SNMP-service) - h:\windows\system32\snmp.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
          R2 UxTuneUp (TuneUp Thema-uitbreiding) - h:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

          S2 ATKKeyboardService (ATK Keyboard Service) - h:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
          S2 IISADMIN (IIS-beheer) - h:\windows\system32\inetsrv\inetinfo.exe (file missing)
          S2 SMTPSVC (SMTP (Simple Mail Transfer Protocol)) - h:\windows\system32\inetsrv\inetinfo.exe (file missing)
          S3 FLEXnet Licensing Service - "h:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
          S3 LPDSVC (TCP/IP Print Server) - h:\windows\system32\tcpsvcs.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
          S3 MHN - h:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
          S3 NBService - h:\program files\nero\nero 7\nero backitup\nbservice.exe
          S3 WLSetupSvc (Windows Live Setup Service) - "h:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>


          -- Device Manager: Disabled ----------------------------------------------------

          Class GUID: {5458011F-08D4-4605-93A2-F03E61BEDBA3}
          Description: Enhanced Display Driver Helper Service
          Device ID: ROOT\ASUSOTHERDEVICES\0000
          Manufacturer: ASUSTeK
          Name: Enhanced Display Driver Helper Service
          PNP Device ID: ROOT\ASUSOTHERDEVICES\0000
          Service: asuskbnt

          Class GUID: {5458011F-08D4-4605-93A2-F03E61BEDBA3}
          Description: Asus Video3D Device
          Device ID: ROOT\ASUSOTHERDEVICES\0001
          Manufacturer: ASUSTeK
          Name: Asus Video3D Device
          PNP Device ID: ROOT\ASUSOTHERDEVICES\0001
          Service: Video3D


          -- Scheduled Tasks -------------------------------------------------------------

          2008-04-18 19:11:15 342 --a------ H:\WINDOWS\Tasks\Uniblue SpyEraser.job
          2008-04-18 17:23:29 380 --a------ H:\WINDOWS\Tasks\1-Click Maintenance.job
          2008-04-18 17:13:24 274 --a------ H:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
          2008-04-18 17:13:18 396 --a------ H:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
          2007-09-11 22:13:52 284 --a------ H:\WINDOWS\Tasks\AppleSoftwareUpdate.job


