Mededeling

**smeenk** · 26-04-08, 20:21

Start Hijackthis en vink alleen de volgende regels aan:
O2 - BHO: (no name) - {01A33D85-4706-452A-B71A-99510ADA8C0C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {EDB7D913-2BC8-4BC1-A0B8-97B5A31D1A60} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BMdff7f22d] Rundll32.exe "H:\WINDOWS\system32\fjwxauek.dll",s
O4 - HKCU\..\Run: [Fraps] //~h:\windows\system32\ctfmon.exe
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O20 - Winlogon Notify: fccdbCtU - H:\WINDOWS\
Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Start de computer in veilige modus.
Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Download Deckard's System Scanner naar je Bureaublad.

Sluit alle toepassingen en vensters.
Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

**kbdude** · 26-04-08, 21:39

ik ga het meteen proberen ik laat het meteen weten als het is gelukt

**kbdude** · 26-04-08, 21:55

ok deit is de log van rvaxo.exe

---RVAXO.exe Updated: 2008-04-25---first run---
Uninstallers:

Files found:
H:\WINDOWS\BMdff7f22d.xml
H:\WINDOWS\BMdff7f22d.txt
H:\WINDOWS\system32\bJQqAcdd.ini2
H:\WINDOWS\system32\IlnVCJlm.ini2
H:\WINDOWS\system32\lTvELnnn.ini2
H:\WINDOWS\pskt.ini
H:\WINDOWS\wininit.ini
H:\WINDOWS\system32\clkcnt.txt

Folders Found:
H:\Documents and Settings\All Users.WINDOWS\Application Data\SalesMon
H:\Program Files\VeiligheidsAgent
H:\Program Files\Common Files\VeiligheidsAgent
H:\Documents and Settings\greenie\Application Data\VeiligheidsAgent

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:
H:\WINDOWS\pskt.ini
H:\Program Files\VeiligheidsAgent
H:\Program Files\Common Files\VeiligheidsAgent
H:\Documents and Settings\greenie\Application Data\VeiligheidsAgent

--------------RVAXO.exe finished----------------

ik ga nu deckards doen

**kbdude** · 26-04-08, 22:04

dit is de log van DSS

Deckard's System Scanner v20071014.68
Run by greenie on 2008-04-26 21:56:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
91: 2008-04-26 19:56:51 UTC - RP91 - Deckard's System Scanner Restore Point
90: 2008-04-26 17:36:29 UTC - RP90 - Software Distribution Service 3.0
89: 2008-04-26 17:32:50 UTC - RP89 - Software Distribution Service 3.0
88: 2008-04-26 17:31:58 UTC - RP88 - Software Distribution Service 3.0
87: 2008-04-26 17:27:23 UTC - RP87 - Software Distribution Service 3.0

-- First Restore Point --
1: 2008-04-10 10:45:14 UTC - RP1 - Controlepunt van systeem

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as greenie.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:43, on 26-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\COMODO\Firewall\cmdagent.exe
H:\WINDOWS\eHome\ehRecvr.exe
H:\WINDOWS\eHome\ehSched.exe
H:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\System32\snmp.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\dllhost.exe
H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
H:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\CameraFixer.exe
H:\WINDOWS\tsnpstd3.exe
H:\WINDOWS\vsnpstd3.exe
H:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
H:\WINDOWS\RTHDCPL.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
H:\WINDOWS\system32\Rundll32.exe
H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
H:\Program Files\POP Peeper\POPPeeper.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
H:\Program Files\DAEMON Tools Lite\daemon.exe
H:\Program Files\PeerGuardian2\pg2.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Documents and Settings\greenie\Bureaublad\dss.exe
H:\PROGRA~1\TRENDM~1\HIJACK~1\greenie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CloneCDTray] "H:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] H:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] H:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] //~rundll32.exe bthprops.cpl,,bluetoothauthenticationagent
O4 - HKLM\..\Run: [Name of App] "H:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" r
O4 - HKLM\..\Run: [QuickTime Task] //~h:\program files\quicktime\qttask.exe -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "H:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [COMODO Firewall Pro] "H:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [BMdff7f22d] Rundll32.exe "H:\WINDOWS\system32\fjwxauek.dll",s
O4 - HKCU\..\Run: [POP Peeper] "H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
O4 - HKCU\..\Run: [LightScribe Control Panel] "H:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AGEIA PhysX SysTray] "H:\Program Files\AGEIA Technologies\bin\TrayIcon.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "H:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [PeerGuardian] "H:\Program Files\PeerGuardian2\pg2.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - H:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - H:\WINDOWS\ATKKBService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - H:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - H:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - H:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IIS-beheer (IISADMIN) - Unknown owner - H:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - H:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SMTP (Simple Mail Transfer Protocol) (SMTPSVC) - Unknown owner - H:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - H:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10076 bytes

-- HijackThis Fixed Entries (H:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080426-214450-101 O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
backup-20080426-214450-281 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20080426-214450-292 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
backup-20080426-214450-467 O2 - BHO: (no name) - {EDB7D913-2BC8-4BC1-A0B8-97B5A31D1A60} - (no file)
backup-20080426-214450-635 O4 - HKLM\..\Run: [BMdff7f22d] Rundll32.exe "H:\WINDOWS\system32\fjwxauek.dll",s
backup-20080426-214450-844 O2 - BHO: (no name) - {01A33D85-4706-452A-B71A-99510ADA8C0C} - (no file)
backup-20080426-214450-902 O4 - HKCU\..\Run: [Fraps] //~h:\windows\system32\ctfmon.exe
backup-20080426-214450-924 O20 - Winlogon Notify: fccdbCtU - H:\WINDOWS\