          -- Files created between 2008-03-26 and 2008-04-26 -----------------------------

          2008-04-26 21:47:48 803317 --a------ H:\WINDOWS\system32\RVAXO.bat
          2008-04-26 21:47:48 16384 --a------ H:\WINDOWS\system32\Restart.exe <Not Verified; WareSoft Software; restart>
          2008-04-26 21:47:48 69632 --a------ H:\WINDOWS\system32\remove.exe
          2008-04-26 19:06:38 0 d-------- H:\Program Files\Trend Micro
          2008-04-25 20:33:57 0 d-------- H:\WINDOWS\system32\Cache
          2008-04-25 20:33:27 8192 --a------ H:\WINDOWS\system32\staxmem.dll <Not Verified; Microsoft Corporation; Internet Information Services>
          2008-04-25 20:24:19 0 d-------- H:\Inetpub
          2008-04-22 20:24:03 0 dr-h----- H:\Documents and Settings\greenie\Onlangs geopend
          2008-04-22 20:21:43 0 d-------- H:\WINDOWS\Prefetch
          2008-04-22 20:21:26 0 d-------- H:\WINDOWS\system32\CatRoot2
          2008-04-22 20:21:14 0 d-------- H:\WINDOWS\SoftwareDistribution
          2008-04-22 20:21:14 0 d--h----- H:\Program Files\WindowsUpdate
          2008-04-21 21:22:20 0 d-------- H:\Documents and Settings\greenie\Application Data\Mozilla
          2008-04-21 19:22:47 0 d-------- H:\Documents and Settings\Administrator\Favorieten
          2008-04-21 19:22:47 0 d--hs---- H:\Documents and Settings\Administrator\Cookies
          2008-04-21 19:22:47 0 d-------- H:\Documents and Settings\Administrator\Bureaublad
          2008-04-21 19:22:47 0 dr-h----- H:\Documents and Settings\Administrator\Application Data
          2008-04-21 19:22:47 0 d---s---- H:\Documents and Settings\Administrator\Application Data\Microsoft
          2008-04-21 19:22:46 0 d--h----- H:\Documents and Settings\Administrator\Sjablonen
          2008-04-21 19:22:46 0 dr-h----- H:\Documents and Settings\Administrator\SendTo
          2008-04-21 19:22:46 0 d--h----- H:\Documents and Settings\Administrator\Onlangs geopend
          2008-04-21 19:22:46 524288 --ah----- H:\Documents and Settings\Administrator\NTUSER.DAT
          2008-04-21 19:22:46 0 d--h----- H:\Documents and Settings\Administrator\Netwerkprinteromgeving
          2008-04-21 19:22:46 0 d--h----- H:\Documents and Settings\Administrator\NetHood
          2008-04-21 19:22:46 0 d-------- H:\Documents and Settings\Administrator\Mijn documenten
          2008-04-21 19:22:46 0 dr------- H:\Documents and Settings\Administrator\Menu Start
          2008-04-21 19:22:46 0 d--h----- H:\Documents and Settings\Administrator\Local Settings
          2008-04-18 20:25:35 0 d-------- H:\Documents and Settings\greenie\Application Data\Comodo
          2008-04-18 20:25:34 0 d-------- H:\Documents and Settings\All Users.WINDOWS\Application Data\comodo
          2008-04-18 20:25:21 0 d-------- H:\Program Files\COMODO
          2008-04-18 19:07:31 0 d-------- H:\Documents and Settings\All Users.WINDOWS\Application Data\Uniblue
          2008-04-18 17:15:50 0 d-------- H:\Documents and Settings\greenie\Application Data\Uniblue
          2008-04-18 17:12:43 0 d-------- H:\Program Files\Uniblue
          2008-04-17 21:18:59 737280 --a------ H:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
          2008-04-17 21:18:40 0 d-------- H:\Program Files\FireTune
          2008-04-16 22:43:06 0 d-------- H:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
          2008-04-16 21:19:08 86592 --a------ H:\WINDOWS\system32\ltxsxmwm.dll
          2008-04-16 21:16:03 94272 --a------ H:\WINDOWS\system32\mkraebvo.dll
          2008-04-16 21:13:03 95808 --a------ H:\WINDOWS\system32\fjwxauek.dll
          2008-04-15 21:20:45 91712 --a------ H:\WINDOWS\system32\bsxqxvtx.dll
          2008-04-14 21:15:26 92224 --a------ H:\WINDOWS\system32\hqusvycg.dll
          2008-04-13 21:46:12 0 d-------- H:\Program Files\Lavasoft
          2008-04-13 21:24:36 0 --a------ H:\WINDOWS\system32\w32apiw.dll
          2008-04-13 21:24:34 0 d-------- H:\Documents and Settings\greenie\Application Data\nCleaner
          2008-04-13 21:24:26 0 d-------- H:\Program Files\NKProds
          2008-04-13 21:24:05 892614 --a------ H:\ncleaner_setup.exe <Not Verified; NKProds; nCleaner second>
          2008-04-13 20:22:36 0 d-------- H:\84f2c23995a68a21eaecab5077
          2008-04-13 20:07:13 0 d-------- H:\Documents and Settings\All Users.WINDOWS\Application Data\PrevxCSI
          2008-04-13 20:00:41 0 d--hs---- H:\VeiligheidsAgent
          2008-04-13 20:00:28 0 d-------- H:\Documents and Settings\greenie\Application Data\VeiligheidsAgent
          2008-04-13 19:52:49 0 dr------- H:\Documents and Settings\All Users.WINDOWS\Application Data\SalesMon
          2008-04-13 19:52:38 0 d-------- H:\Program Files\VeiligheidsAgent
          2008-04-13 19:52:38 0 d-------- H:\Program Files\Common Files\VeiligheidsAgent
          2008-04-13 19:25:03 0 d-------- H:\Program Files\Panda Security
          2008-04-10 12:45:20 8650752 --a------ H:\Documents and Settings\greenie\ntuser.dat
          2008-04-08 21:14:32 0 d-------- H:\Program Files\LimeWire
          2008-03-31 23:25:48 823296 --a------ H:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
          2008-03-31 23:25:48 823296 --a------ H:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
          2008-03-31 23:25:46 802816 --a------ H:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
          2008-03-31 23:25:46 831488 --a------ H:\WINDOWS\system32\divx_xx0a.dll
          2008-03-31 23:25:46 682496 --a------ H:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
          2008-03-28 20:02:06 0 d-------- H:\Documents and Settings\greenie\Logs
          2008-03-27 20:27:28 5702 --ah----- H:\WINDOWS\nod32restoretemdono.reg
          2008-03-27 20:25:10 0 d-------- H:\Program Files\real