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "H:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 JGOGO (JMicron Hot-Plug Driver) - h:\windows\system32\drivers\jgogo.sys <Not Verified; JMicron; SCSI Port upper filter driver>
R0 JRAID - h:\windows\system32\drivers\jraid.sys <Not Verified; JMicron Technology Corp.; JMicron JMB36X RAID Driver>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - h:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - h:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - h:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 EIO - h:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R1 FileDisk - h:\windows\system32\drivers\filedisk.sys <Not Verified; Bo Brantén; filedisk>
R1 SCDEmu - h:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 MTsensor (ATK0110 ACPI UTILITY) - h:\windows\system32\drivers\asacpi.sys <Not Verified; ; ATK0110 ACPI Utility>
R3 NVR0Dev - h:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 pcouffin (VSO Software pcouffin) - h:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pgfilter - h:\program files\peerguardian2\pgfilter.sys
R3 SNPSTD3 (USB PC Camera (SNPSTD3)) - h:\windows\system32\drivers\snpstd3.sys <Not Verified; ; PC Camera driver>

S1 asusgsb (ASUS Virtual Video Capture Device Driver) - h:\windows\system32\drivers\asusgsb32.sys (file missing)
S1 asuskbnt (Enhanced Display Driver Helper Service) - h:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
S3 61883 (61883-eenheidsapparaat) - h:\windows\system32\drivers\61883.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - h:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - h:\windows\system32\drivers\awrtpd.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - h:\windows\system32\drivers\awrtrd.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
S3 Avc (AVC-apparaat) - h:\windows\system32\drivers\avc.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Bridge (MAC-brug) - h:\windows\system32\drivers\bridge.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 BridgeMP (MAC-brugminipoort) - h:\windows\system32\drivers\bridge.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 BthEnum (Stuurprogramma voor Bluetooth-aanvraagblok) - h:\windows\system32\drivers\bthenum.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 BthPan (Bluetooth-apparaat (PAN - Personal Area Network)) - h:\windows\system32\drivers\bthpan.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 BTHPORT (Poortstuurprogramma voor Bluetooth) - h:\windows\system32\drivers\bthport.sys <Not Verified; Microsoft Corporation; Microsoft® Windows®-besturingssysteem>
S3 BTHUSB (USB-stuurprogramma voor Bluetooth-radio's) - h:\windows\system32\drivers\bthusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 MSDV (Microsoft DV Camera and VCR) - h:\windows\system32\drivers\msdv.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - h:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 usbbus (LGE Mobile Composite USB Device) - h:\windows\system32\drivers\lgusbbus.sys <Not Verified; LG Electronics Inc.; LG CDMA USB Multi function Driver>
S3 UsbDiag (LGE Mobile USB Serial Port) - h:\windows\system32\drivers\lgusbdiag.sys <Not Verified; LG Electronics Inc.; LG CDMA USB Diagnostics Driver>
S3 USBModem (LGE Mobile USB Modem) - h:\windows\system32\drivers\lgusbmodem.sys <Not Verified; LG Electronics Inc.; LG CDMA USB Modem Driver>
S3 Video3D (ASUS Video3D Service) - h:\windows\system32\drivers\video3d32.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Video3D driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "h:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "h:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 BthServ (Bluetooth Support Service) - h:\windows\system32\svchost.exe -k bthsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 Nero BackItUp Scheduler 3 - h:\program files\nero\nero8\nero backitup\nbservice.exe
R2 nTuneService (nTune Service) - h:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R2 SNMP (SNMP-service) - h:\windows\system32\snmp.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
R2 UxTuneUp (TuneUp Thema-uitbreiding) - h:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

S2 ATKKeyboardService (ATK Keyboard Service) - h:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
S2 IISADMIN (IIS-beheer) - h:\windows\system32\inetsrv\inetinfo.exe (file missing)
S2 SMTPSVC (SMTP (Simple Mail Transfer Protocol)) - h:\windows\system32\inetsrv\inetinfo.exe (file missing)
S3 FLEXnet Licensing Service - "h:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 LPDSVC (TCP/IP Print Server) - h:\windows\system32\tcpsvcs.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 MHN - h:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 NBService - h:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 WLSetupSvc (Windows Live Setup Service) - "h:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {5458011F-08D4-4605-93A2-F03E61BEDBA3}
Description: Enhanced Display Driver Helper Service
Device ID: ROOT\ASUSOTHERDEVICES\0000
Manufacturer: ASUSTeK
Name: Enhanced Display Driver Helper Service
PNP Device ID: ROOT\ASUSOTHERDEVICES\0000
Service: asuskbnt

Class GUID: {5458011F-08D4-4605-93A2-F03E61BEDBA3}
Description: Asus Video3D Device
Device ID: ROOT\ASUSOTHERDEVICES\0001
Manufacturer: ASUSTeK
Name: Asus Video3D Device
PNP Device ID: ROOT\ASUSOTHERDEVICES\0001
Service: Video3D

-- Scheduled Tasks -------------------------------------------------------------

2008-04-18 19:11:15 342 --a------ H:\WINDOWS\Tasks\Uniblue SpyEraser.job
2008-04-18 17:23:29 380 --a------ H:\WINDOWS\Tasks\1-Click Maintenance.job
2008-04-18 17:13:24 274 --a------ H:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-04-18 17:13:18 396 --a------ H:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
2007-09-11 22:13:52 284 --a------ H:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-03-26 and 2008-04-26 -----------------------------