          -- Find3M Report ---------------------------------------------------------------

          2008-04-26 22:01:18 0 d-------- H:\Program Files\PeerGuardian2
          2008-04-26 21:56:19 454 --a------ H:\Documents and Settings\greenie\Application Data\SamsungLiveUpdateConfig.ini
          2008-04-26 19:26:19 0 d-------- H:\Program Files\Hitman Pro
          2008-04-25 20:34:04 547712 --a------ H:\WINDOWS\system32\perfh013.dat
          2008-04-25 20:34:04 98688 --a------ H:\WINDOWS\system32\perfc013.dat
          2008-04-23 12:20:50 0 d-------- H:\Documents and Settings\greenie\Application Data\uTorrent
          2008-04-23 12:16:22 0 d-------- H:\Documents and Settings\greenie\Application Data\LimeWire
          2008-04-18 19:44:53 164 --a------ H:\install.dat
          2008-04-17 22:10:55 0 d-------- H:\Documents and Settings\greenie\Application Data\ImgBurn
          2008-04-17 19:55:24 0 d-------- H:\Program Files\Common Files\Logishrd
          2008-04-16 22:43:38 0 d-------- H:\Documents and Settings\greenie\Application Data\Lavasoft
          2008-04-16 22:42:33 0 d-------- H:\Program Files\Common Files\Wise Installation Wizard
          2008-04-13 22:49:51 0 d-------- H:\Program Files\Winamp
          2008-04-13 22:48:23 0 d-------- H:\Program Files\DivX
          2008-04-13 21:28:04 0 d-------- H:\Documents and Settings\greenie\Application Data\Vso
          2008-04-13 19:52:38 0 d-------- H:\Program Files\Common Files
          2008-04-13 18:43:26 0 d-------- H:\Program Files\Guitar Pro 5
          2008-04-13 18:43:18 0 d-------- H:\Program Files\TuneUp Utilities 2008
          2008-04-11 20:00:53 0 d-------- H:\Program Files\World of Warcraft
          2008-04-10 12:41:57 0 d-------- H:\Program Files\LimeWire Plus
          2008-04-08 15:06:17 0 d-------- H:\Documents and Settings\greenie\Application Data\LimeWirePlus
          2008-04-08 14:46:57 0 d-------- H:\Program Files\iTunes
          2008-04-08 14:45:34 0 d-------- H:\Program Files\QuickTime
          2008-04-03 19:10:48 0 d-------- H:\Program Files\MSN Messenger
          2008-04-03 19:10:48 0 d-------- H:\Program Files\Messenger Plus! Live
          2008-03-30 21:32:21 0 d-------- H:\Program Files\Total Video Converter
          2008-03-21 22:30:08 3596288 --a------ H:\WINDOWS\system32\qt-dx331.dll
          2008-03-21 22:28:54 196608 --a------ H:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
          2008-03-21 22:28:54 81920 --a------ H:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
          2008-03-21 22:28:20 12288 --a------ H:\WINDOWS\system32\DivXWMPExtType.dll
          2008-03-21 21:59:48 0 d-------- H:\Program Files\DAEMON Tools Lite
          2008-03-21 21:46:58 0 d-------- H:\Documents and Settings\greenie\Application Data\DAEMON Tools Pro
          2008-03-21 21:00:27 0 d-------- H:\Program Files\BestGameEver
          2008-03-20 10:10:47 1845376 --a------ H:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
          2008-03-12 18:10:35 0 d-------- H:\Program Files\NVIDIA Corporation
          2008-03-12 18:05:34 0 d--h----- H:\Program Files\InstallShield Installation Information
          2008-03-12 18:04:09 0 d-------- H:\Program Files\Realtek
          2008-03-12 18:04:07 315392 --a------ H:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
          2008-03-12 17:54:15 0 d-------- H:\Program Files\Driver Magician
          2008-03-09 22:40:43 0 d-------- H:\Program Files\Eidos
          2008-03-05 12:57:19 0 d-------- H:\Documents and Settings\greenie\Application Data\Adobe
          2008-03-02 15:15:08 0 d-------- H:\Program Files\Monkey's Audio
          2008-03-02 15:13:19 0 d-------- H:\Program Files\FLAC
          2008-03-01 20:49:45 0 d-------- H:\Documents and Settings\greenie\Application Data\Macromedia
          2008-02-26 21:26:05 0 d-------- H:\Program Files\PCFriendly
          2008-02-26 21:23:06 0 d-------- H:\Program Files\Windows Live
          2008-02-20 08:51:59 282624 --a------ H:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
          2008-02-20 07:39:05 45568 --a------ H:\WINDOWS\system32\dnsrslvr.dll <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
          2008-02-19 16:34:46 16858112 --a------ H:\WINDOWS\RTHDCPL.exe <Not Verified; Realtek Semiconductor Corp.; Realtek HD Audio Sound Effect Manager>


          -- Registry Dump ---------------------------------------------------------------

          *Note* empty entries & legit default entries are not shown


          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "GrooveMonitor"="H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24-08-2007 08:00]
          "CloneCDTray"="H:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [28-09-2006 21:21]
          "NvCplDaemon"="RUNDLL32.exe" [10-04-2006 14:00 H:\WINDOWS\system32\rundll32.exe]
          "iTunesHelper"="H:\Program Files\iTunes\iTunesHelper.exe" [30-03-2008 10:36]
          "CameraFixer"="C:\WINDOWS\CameraFixer.exe" [03-10-2005 11:23]
          "tsnpstd3"="H:\WINDOWS\tsnpstd3.exe" [27-10-2005 13:06]
          "snpstd3"="H:\WINDOWS\vsnpstd3.exe" [05-09-2005 15:55]
          "nwiz"="nwiz.exe" [05-12-2007 02:41 H:\WINDOWS\system32\nwiz.exe]
          "BluetoothAuthenticationAgent"="//~bthprops.cpl"
          "Name of App"="H:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [04-01-2008 18:33]
          "QuickTime Task"="//~h:\program files\quicktime\qttask.exe"
          "RTHDCPL"="RTHDCPL.EXE" [19-02-2008 16:34 H:\WINDOWS\RTHDCPL.exe]
          "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [29-11-2007 03:17 H:\WINDOWS\KHALMNPR.Exe]
          "NvMediaCenter"="RUNDLL32.exe" [10-04-2006 14:00 H:\WINDOWS\system32\rundll32.exe]
          "egui"="H:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [30-01-2008 13:37]
          "COMODO Firewall Pro"="H:\Program Files\COMODO\Firewall\cfp.exe" [19-04-2008 11:50]
          "BMdff7f22d"="H:\WINDOWS\system32\fjwxauek.dll" [16-04-2008 21:13]