2008-04-26 21:47:48 803317 --a------ H:\WINDOWS\system32\RVAXO.bat
2008-04-26 21:47:48 16384 --a------ H:\WINDOWS\system32\Restart.exe <Not Verified; WareSoft Software; restart>
2008-04-26 21:47:48 69632 --a------ H:\WINDOWS\system32\remove.exe
2008-04-26 19:06:38 0 d-------- H:\Program Files\Trend Micro
2008-04-25 20:33:57 0 d-------- H:\WINDOWS\system32\Cache
2008-04-25 20:33:27 8192 --a------ H:\WINDOWS\system32\staxmem.dll <Not Verified; Microsoft Corporation; Internet Information Services>
2008-04-25 20:24:19 0 d-------- H:\Inetpub
2008-04-22 20:24:03 0 dr-h----- H:\Documents and Settings\greenie\Onlangs geopend
2008-04-22 20:21:43 0 d-------- H:\WINDOWS\Prefetch
2008-04-22 20:21:26 0 d-------- H:\WINDOWS\system32\CatRoot2
2008-04-22 20:21:14 0 d-------- H:\WINDOWS\SoftwareDistribution
2008-04-22 20:21:14 0 d--h----- H:\Program Files\WindowsUpdate
2008-04-21 21:22:20 0 d-------- H:\Documents and Settings\greenie\Application Data\Mozilla
2008-04-21 19:22:47 0 d-------- H:\Documents and Settings\Administrator\Favorieten
2008-04-21 19:22:47 0 d--hs---- H:\Documents and Settings\Administrator\Cookies
2008-04-21 19:22:47 0 d-------- H:\Documents and Settings\Administrator\Bureaublad
2008-04-21 19:22:47 0 dr-h----- H:\Documents and Settings\Administrator\Application Data
2008-04-21 19:22:47 0 d---s---- H:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-21 19:22:46 0 d--h----- H:\Documents and Settings\Administrator\Sjablonen
2008-04-21 19:22:46 0 dr-h----- H:\Documents and Settings\Administrator\SendTo
2008-04-21 19:22:46 0 d--h----- H:\Documents and Settings\Administrator\Onlangs geopend
2008-04-21 19:22:46 524288 --ah----- H:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-21 19:22:46 0 d--h----- H:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-04-21 19:22:46 0 d--h----- H:\Documents and Settings\Administrator\NetHood
2008-04-21 19:22:46 0 d-------- H:\Documents and Settings\Administrator\Mijn documenten
2008-04-21 19:22:46 0 dr------- H:\Documents and Settings\Administrator\Menu Start
2008-04-21 19:22:46 0 d--h----- H:\Documents and Settings\Administrator\Local Settings
2008-04-18 20:25:35 0 d-------- H:\Documents and Settings\greenie\Application Data\Comodo
2008-04-18 20:25:34 0 d-------- H:\Documents and Settings\All Users.WINDOWS\Application Data\comodo
2008-04-18 20:25:21 0 d-------- H:\Program Files\COMODO
2008-04-18 19:07:31 0 d-------- H:\Documents and Settings\All Users.WINDOWS\Application Data\Uniblue
2008-04-18 17:15:50 0 d-------- H:\Documents and Settings\greenie\Application Data\Uniblue
2008-04-18 17:12:43 0 d-------- H:\Program Files\Uniblue
2008-04-17 21:18:59 737280 --a------ H:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-04-17 21:18:40 0 d-------- H:\Program Files\FireTune
2008-04-16 22:43:06 0 d-------- H:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-04-16 21:19:08 86592 --a------ H:\WINDOWS\system32\ltxsxmwm.dll
2008-04-16 21:16:03 94272 --a------ H:\WINDOWS\system32\mkraebvo.dll
2008-04-16 21:13:03 95808 --a------ H:\WINDOWS\system32\fjwxauek.dll
2008-04-15 21:20:45 91712 --a------ H:\WINDOWS\system32\bsxqxvtx.dll
2008-04-14 21:15:26 92224 --a------ H:\WINDOWS\system32\hqusvycg.dll
2008-04-13 21:46:12 0 d-------- H:\Program Files\Lavasoft
2008-04-13 21:24:36 0 --a------ H:\WINDOWS\system32\w32apiw.dll
2008-04-13 21:24:34 0 d-------- H:\Documents and Settings\greenie\Application Data\nCleaner
2008-04-13 21:24:26 0 d-------- H:\Program Files\NKProds
2008-04-13 21:24:05 892614 --a------ H:\ncleaner_setup.exe <Not Verified; NKProds; nCleaner second>
2008-04-13 20:22:36 0 d-------- H:\84f2c23995a68a21eaecab5077
2008-04-13 20:07:13 0 d-------- H:\Documents and Settings\All Users.WINDOWS\Application Data\PrevxCSI
2008-04-13 20:00:41 0 d--hs---- H:\VeiligheidsAgent
2008-04-13 20:00:28 0 d-------- H:\Documents and Settings\greenie\Application Data\VeiligheidsAgent
2008-04-13 19:52:49 0 dr------- H:\Documents and Settings\All Users.WINDOWS\Application Data\SalesMon
2008-04-13 19:52:38 0 d-------- H:\Program Files\VeiligheidsAgent
2008-04-13 19:52:38 0 d-------- H:\Program Files\Common Files\VeiligheidsAgent
2008-04-13 19:25:03 0 d-------- H:\Program Files\Panda Security
2008-04-10 12:45:20 8650752 --a------ H:\Documents and Settings\greenie\ntuser.dat
2008-04-08 21:14:32 0 d-------- H:\Program Files\LimeWire
2008-03-31 23:25:48 823296 --a------ H:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 23:25:48 823296 --a------ H:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 23:25:46 802816 --a------ H:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 23:25:46 831488 --a------ H:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 23:25:46 682496 --a------ H:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-28 20:02:06 0 d-------- H:\Documents and Settings\greenie\Logs
2008-03-27 20:27:28 5702 --ah----- H:\WINDOWS\nod32restoretemdono.reg
2008-03-27 20:25:10 0 d-------- H:\Program Files\real

-- Find3M Report ---------------------------------------------------------------

2008-04-26 22:01:18 0 d-------- H:\Program Files\PeerGuardian2
2008-04-26 21:56:19 454 --a------ H:\Documents and Settings\greenie\Application Data\SamsungLiveUpdateConfig.ini
2008-04-26 19:26:19 0 d-------- H:\Program Files\Hitman Pro
2008-04-25 20:34:04 547712 --a------ H:\WINDOWS\system32\perfh013.dat
2008-04-25 20:34:04 98688 --a------ H:\WINDOWS\system32\perfc013.dat
2008-04-23 12:20:50 0 d-------- H:\Documents and Settings\greenie\Application Data\uTorrent
2008-04-23 12:16:22 0 d-------- H:\Documents and Settings\greenie\Application Data\LimeWire
2008-04-18 19:44:53 164 --a------ H:\install.dat
2008-04-17 22:10:55 0 d-------- H:\Documents and Settings\greenie\Application Data\ImgBurn
2008-04-17 19:55:24 0 d-------- H:\Program Files\Common Files\Logishrd
2008-04-16 22:43:38 0 d-------- H:\Documents and Settings\greenie\Application Data\Lavasoft
2008-04-16 22:42:33 0 d-------- H:\Program Files\Common Files\Wise Installation Wizard
2008-04-13 22:49:51 0 d-------- H:\Program Files\Winamp
2008-04-13 22:48:23 0 d-------- H:\Program Files\DivX
2008-04-13 21:28:04 0 d-------- H:\Documents and Settings\greenie\Application Data\Vso
2008-04-13 19:52:38 0 d-------- H:\Program Files\Common Files
2008-04-13 18:43:26 0 d-------- H:\Program Files\Guitar Pro 5
2008-04-13 18:43:18 0 d-------- H:\Program Files\TuneUp Utilities 2008
2008-04-11 20:00:53 0 d-------- H:\Program Files\World of Warcraft
2008-04-10 12:41:57 0 d-------- H:\Program Files\LimeWire Plus
2008-04-08 15:06:17 0 d-------- H:\Documents and Settings\greenie\Application Data\LimeWirePlus
2008-04-08 14:46:57 0 d-------- H:\Program Files\iTunes
2008-04-08 14:45:34 0 d-------- H:\Program Files\QuickTime
2008-04-03 19:10:48 0 d-------- H:\Program Files\MSN Messenger
2008-04-03 19:10:48 0 d-------- H:\Program Files\Messenger Plus! Live
2008-03-30 21:32:21 0 d-------- H:\Program Files\Total Video Converter
2008-03-21 22:30:08 3596288 --a------ H:\WINDOWS\system32\qt-dx331.dll
2008-03-21 22:28:54 196608 --a------ H:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 22:28:54 81920 --a------ H:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 22:28:20 12288 --a------ H:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-21 21:59:48 0 d-------- H:\Program Files\DAEMON Tools Lite
2008-03-21 21:46:58 0 d-------- H:\Documents and Settings\greenie\Application Data\DAEMON Tools Pro
2008-03-21 21:00:27 0 d-------- H:\Program Files\BestGameEver
2008-03-20 10:10:47 1845376 --a------ H:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-03-12 18:10:35 0 d-------- H:\Program Files\NVIDIA Corporation
2008-03-12 18:05:34 0 d--h----- H:\Program Files\InstallShield Installation Information
2008-03-12 18:04:09 0 d-------- H:\Program Files\Realtek
2008-03-12 18:04:07 315392 --a------ H:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-03-12 17:54:15 0 d-------- H:\Program Files\Driver Magician
2008-03-09 22:40:43 0 d-------- H:\Program Files\Eidos
2008-03-05 12:57:19 0 d-------- H:\Documents and Settings\greenie\Application Data\Adobe
2008-03-02 15:15:08 0 d-------- H:\Program Files\Monkey's Audio
2008-03-02 15:13:19 0 d-------- H:\Program Files\FLAC
2008-03-01 20:49:45 0 d-------- H:\Documents and Settings\greenie\Application Data\Macromedia
2008-02-26 21:26:05 0 d-------- H:\Program Files\PCFriendly
2008-02-26 21:23:06 0 d-------- H:\Program Files\Windows Live
2008-02-20 08:51:59 282624 --a------ H:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-20 07:39:05 45568 --a------ H:\WINDOWS\system32\dnsrslvr.dll <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-02-19 16:34:46 16858112 --a------ H:\WINDOWS\RTHDCPL.exe <Not Verified; Realtek Semiconductor Corp.; Realtek HD Audio Sound Effect Manager>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24-08-2007 08:00]
"CloneCDTray"="H:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [28-09-2006 21:21]
"NvCplDaemon"="RUNDLL32.exe" [10-04-2006 14:00 H:\WINDOWS\system32\rundll32.exe]
"iTunesHelper"="H:\Program Files\iTunes\iTunesHelper.exe" [30-03-2008 10:36]
"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [03-10-2005 11:23]
"tsnpstd3"="H:\WINDOWS\tsnpstd3.exe" [27-10-2005 13:06]
"snpstd3"="H:\WINDOWS\vsnpstd3.exe" [05-09-2005 15:55]
"nwiz"="nwiz.exe" [05-12-2007 02:41 H:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="//~bthprops.cpl"