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "POP Peeper"="H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [15-05-2007 17:12]
          "LightScribe Control Panel"="H:\Program Files\POP Peeper\POPPeeper.exe" [12-03-2008 01:09]
          "ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [10-04-2006 14:00]
          "AGEIA PhysX SysTray"="H:\Program Files\AGEIA Technologies\bin\TrayIcon.exe" [23-07-2007 10:05]
          "NVIDIA nTune"="H:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [04-09-2007 20:25]
          "DAEMON Tools Lite"="H:\Program Files\DAEMON Tools Lite\daemon.exe" [21-03-2008 10:30]
          "PeerGuardian"="H:\Program Files\PeerGuardian2\pg2.exe" [18-09-2005 18:40]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
          "InstallVisualStyle"=H:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
          "InstallTheme"=H:\WINDOWS\Resources\Themes\Royale.theme

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
          "NoLowDiskSpaceChecks"=0 (0x0)
          "NoRecentDocsHistory"=1 (0x1)
          "NoInstrumentation"=1 (0x1)

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
          @="Service"

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
          "Adobe_ID0EYTHM"="H:\Program Files\QuickTime\QTTask.exe" -atboottime
          "SDTray"="H:\Program Files\Spyware Doctor\SDTrayApp.exe"

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
          bthsvcs BthServ

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
          UxTuneUp


          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25f192fe-1aa9-11dc-9c44-000d0bee04c0}]
          AutoRun\command- E:\setup.exe

          *Newly Created Service* - PGFILTER

          [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
          "H:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



          -- End of Deckard's System Scanner: finished at 2008-04-26 22:01:44 ------------

          ik hoop dat jullie me kunnen helpen

          sorry voor t spammen ik hou jullie op de hoogte wat ik doe.

          Comment


          • #6
            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            RD /S /Q H:\VeiligheidsAgent
            RD /S /Q "H:\Documents and Settings\greenie\Application Data\VeiligheidsAgent"
            RD /S /Q "H:\Documents and Settings\All Users.WINDOWS\Application Data\SalesMon"
            RD /S /Q "H:\Program Files\VeiligheidsAgent"
            RD /S /Q "H:\Program Files\Common Files\VeiligheidsAgent"
            RD /S /Q H:\WINDOWS\system32\Cache
            ECHO Deleting files>>log.txt
            FOR %%g in (
            H:\WINDOWS\system32\ltxsxmwm.dll
            H:\WINDOWS\system32\mkraebvo.dll
            H:\WINDOWS\system32\fjwxauek.dll
            H:\WINDOWS\system32\bsxqxvtx.dll
            H:\WINDOWS\system32\hqusvycg.dll
            H:\VeiligheidsAgent
            "H:\Documents and Settings\greenie\Application Data\VeiligheidsAgent"
            "H:\Documents and Settings\All Users.WINDOWS\Application Data\SalesMon"
            "H:\Program Files\VeiligheidsAgent"
            "H:\Program Files\Common Files\VeiligheidsAgent"
            H:\WINDOWS\system32\Cache) DO (
            del /q %%gNUCIA
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            REN %%g *NUCIA
            IF EXIST %%gNUCIA (
            ECHO renamed to %%gNUCIA>>log.txt)
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.

            Dubbelklik op del.bat en post het logje van del.bat

            Comment


            • #7
              het logje.

              Deleting files
              H:\WINDOWS\system32\ltxsxmwm.dll deleted
              H:\WINDOWS\system32\mkraebvo.dll deleted
              renamed to H:\WINDOWS\system32\fjwxauek.dllNUCIA
              H:\WINDOWS\system32\fjwxauek.dll deleted
              H:\WINDOWS\system32\bsxqxvtx.dll deleted
              H:\WINDOWS\system32\hqusvycg.dll deleted
              H:\VeiligheidsAgent not found
              "H:\Documents and Settings\greenie\Application Data\VeiligheidsAgent" not found
              "H:\Documents and Settings\All Users.WINDOWS\Application Data\SalesMon" not found
              "H:\Program Files\VeiligheidsAgent" not found
              "H:\Program Files\Common Files\VeiligheidsAgent" not found
              H:\WINDOWS\system32\Cache not found

              Comment


              • #8
                ik herstarte mn pc en ik kom weer op mijn gmail! of op fok.nl ook en het leukste ik kan weer zoeken alleen zegt hij bij het opstarten dat hij fjwxauek.dll niet kan openen...

                het belangrijkste is dat mijn internet weer normaal doet hartstikke bedankt!