"Name of App"="H:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [04-01-2008 18:33]
"QuickTime Task"="//~h:\program files\quicktime\qttask.exe"

"RTHDCPL"="RTHDCPL.EXE" [19-02-2008 16:34 H:\WINDOWS\RTHDCPL.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [29-11-2007 03:17 H:\WINDOWS\KHALMNPR.Exe]
"NvMediaCenter"="RUNDLL32.exe" [10-04-2006 14:00 H:\WINDOWS\system32\rundll32.exe]
"egui"="H:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [30-01-2008 13:37]
"COMODO Firewall Pro"="H:\Program Files\COMODO\Firewall\cfp.exe" [19-04-2008 11:50]
"BMdff7f22d"="H:\WINDOWS\system32\fjwxauek.dll" [16-04-2008 21:13]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"POP Peeper"="H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [15-05-2007 17:12]
"LightScribe Control Panel"="H:\Program Files\POP Peeper\POPPeeper.exe" [12-03-2008 01:09]
"ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [10-04-2006 14:00]
"AGEIA PhysX SysTray"="H:\Program Files\AGEIA Technologies\bin\TrayIcon.exe" [23-07-2007 10:05]
"NVIDIA nTune"="H:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [04-09-2007 20:25]
"DAEMON Tools Lite"="H:\Program Files\DAEMON Tools Lite\daemon.exe" [21-03-2008 10:30]
"PeerGuardian"="H:\Program Files\PeerGuardian2\pg2.exe" [18-09-2005 18:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=H:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=H:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoInstrumentation"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe_ID0EYTHM"="H:\Program Files\QuickTime\QTTask.exe" -atboottime
"SDTray"="H:\Program Files\Spyware Doctor\SDTrayApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25f192fe-1aa9-11dc-9c44-000d0bee04c0}]
AutoRun\command- E:\setup.exe

*Newly Created Service* - PGFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"H:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

-- End of Deckard's System Scanner: finished at 2008-04-26 22:01:44 ------------

ik hoop dat jullie me kunnen helpen

sorry voor t spammen ik hou jullie op de hoogte wat ik doe.

**smeenk** · 26-04-08, 23:33

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
RD /S /Q H:\VeiligheidsAgent
RD /S /Q "H:\Documents and Settings\greenie\Application Data\VeiligheidsAgent"
RD /S /Q "H:\Documents and Settings\All Users.WINDOWS\Application Data\SalesMon"
RD /S /Q "H:\Program Files\VeiligheidsAgent"
RD /S /Q "H:\Program Files\Common Files\VeiligheidsAgent"
RD /S /Q H:\WINDOWS\system32\Cache
ECHO Deleting files>>log.txt
FOR %%g in (
H:\WINDOWS\system32\ltxsxmwm.dll
H:\WINDOWS\system32\mkraebvo.dll
H:\WINDOWS\system32\fjwxauek.dll
H:\WINDOWS\system32\bsxqxvtx.dll
H:\WINDOWS\system32\hqusvycg.dll
H:\VeiligheidsAgent
"H:\Documents and Settings\greenie\Application Data\VeiligheidsAgent"
"H:\Documents and Settings\All Users.WINDOWS\Application Data\SalesMon"
"H:\Program Files\VeiligheidsAgent"
"H:\Program Files\Common Files\VeiligheidsAgent"
H:\WINDOWS\system32\Cache) DO (
del /q %%gNUCIA
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
REN %%g *NUCIA
IF EXIST %%gNUCIA (
ECHO renamed to %%gNUCIA>>log.txt)
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post het logje van del.bat

**kbdude** · 27-04-08, 18:39

het logje.

Deleting files
H:\WINDOWS\system32\ltxsxmwm.dll deleted
H:\WINDOWS\system32\mkraebvo.dll deleted
renamed to H:\WINDOWS\system32\fjwxauek.dllNUCIA
H:\WINDOWS\system32\fjwxauek.dll deleted
H:\WINDOWS\system32\bsxqxvtx.dll deleted
H:\WINDOWS\system32\hqusvycg.dll deleted
H:\VeiligheidsAgent not found
"H:\Documents and Settings\greenie\Application Data\VeiligheidsAgent" not found
"H:\Documents and Settings\All Users.WINDOWS\Application Data\SalesMon" not found
"H:\Program Files\VeiligheidsAgent" not found
"H:\Program Files\Common Files\VeiligheidsAgent" not found
H:\WINDOWS\system32\Cache not found

**kbdude** · 27-04-08, 19:29

ik herstarte mn pc en ik kom weer op mijn gmail! of op fok.nl ook en het leukste ik kan weer zoeken alleen zegt hij bij het opstarten dat hij fjwxauek.dll niet kan openen...

het belangrijkste is dat mijn internet weer normaal doet hartstikke bedankt!

**smeenk** · 27-04-08, 19:38

Vink alleen de volgende regel aan met Hijackthis:
O4 - HKLM\..\Run: [BMdff7f22d] Rundll32.exe "H:\WINDOWS\system32\fjwxauek.dll",s
Klik nu op de knop "Fix checked" om deze regel te verwijderen.

Download dit bestand: zoek.exe
Dubbelklik het, na een tijdje opent er een logje.
Post de inhoud van dit logje in je volgende bericht

**kbdude** · 27-04-08, 20:33

ok here u go!

======H:\WINDOWS====
----a-w 0 2008-04-27 17:36:54 H:\WINDOWS\0.log
----a-w 1,880 2008-04-22 18:21:40 H:\WINDOWS\bitssetup.log
----a-w 2,041 2008-04-27 16:40:50 H:\WINDOWS\BMdff7f22d.txt
----a-w 0 2008-04-26 19:53:17 H:\WINDOWS\BMdff7f22d.xml
--s-a-w 2,048 2008-04-27 17:36:44 H:\WINDOWS\bootstat.dat
----a-w 9,740 2008-04-26 17:04:24 H:\WINDOWS\comsetup.log
----a-w 3,223 2008-04-26 17:04:24 H:\WINDOWS\ehOCGen.log
----a-w 26,682 2008-04-26 17:04:24 H:\WINDOWS\FaxSetup.log
----a-w 315,392 2008-03-12 16:04:07 H:\WINDOWS\HideWin.exe
----a-w 117,043 2008-04-26 17:04:24 H:\WINDOWS\iis6.log
----a-w 34,305 2008-04-25 18:34:12 H:\WINDOWS\imsins.BAK
----a-w 1,374 2008-04-26 17:04:24 H:\WINDOWS\imsins.log
----a-w 737,280 2008-04-17 19:18:17 H:\WINDOWS\iun6002.exe
----a-w 37,443 2008-04-22 18:29:20 H:\WINDOWS\KB892130.log
----a-w 153,100 2008-04-27 18:01:12 H:\WINDOWS\KB939373.log
----a-w 2,718 2008-04-26 17:04:24 H:\WINDOWS\MedCtrOC.log
----a-w 3,726 2008-03-16 19:45:06 H:\WINDOWS\ModemLog_LGE Mobile USB Modem #2.txt
----a-w 4,094 2008-03-16 19:43:49 H:\WINDOWS\ModemLog_LGE Mobile USB Modem.txt
----a-w 1,929 2008-04-26 17:04:24 H:\WINDOWS\msgsocm.log
----a-w 20,270 2008-04-26 17:04:22 H:\WINDOWS\msmqinst.log
----a-w 116 2008-04-22 09:29:32 H:\WINDOWS\NeroDigital.ini
----a-w 5,112 2008-04-26 17:04:24 H:\WINDOWS\netfxocm.log
----a-w 406,158 2008-04-26 19:46:47 H:\WINDOWS\ntbtlog.txt
----a-w 7,719 2008-04-26 17:04:24 H:\WINDOWS\ntdtcsetup.log
----a-w 28,526 2008-04-26 17:04:24 H:\WINDOWS\ocgen.log
----a-w 2,016 2008-04-26 17:04:24 H:\WINDOWS\ocmsn.log
----a-w 7,832 2008-04-26 17:04:24 H:\WINDOWS\plusoc.log
----a-w 22 2008-04-27 16:30:50 H:\WINDOWS\pskt.ini
----a-w 109,080 2008-04-17 17:49:33 H:\WINDOWS\pxinstall_log.txt
---ha-w 54,156 2008-04-27 17:36:54 H:\WINDOWS\QTFont.qfn
----a-w 32,602 2008-04-26 19:45:25 H:\WINDOWS\SchedLgU.Txt
----a-w 156 2008-04-25 18:33:57 H:\WINDOWS\setupact.log
----a-w 942,969 2008-04-25 18:34:12 H:\WINDOWS\setupapi.log
----a-w 112 2008-04-25 18:33:57 H:\WINDOWS\setuperr.log
----a-w 933 2008-04-26 17:04:24 H:\WINDOWS\tabletoc.log
----a-w 18,115 2008-04-26 17:04:24 H:\WINDOWS\tsoc.log
----a-w 349 2008-04-27 18:26:35 H:\WINDOWS\wiadebug.log
----a-w 0 2008-04-27 17:36:52 H:\WINDOWS\wiaservc.log
----a-w 1,119 2008-04-18 17:46:12 H:\WINDOWS\win.ini
----a-w 1,860,523 2008-04-27 18:00:51 H:\WINDOWS\WindowsUpdate.log