                Comment


                • #9
                  Vink alleen de volgende regel aan met Hijackthis:
                  O4 - HKLM\..\Run: [BMdff7f22d] Rundll32.exe "H:\WINDOWS\system32\fjwxauek.dll",s
                  Klik nu op de knop "Fix checked" om deze regel te verwijderen.

                  Download dit bestand: zoek.exe
                  Dubbelklik het, na een tijdje opent er een logje.
                  Post de inhoud van dit logje in je volgende bericht

                  Comment


                  • #10
                    ok here u go!

                    ======H:\WINDOWS====
                    ----a-w 0 2008-04-27 17:36:54 H:\WINDOWS\0.log
                    ----a-w 1,880 2008-04-22 18:21:40 H:\WINDOWS\bitssetup.log
                    ----a-w 2,041 2008-04-27 16:40:50 H:\WINDOWS\BMdff7f22d.txt
                    ----a-w 0 2008-04-26 19:53:17 H:\WINDOWS\BMdff7f22d.xml
                    --s-a-w 2,048 2008-04-27 17:36:44 H:\WINDOWS\bootstat.dat
                    ----a-w 9,740 2008-04-26 17:04:24 H:\WINDOWS\comsetup.log
                    ----a-w 3,223 2008-04-26 17:04:24 H:\WINDOWS\ehOCGen.log
                    ----a-w 26,682 2008-04-26 17:04:24 H:\WINDOWS\FaxSetup.log
                    ----a-w 315,392 2008-03-12 16:04:07 H:\WINDOWS\HideWin.exe
                    ----a-w 117,043 2008-04-26 17:04:24 H:\WINDOWS\iis6.log
                    ----a-w 34,305 2008-04-25 18:34:12 H:\WINDOWS\imsins.BAK
                    ----a-w 1,374 2008-04-26 17:04:24 H:\WINDOWS\imsins.log
                    ----a-w 737,280 2008-04-17 19:18:17 H:\WINDOWS\iun6002.exe
                    ----a-w 37,443 2008-04-22 18:29:20 H:\WINDOWS\KB892130.log
                    ----a-w 153,100 2008-04-27 18:01:12 H:\WINDOWS\KB939373.log
                    ----a-w 2,718 2008-04-26 17:04:24 H:\WINDOWS\MedCtrOC.log
                    ----a-w 3,726 2008-03-16 19:45:06 H:\WINDOWS\ModemLog_LGE Mobile USB Modem #2.txt
                    ----a-w 4,094 2008-03-16 19:43:49 H:\WINDOWS\ModemLog_LGE Mobile USB Modem.txt
                    ----a-w 1,929 2008-04-26 17:04:24 H:\WINDOWS\msgsocm.log
                    ----a-w 20,270 2008-04-26 17:04:22 H:\WINDOWS\msmqinst.log
                    ----a-w 116 2008-04-22 09:29:32 H:\WINDOWS\NeroDigital.ini
                    ----a-w 5,112 2008-04-26 17:04:24 H:\WINDOWS\netfxocm.log
                    ----a-w 406,158 2008-04-26 19:46:47 H:\WINDOWS\ntbtlog.txt
                    ----a-w 7,719 2008-04-26 17:04:24 H:\WINDOWS\ntdtcsetup.log
                    ----a-w 28,526 2008-04-26 17:04:24 H:\WINDOWS\ocgen.log
                    ----a-w 2,016 2008-04-26 17:04:24 H:\WINDOWS\ocmsn.log
                    ----a-w 7,832 2008-04-26 17:04:24 H:\WINDOWS\plusoc.log
                    ----a-w 22 2008-04-27 16:30:50 H:\WINDOWS\pskt.ini
                    ----a-w 109,080 2008-04-17 17:49:33 H:\WINDOWS\pxinstall_log.txt
                    ---ha-w 54,156 2008-04-27 17:36:54 H:\WINDOWS\QTFont.qfn
                    ----a-w 32,602 2008-04-26 19:45:25 H:\WINDOWS\SchedLgU.Txt
                    ----a-w 156 2008-04-25 18:33:57 H:\WINDOWS\setupact.log
                    ----a-w 942,969 2008-04-25 18:34:12 H:\WINDOWS\setupapi.log
                    ----a-w 112 2008-04-25 18:33:57 H:\WINDOWS\setuperr.log
                    ----a-w 933 2008-04-26 17:04:24 H:\WINDOWS\tabletoc.log
                    ----a-w 18,115 2008-04-26 17:04:24 H:\WINDOWS\tsoc.log
                    ----a-w 349 2008-04-27 18:26:35 H:\WINDOWS\wiadebug.log
                    ----a-w 0 2008-04-27 17:36:52 H:\WINDOWS\wiaservc.log
                    ----a-w 1,119 2008-04-18 17:46:12 H:\WINDOWS\win.ini
                    ----a-w 1,860,523 2008-04-27 18:00:51 H:\WINDOWS\WindowsUpdate.log

                    Entries: 40 (38)
                    Directories: 0 Files: 40
                    Bytes: 4,951,903 Blocks: 9,690
                    ======H:\WINDOWS\system32=====
                    ----a-w 16,832 2008-04-22 18:21:36 H:\WINDOWS\System32\amcompat.tlb
                    --sha-w 161,953 2008-04-17 20:44:28 H:\WINDOWS\System32\bJQqAcdd.ini
                    --sh--w 354 2008-04-13 18:38:10 H:\WINDOWS\System32\cwdkquly.ini
                    ----a-w 682,496 2008-03-31 21:25:46 H:\WINDOWS\System32\DivX.dll
                    ----a-w 161,096 2008-03-31 21:25:52 H:\WINDOWS\System32\DivXCodecVersionChecker.exe
                    ----a-w 630,784 2008-03-24 19:45:56 H:\WINDOWS\System32\divxdec.ax
                    ----a-w 352,401 2008-03-21 20:28:42 H:\WINDOWS\System32\DivXMedia.ax
                    ----a-w 524,288 2008-03-21 20:30:12 H:\WINDOWS\System32\DivXsm.exe
                    ----a-w 4,816 2008-03-21 20:30:12 H:\WINDOWS\System32\divxsm.tlb
                    ----a-w 12,288 2008-03-21 20:28:20 H:\WINDOWS\System32\DivXWMPExtType.dll
                    ----a-w 823,296 2008-03-31 21:25:48 H:\WINDOWS\System32\divx_xx07.dll
                    ----a-w 831,488 2008-03-31 21:25:46 H:\WINDOWS\System32\divx_xx0a.dll
                    ----a-w 823,296 2008-03-31 21:25:48 H:\WINDOWS\System32\divx_xx0c.dll
                    ----a-w 802,816 2008-03-31 21:25:46 H:\WINDOWS\System32\divx_xx11.dll
                    ----a-w 81,920 2008-03-21 20:28:54 H:\WINDOWS\System32\dpl100.dll
                    ----a-w 416 2008-03-21 20:28:54 H:\WINDOWS\System32\dpl100.dll.manifest
                    ----a-w 294,912 2008-03-21 20:28:50 H:\WINDOWS\System32\dpu10.dll
                    ----a-w 294,912 2008-03-21 20:28:50 H:\WINDOWS\System32\dpu11.dll
                    ----a-w 53,248 2008-03-21 20:28:52 H:\WINDOWS\System32\dpuGUI10.dll
                    ----a-w 593,920 2008-03-21 20:28:50 H:\WINDOWS\System32\dpuGUI11.dll
                    ----a-w 344,064 2008-03-21 20:28:50 H:\WINDOWS\System32\dpus11.dll
                    ----a-w 57,344 2008-03-21 20:28:50 H:\WINDOWS\System32\dpv11.dll
                    ----a-w 196,608 2008-03-21 20:28:54 H:\WINDOWS\System32\dtu100.dll
                    ----a-w 416 2008-03-21 20:28:54 H:\WINDOWS\System32\dtu100.dll.manifest
                    ----a-w 95,808 2008-04-16 19:13:04 H:\WINDOWS\System32\fjwxauek.dllNUCIA
                    ----a-w 1,565,232 2008-04-13 19:04:51 H:\WINDOWS\System32\FNTCACHE.DAT
                    --sh--w 474 2008-04-15 17:08:53 H:\WINDOWS\System32\gdgwvqqj.ini
                    ----a-w 139,008 2008-04-19 15:11:28 H:\WINDOWS\System32\guard32.dll
                    --sha-w 185,401 2008-04-13 18:18:34 H:\WINDOWS\System32\IlnVCJlm.ini
                    ----a-w 83 2008-04-13 19:03:28 H:\WINDOWS\System32\imon1.dat
                    ------w 1,480,232 2008-03-20 16:06:36 H:\WINDOWS\System32\LegitCheckControl.dll
                    ----a-w 1,044,480 2008-03-21 20:30:00 H:\WINDOWS\System32\libdivx.dll
                    ----a-w 19,836,024 2008-04-06 05:56:20 H:\WINDOWS\System32\MRT.exe
                    --sh--w 1,524,836 2008-04-16 19:40:04 H:\WINDOWS\System32\mwmxsxtl.ini
                    ----a-w 109 2008-03-12 16:10:24 H:\WINDOWS\System32\nmp.log
                    --sh--w 294 2008-04-17 19:16:19 H:\WINDOWS\System32\nqevipmf.ini
                    ----a-w 23,392 2008-04-22 18:21:36 H:\WINDOWS\System32\nscompat.tlb
                    ----a-w 163,490 2008-03-12 17:44:07 H:\WINDOWS\System32\nvapps.xml
                    ----a-w 78,788 2008-04-25 18:34:04 H:\WINDOWS\System32\perfc009.dat
                    ----a-w 98,688 2008-04-25 18:34:04 H:\WINDOWS\System32\perfc013.dat
                    ----a-w 477,846 2008-04-25 18:34:04 H:\WINDOWS\System32\perfh009.dat
                    ----a-w 547,712 2008-04-25 18:34:04 H:\WINDOWS\System32\perfh013.dat
                    ----a-w 1,216,582 2008-04-25 18:34:04 H:\WINDOWS\System32\PerfStringBackup.INI
                    --sh--w 354 2008-04-13 19:35:34 H:\WINDOWS\System32\pkwertjr.ini
                    ----a-w 3,596,288 2008-03-21 20:30:08 H:\WINDOWS\System32\qt-dx331.dll
                    ----a-w 57,344 2008-03-28 21:37:26 H:\WINDOWS\System32\QuickTime.qts
                    ----a-w 90,112 2008-03-28 21:37:26 H:\WINDOWS\System32\QuickTimeVR.qtx
                    --sh--w 654 2008-04-16 19:15:01 H:\WINDOWS\System32\rpnlktty.ini
                    ----a-w 803,317 2008-04-25 11:36:48 H:\WINDOWS\System32\RVAXO.bat
                    ----a-w 200,704 2008-03-21 20:30:00 H:\WINDOWS\System32\ssldivx.dll
                    ----a-w 0 2008-04-25 17:33:22 H:\WINDOWS\System32\w32apiw.dll
                    ----a-w 1,845,376 2008-03-20 08:10:47 H:\WINDOWS\System32\win32k.sys
                    ----a-w 13,700 2008-04-27 17:37:03 H:\WINDOWS\System32\wpa.dbl

                    Entries: 53 (45)
                    Directories: 0 Files: 53
                    Bytes: 42,832,292 Blocks: 83,673
                    ======H:\WINDOWS\system32\drivers=====
                    ----a-w 512,096 2008-04-17 19:01:06 H:\WINDOWS\System32\drivers\amon.sys
                    ----a-w 87,312 2008-04-19 15:11:32 H:\WINDOWS\System32\drivers\cmdguard.sys
                    ----a-w 23,824 2008-04-19 15:11:34 H:\WINDOWS\System32\drivers\cmdhlp.sys
                    ----a-w 79,760 2008-04-19 15:11:36 H:\WINDOWS\System32\drivers\inspect.sys
                    ---ha-w 0 2008-03-12 16:06:51 H:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
                    ---ha-w 0 2008-03-12 16:07:02 H:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
                    ---ha-w 0 2008-03-12 16:06:53 H:\WINDOWS\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
                    ----a-w 15,424 2008-04-17 19:01:05 H:\WINDOWS\System32\drivers\nod32drv.sys
                    ----a-w 717,296 2008-03-21 19:55:15 H:\WINDOWS\System32\drivers\sptd.sys

                    Entries: 9 (6)
                    Directories: 0 Files: 9
                    Bytes: 1,435,712 Blocks: 2,807
                    =======H:\Program Files=====
                    Entries: 0 (0)
                    Directories: 0 Files: 0
                    Bytes: 0 Blocks: 0
                    =======H:=====
                    ----a-w 677 2008-04-26 19:49:29 H:\firstrun5.log
                    ----a-w 164 2008-04-18 17:44:53 H:\install.dat
                    ----a-w 892,614 2008-04-11 18:13:48 H:\ncleaner_setup.exe
                    ----a-w 864,095 2008-04-14 17:49:46 H:\ncleaner_setup.rar
                    --sha-w 1,610,612,736 2008-04-27 17:36:40 H:\pagefile.sys
                    ----a-w 900,152 2008-04-13 18:06:10 H:\PREVXCSIFREE.EXE

                    Entries: 6 (5)
                    Directories: 0 Files: 6
                    Bytes: 1,613,270,438 Blocks: 3,150,922
                    ======H:\Documents and Settings\greenie\Application Data======
                    ----a-w 454 2008-04-27 17:40:01 H:\Documents and Settings\greenie\Application Data\SamsungLiveUpdateConfig.ini

                    Entries: 1 (1)
                    Directories: 0 Files: 1
                    Bytes: 454 Blocks: 1
                    ======H:\Temp======
                    Entries: 0 (0)
                    Directories: 0 Files: 0
                    Bytes: 0 Blocks: 0
                    ======H:\Documents and Settings\greenie======
                    ----a-w 8,650,752 2008-04-27 17:35:04 H:\Documents and Settings\greenie\ntuser.dat
                    ---ha-w 20,480 2008-04-27 18:32:55 H:\Documents and Settings\greenie\ntuser.dat.LOG
                    --sh--w 188 2008-04-27 17:35:04 H:\Documents and Settings\greenie\ntuser.ini

                    Entries: 3 (1)
                    Directories: 0 Files: 3
                    Bytes: 8,671,420 Blocks: 16,937
                    ======H:\WINDOWS\Downloaded Program Files====
                    Entries: 0 (0)
                    Directories: 0 Files: 0
                    Bytes: 0 Blocks: 0
                    =============

                    Comment


                    • #11
                      Open een kladblokbestand.
                      Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                      @ECHO OFF
                      IF EXIST log.txt DEL log.txt
                      RD /S /Q "H:\Documents and Settings\greenie\Application Data\nCleaner"
                      RD /S /Q "H:\Program Files\NKProds"
                      ECHO Deleting files>>log.txt
                      FOR %%g in (
                      H:\WINDOWS\BMdff7f22d.txt
                      H:\WINDOWS\BMdff7f22d.xml
                      H:\WINDOWS\pskt.ini
                      H:\WINDOWS\System32\w32apiw.dll
                      H:\WINDOWS\System32\bJQqAcdd.ini
                      H:\WINDOWS\System32\cwdkquly.ini
                      H:\WINDOWS\System32\fjwxauek.dllNUCIA
                      H:\WINDOWS\System32\gdgwvqqj.ini
                      H:\WINDOWS\System32\IlnVCJlm.ini
                      H:\WINDOWS\System32\mwmxsxtl.ini
                      H:\WINDOWS\System32\nqevipmf.ini
                      H:\WINDOWS\System32\pkwertjr.ini
                      H:\WINDOWS\System32\rpnlktty.ini
                      "H:\Documents and Settings\greenie\Application Data\nCleaner"
                      "H:\Program Files\NKProds"
                      H:\ncleaner_setup.exe) DO (
                      del /q %%gNUCIA
                      IF EXIST %%g (
                      ATTRIB -r -s -h %%g
                      DEL %%g
                      REN %%g *NUCIA
                      IF EXIST %%gNUCIA (
                      ECHO renamed to %%gNUCIA>>log.txt)
                      IF EXIST %%g (
                      ECHO %%g not deleted>>log.txt
                      ) ELSE (
                      ECHO %%g deleted>>log.txt)
                      ) ELSE (
                      ECHO %%g not found>>log.txt))
                      START NOTEPAD.EXE log.txt

                      Ga naar Bestand - Opslaan als.
                      Bij "Opslaan in" kies je: Bureaublad
                      Bij "Bestandsnaam" zet je: del.bat
                      Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                      Klik op de knop Opslaan.

                      Dubbelklik op del.bat en post het logje van del.bat

                      Comment


                      • #12
                        ik ben nu op mijn werk.
                        zo gauw ik thuis ben ga ik het doen en zet ik het logje neer

                        Comment


                        • #13
                          We zien hem hier wel verschijnen

                          Comment


                          • #14
                            zo ik heb het weer gedaan

                            Deleting files
                            H:\WINDOWS\BMdff7f22d.txt deleted
                            H:\WINDOWS\BMdff7f22d.xml deleted
                            H:\WINDOWS\pskt.ini deleted
                            H:\WINDOWS\System32\w32apiw.dll deleted
                            H:\WINDOWS\System32\bJQqAcdd.ini deleted
                            H:\WINDOWS\System32\cwdkquly.ini deleted
                            H:\WINDOWS\System32\fjwxauek.dllNUCIA deleted
                            H:\WINDOWS\System32\gdgwvqqj.ini deleted
                            H:\WINDOWS\System32\IlnVCJlm.ini deleted
                            H:\WINDOWS\System32\mwmxsxtl.ini deleted
                            H:\WINDOWS\System32\nqevipmf.ini deleted
                            H:\WINDOWS\System32\pkwertjr.ini deleted
                            H:\WINDOWS\System32\rpnlktty.ini deleted
                            "H:\Documents and Settings\greenie\Application Data\nCleaner" not found
                            "H:\Program Files\NKProds" not found
                            H:\ncleaner_setup.exe deleted

                            Comment


                            • #15
                              Doe dit nog:

                              Je Java software is verouderd.
                              Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                              Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                              • Download Java Runtime Environment (JRE) 6u6 en bewaar het naar je Bureaublad.
                              • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                              • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                              • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                              • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                              • Herhaal dit tot alle oudere versies verdwenen zijn.
                              • Na het verwijderen van alle oudere versies, herstart je pc.
                              • Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                              Download ATF cleaner (mirror)(gemaakt door Atribune)

                              Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                              Dubbelklik op ATF cleaner om het programma te starten.
                              Op het tabblad "Main", plaats je een vinkje bij Select All.
                              Klik op de knop Empty Selected.

                              Het volgende doen als je ook FireFox als browser hebt:
                              Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                              Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                              (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                              Klik op de knop Empty Selected.

                              Het volgende doen als je ook Opera als browser hebt:
                              Klik op tabblad "Opera", plaats een vinkje bij Select All.
                              Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                              Klik op de knop Empty Selected.
                              Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                              Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                              Kijk hier hoe je je systeemherstel moet uitschakelen.
                              Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                              Post nog een logje ter controle en vertel of je nog problemen ondervindt

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X