Entries: 40 (38)
Directories: 0 Files: 40
Bytes: 4,951,903 Blocks: 9,690
======H:\WINDOWS\system32=====
----a-w 16,832 2008-04-22 18:21:36 H:\WINDOWS\System32\amcompat.tlb
--sha-w 161,953 2008-04-17 20:44:28 H:\WINDOWS\System32\bJQqAcdd.ini
--sh--w 354 2008-04-13 18:38:10 H:\WINDOWS\System32\cwdkquly.ini
----a-w 682,496 2008-03-31 21:25:46 H:\WINDOWS\System32\DivX.dll
----a-w 161,096 2008-03-31 21:25:52 H:\WINDOWS\System32\DivXCodecVersionChecker.exe
----a-w 630,784 2008-03-24 19:45:56 H:\WINDOWS\System32\divxdec.ax
----a-w 352,401 2008-03-21 20:28:42 H:\WINDOWS\System32\DivXMedia.ax
----a-w 524,288 2008-03-21 20:30:12 H:\WINDOWS\System32\DivXsm.exe
----a-w 4,816 2008-03-21 20:30:12 H:\WINDOWS\System32\divxsm.tlb
----a-w 12,288 2008-03-21 20:28:20 H:\WINDOWS\System32\DivXWMPExtType.dll
----a-w 823,296 2008-03-31 21:25:48 H:\WINDOWS\System32\divx_xx07.dll
----a-w 831,488 2008-03-31 21:25:46 H:\WINDOWS\System32\divx_xx0a.dll
----a-w 823,296 2008-03-31 21:25:48 H:\WINDOWS\System32\divx_xx0c.dll
----a-w 802,816 2008-03-31 21:25:46 H:\WINDOWS\System32\divx_xx11.dll
----a-w 81,920 2008-03-21 20:28:54 H:\WINDOWS\System32\dpl100.dll
----a-w 416 2008-03-21 20:28:54 H:\WINDOWS\System32\dpl100.dll.manifest
----a-w 294,912 2008-03-21 20:28:50 H:\WINDOWS\System32\dpu10.dll
----a-w 294,912 2008-03-21 20:28:50 H:\WINDOWS\System32\dpu11.dll
----a-w 53,248 2008-03-21 20:28:52 H:\WINDOWS\System32\dpuGUI10.dll
----a-w 593,920 2008-03-21 20:28:50 H:\WINDOWS\System32\dpuGUI11.dll
----a-w 344,064 2008-03-21 20:28:50 H:\WINDOWS\System32\dpus11.dll
----a-w 57,344 2008-03-21 20:28:50 H:\WINDOWS\System32\dpv11.dll
----a-w 196,608 2008-03-21 20:28:54 H:\WINDOWS\System32\dtu100.dll
----a-w 416 2008-03-21 20:28:54 H:\WINDOWS\System32\dtu100.dll.manifest
----a-w 95,808 2008-04-16 19:13:04 H:\WINDOWS\System32\fjwxauek.dllNUCIA
----a-w 1,565,232 2008-04-13 19:04:51 H:\WINDOWS\System32\FNTCACHE.DAT
--sh--w 474 2008-04-15 17:08:53 H:\WINDOWS\System32\gdgwvqqj.ini
----a-w 139,008 2008-04-19 15:11:28 H:\WINDOWS\System32\guard32.dll
--sha-w 185,401 2008-04-13 18:18:34 H:\WINDOWS\System32\IlnVCJlm.ini
----a-w 83 2008-04-13 19:03:28 H:\WINDOWS\System32\imon1.dat
------w 1,480,232 2008-03-20 16:06:36 H:\WINDOWS\System32\LegitCheckControl.dll
----a-w 1,044,480 2008-03-21 20:30:00 H:\WINDOWS\System32\libdivx.dll
----a-w 19,836,024 2008-04-06 05:56:20 H:\WINDOWS\System32\MRT.exe
--sh--w 1,524,836 2008-04-16 19:40:04 H:\WINDOWS\System32\mwmxsxtl.ini
----a-w 109 2008-03-12 16:10:24 H:\WINDOWS\System32\nmp.log
--sh--w 294 2008-04-17 19:16:19 H:\WINDOWS\System32\nqevipmf.ini
----a-w 23,392 2008-04-22 18:21:36 H:\WINDOWS\System32\nscompat.tlb
----a-w 163,490 2008-03-12 17:44:07 H:\WINDOWS\System32\nvapps.xml
----a-w 78,788 2008-04-25 18:34:04 H:\WINDOWS\System32\perfc009.dat
----a-w 98,688 2008-04-25 18:34:04 H:\WINDOWS\System32\perfc013.dat
----a-w 477,846 2008-04-25 18:34:04 H:\WINDOWS\System32\perfh009.dat
----a-w 547,712 2008-04-25 18:34:04 H:\WINDOWS\System32\perfh013.dat
----a-w 1,216,582 2008-04-25 18:34:04 H:\WINDOWS\System32\PerfStringBackup.INI
--sh--w 354 2008-04-13 19:35:34 H:\WINDOWS\System32\pkwertjr.ini
----a-w 3,596,288 2008-03-21 20:30:08 H:\WINDOWS\System32\qt-dx331.dll
----a-w 57,344 2008-03-28 21:37:26 H:\WINDOWS\System32\QuickTime.qts
----a-w 90,112 2008-03-28 21:37:26 H:\WINDOWS\System32\QuickTimeVR.qtx
--sh--w 654 2008-04-16 19:15:01 H:\WINDOWS\System32\rpnlktty.ini
----a-w 803,317 2008-04-25 11:36:48 H:\WINDOWS\System32\RVAXO.bat
----a-w 200,704 2008-03-21 20:30:00 H:\WINDOWS\System32\ssldivx.dll
----a-w 0 2008-04-25 17:33:22 H:\WINDOWS\System32\w32apiw.dll
----a-w 1,845,376 2008-03-20 08:10:47 H:\WINDOWS\System32\win32k.sys
----a-w 13,700 2008-04-27 17:37:03 H:\WINDOWS\System32\wpa.dbl

Entries: 53 (45)
Directories: 0 Files: 53
Bytes: 42,832,292 Blocks: 83,673
======H:\WINDOWS\system32\drivers=====
----a-w 512,096 2008-04-17 19:01:06 H:\WINDOWS\System32\drivers\amon.sys
----a-w 87,312 2008-04-19 15:11:32 H:\WINDOWS\System32\drivers\cmdguard.sys
----a-w 23,824 2008-04-19 15:11:34 H:\WINDOWS\System32\drivers\cmdhlp.sys
----a-w 79,760 2008-04-19 15:11:36 H:\WINDOWS\System32\drivers\inspect.sys
---ha-w 0 2008-03-12 16:06:51 H:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
---ha-w 0 2008-03-12 16:07:02 H:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
---ha-w 0 2008-03-12 16:06:53 H:\WINDOWS\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
----a-w 15,424 2008-04-17 19:01:05 H:\WINDOWS\System32\drivers\nod32drv.sys
----a-w 717,296 2008-03-21 19:55:15 H:\WINDOWS\System32\drivers\sptd.sys

Entries: 9 (6)
Directories: 0 Files: 9
Bytes: 1,435,712 Blocks: 2,807
=======H:\Program Files=====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=======H:=====
----a-w 677 2008-04-26 19:49:29 H:\firstrun5.log
----a-w 164 2008-04-18 17:44:53 H:\install.dat
----a-w 892,614 2008-04-11 18:13:48 H:\ncleaner_setup.exe
----a-w 864,095 2008-04-14 17:49:46 H:\ncleaner_setup.rar
--sha-w 1,610,612,736 2008-04-27 17:36:40 H:\pagefile.sys
----a-w 900,152 2008-04-13 18:06:10 H:\PREVXCSIFREE.EXE

Entries: 6 (5)
Directories: 0 Files: 6
Bytes: 1,613,270,438 Blocks: 3,150,922
======H:\Documents and Settings\greenie\Application Data======
----a-w 454 2008-04-27 17:40:01 H:\Documents and Settings\greenie\Application Data\SamsungLiveUpdateConfig.ini

Entries: 1 (1)
Directories: 0 Files: 1
Bytes: 454 Blocks: 1
======H:\Temp======
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
======H:\Documents and Settings\greenie======
----a-w 8,650,752 2008-04-27 17:35:04 H:\Documents and Settings\greenie\ntuser.dat
---ha-w 20,480 2008-04-27 18:32:55 H:\Documents and Settings\greenie\ntuser.dat.LOG
--sh--w 188 2008-04-27 17:35:04 H:\Documents and Settings\greenie\ntuser.ini

Entries: 3 (1)
Directories: 0 Files: 3
Bytes: 8,671,420 Blocks: 16,937
======H:\WINDOWS\Downloaded Program Files====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=============

**smeenk** · 27-04-08, 23:38

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
RD /S /Q "H:\Documents and Settings\greenie\Application Data\nCleaner"
RD /S /Q "H:\Program Files\NKProds"
ECHO Deleting files>>log.txt
FOR %%g in (
H:\WINDOWS\BMdff7f22d.txt
H:\WINDOWS\BMdff7f22d.xml
H:\WINDOWS\pskt.ini
H:\WINDOWS\System32\w32apiw.dll
H:\WINDOWS\System32\bJQqAcdd.ini
H:\WINDOWS\System32\cwdkquly.ini
H:\WINDOWS\System32\fjwxauek.dllNUCIA
H:\WINDOWS\System32\gdgwvqqj.ini
H:\WINDOWS\System32\IlnVCJlm.ini
H:\WINDOWS\System32\mwmxsxtl.ini
H:\WINDOWS\System32\nqevipmf.ini
H:\WINDOWS\System32\pkwertjr.ini
H:\WINDOWS\System32\rpnlktty.ini
"H:\Documents and Settings\greenie\Application Data\nCleaner"
"H:\Program Files\NKProds"
H:\ncleaner_setup.exe) DO (
del /q %%gNUCIA
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
REN %%g *NUCIA
IF EXIST %%gNUCIA (
ECHO renamed to %%gNUCIA>>log.txt)
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post het logje van del.bat

**kbdude** · 28-04-08, 09:01

ik ben nu op mijn werk.
zo gauw ik thuis ben ga ik het doen en zet ik het logje neer

**smeenk** · 28-04-08, 09:22

We zien hem hier wel verschijnen

**kbdude** · 28-04-08, 18:29

zo ik heb het weer gedaan

Deleting files
H:\WINDOWS\BMdff7f22d.txt deleted
H:\WINDOWS\BMdff7f22d.xml deleted
H:\WINDOWS\pskt.ini deleted
H:\WINDOWS\System32\w32apiw.dll deleted
H:\WINDOWS\System32\bJQqAcdd.ini deleted
H:\WINDOWS\System32\cwdkquly.ini deleted
H:\WINDOWS\System32\fjwxauek.dllNUCIA deleted
H:\WINDOWS\System32\gdgwvqqj.ini deleted
H:\WINDOWS\System32\IlnVCJlm.ini deleted
H:\WINDOWS\System32\mwmxsxtl.ini deleted
H:\WINDOWS\System32\nqevipmf.ini deleted
H:\WINDOWS\System32\pkwertjr.ini deleted
H:\WINDOWS\System32\rpnlktty.ini deleted
"H:\Documents and Settings\greenie\Application Data\nCleaner" not found
"H:\Program Files\NKProds" not found
H:\ncleaner_setup.exe deleted

**smeenk** · 28-04-08, 18:33

Doe dit nog:

Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 6u6 en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Post nog een logje ter controle en vertel of je nog problemen ondervindt

Mededeling

Internet explorer en firefox openen bepaalde sites niet

Internet explorer en firefox openen bepaalde sites niet

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment