Mededeling

Collapse
No announcement yet.

antivirusscherm, beschermingstool, traag

Collapse
X
Collapse
  •  
  • Page of 2
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige 1 2 template Volgende
  • #1

    antivirusscherm, beschermingstool, traag

    beste experts,
    ik lees jullie reacties met groot respect, want ik kom er niet uit maar zie gelukkig wel dat jullie verder kunnen kijken dan mijn neus lang is...
    op een of andere manier zijn op mijn pc hinderlijke popups teredchtgekomen als beschermingstool, bedreigingsmonitor en antivirusscherm. deze schermen zijn alleen weg te krijgen door de browser te sluiten. PC wordt traag en zoekopdrachten zijn nauwelijks uitvoerbaar. van alles geprobeerd Mcafee, spybot, spyterminator, spysweeper, ad-aware, sommigen vinden wat, oa virtumonde, dit wordt wel vernietigd maar komt ook weer terug. bij het opstarten van IE zie ik onderaan kort even webserver-webads verschijnen, maar je ziet dat niet in de geschiedenis. in msconfig heb ik alle opstartitems uigeschakeld maar bv kopmxoux schakelt zichzelf steeds weer in. in windows/systems32 heb ik van een vreemde dll, cegqojdq.dll,de .dll in .xxx veranderd. Uiteindelijk maar firefox geinstalleerd naast IE in de hoop dat die er geen last van zou hebben , maar daar kwamen ze ook vrolijk terug.
    --In de processen (via Ctrl-alt-del) zie ik steeds een svchost.exe die alle processorenergie opslurpt (totaal op 100%), als ik die uitschakel komt de processor op normaal niveau terug, geen idee waar dat vandaan komt, was er al voor de popups.--
    hieronder zit mijn Hiijack log, zie jullie bericht tegemoet..

    groeten, jan


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:17:31, on 13-05-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Backup Manager\BackupSC.exe
    C:\Program Files\Backup Manager\BackupFP.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccmagazine.nl/index.cfm?fuseaction=home.showSurftips
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: (no name) - {B3102264-D09D-4322-B625-503FBF18DD7E} - C:\WINDOWS\system32\opnopNfd.dll (file missing)
    O2 - BHO: (no name) - {EC60CFA8-C7A4-421F-B09F-3A0C2D878377} - C:\WINDOWS\system32\xxywXRKc.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [BMaff3b9fe] Rundll32.exe "C:\WINDOWS\system32\kopmxoux.dll",s
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
    O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program

    Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF

    Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common

    Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

    http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135673787859
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) -

    http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O20 - Winlogon Notify: opnopNfd - opnopNfd.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\KPN\AgentSrv.EXE
    O23 - Service: Backup Manager Service Controller - IASO Technology - C:\Program Files\Backup Manager\BackupSC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

    Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware

    Terminator\sp_rsser.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy

    Sweeper\SpySweeper.exe

    --
    End of file - 9329 bytes
    Labels: Geen
    • Citaat
  • #2
    Start Hijackthis en vink alleen de volgende regels aan:
    O2 - BHO: (no name) - {B3102264-D09D-4322-B625-503FBF18DD7E} - C:\WINDOWS\system32\opnopNfd.dll (file missing)
    O2 - BHO: (no name) - {EC60CFA8-C7A4-421F-B09F-3A0C2D878377} - C:\WINDOWS\system32\xxywXRKc.dll (file missing)
    O4 - HKLM\..\Run: [BMaff3b9fe] Rundll32.exe "C:\WINDOWS\system32\kopmxoux.dll",s
    O20 - Winlogon Notify: opnopNfd - opnopNfd.dll (file missing)
    Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log
    • Citaat

    Comment

    • #3
      antivirusscherm beschermingstool traag

      Beste Smeenk,

      wat een snel antwoord! alles uitgevoerd zoals door jou aangegeven,
      het RVAXO result zit erbij, maar waar kan ik het RVAXO-Vfind.log vinden??
      ik heb het programma deze file niet zien aanmaken en een zoekopdracht op de computer vindt het niet...
      groet, Jan


      ---RVAXO.exe Updated: 2008-05-07---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\BMaff3b9fe.xml
      C:\WINDOWS\BMaff3b9fe.txt
      C:\WINDOWS\system32\cKRXwyxx.ini2
      C:\WINDOWS\system32\IOqXbccf.ini2
      C:\WINDOWS\system32\jiihQXbc.ini2
      C:\WINDOWS\pskt.ini
      C:\WINDOWS\wininit.ini
      C:\WINDOWS\cookies.ini
      C:\WINDOWS\system32\clkcnt.txt
      C:\WINDOWS\system32\mcrh.tmp

      Folders Found:
      C:\Program Files\Common Files\{3CC08ACD-0AE6-1043-1202-03051220001f}
      C:\Program Files\Common Files\{ACC08ACD-0AE6-1043-1202-03051220001f}

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------
      • Citaat

      Comment

      • #4
        Open de map RVAXO op je bureaublad en dubbelklik opnieuw op RunMe.cmd
        Wacht tot het CMD-venster vanzelf sluit, het bestand RVAXO-Vfind.log zal automatisch aangemaakt worden op je C-schijf(het zal niet automatisch openen)
        • Citaat

        Comment

        • #5
          antivirusscherm beschermingstool traag

          Beste Smeenk,

          niet goed genoeg gekeken, het Vfind logje gevonden, stond gewoon zoals door jou aangegeven op C, is een tekstbestand, maar er blijkt bij openen niets in te staan.

          voldoende? anders hoor ik graag.

          jan
          • Citaat

          Comment

          • #6
            Doe dit: http://nucia.eu/forum/showpost.php?p=343084&postcount=4
            Misschien staat er dan wel wat in
            • Citaat

            Comment

            • #7
              RVAXO Vfind.log

              Misschien... nu dat kun je wel stellen, een hele lading nu

              succes ermee!
              jan


              ----a-w 6,144 2008-05-08 08:13:59 C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
              ----a-w 5,857,216 2008-05-08 11:36:04 C:\Documents and Settings\All Users\Documenten\Firefox Setup 2.0.0.14.exe
              ----a-w 382,352 2008-05-10 14:37:48 C:\Documents and Settings\Jan\Bureaublad\jxpiinstall.exe
              ----a-w 21,031,280 2008-05-12 18:12:07 C:\Documents and Settings\Jan\Bureaublad\Lavasoft_Adaware_multi.exe
              ----a-w 425,984 2008-05-07 12:54:00 C:\Documents and Settings\Jan\Bureaublad\RVAXO.exe
              ----a-w 812,344 2008-05-07 12:35:51 C:\Documents and Settings\Jan\Bureaublad\Downloads\HJTInstall.exe
              ----a-w 306,032 2008-05-07 09:32:03 C:\Documents and Settings\Jan\Bureaublad\Downloads\mvtapp.exe
              ----a-w 425,984 2008-05-07 12:45:35 C:\Documents and Settings\Jan\Bureaublad\Downloads\RemoveVideoActiveXObject.exe
              ----a-w 425,984 2008-05-13 09:15:45 C:\Documents and Settings\Jan\Bureaublad\Downloads\RVAXO(2).exe
              ----a-w 9,722,720 2008-05-06 15:23:45 C:\Documents and Settings\Jan\Bureaublad\Downloads\spybotsd152.exe
              ----a-w 8,000,520 2008-05-05 20:23:05 C:\Documents and Settings\Jan\Bureaublad\Downloads\video\Azureus_3.0.5.2_windows.exe
              ----a-w 7,678,250 2008-05-05 16:00:44 C:\Documents and Settings\Jan\Bureaublad\Downloads\video\frostwire-4.13.5.windows.exe
              ----a-w 7,794,832 2008-05-08 08:10:42 C:\Documents and Settings\Jan\Bureaublad\Ongebruikte bureaubladpictogrammen\SpywareTerminator_Setup.exe
              ----a-w 14,528,296 2008-05-09 09:45:51 C:\Documents and Settings\Jan\Bureaublad\Ongebruikte bureaubladpictogrammen\sspsetup9235_1.exe
              ----a-w 425,984 2008-05-07 12:46:54 C:\Documents and Settings\Jan\Local Settings\Temporary Internet Files\Content.IE5\BQQHVNEP\RemoveVideoActiveXObject[1].exe
              ----a-w 812,344 2008-05-07 12:35:40 C:\Documents and Settings\Jan\Local Settings\Temporary Internet Files\Content.IE5\P0KRC3RI\HJTInstall[1].exe
              ----a-w 425,984 2008-05-07 12:53:57 C:\Documents and Settings\Jan\Local Settings\Temporary Internet Files\Content.IE5\P0KRC3RI\RVAXO[1].exe
              ----a-w 14,528,344 2008-05-07 15:58:35 C:\Documents and Settings\Jan\Local Settings\Temporary Internet Files\Content.IE5\SURYTSW2\SpySweeperSNRSetup_NL[1].exe
              ----a-w 149,504 2008-04-11 01:48:00 C:\Program Files\Azureus\uninstall.exe
              ----a-w 4,608 2008-05-05 20:34:47 C:\Program Files\Azureus\.install4j\i4jdel.exe
              ----a-w 105,333 2008-05-05 16:01:40 C:\Program Files\FrostWire\Uninstall.exe
              ----a-w 290,856 12193-04-11 06:45:48 C:\Program Files\IncrediMail\bin\ImLc.exe
              ----a-w 7,660,656 2008-04-07 09:08:56 C:\Program Files\Mozilla Firefox\firefox.exe
              ----a-w 132,232 2008-04-07 09:08:56 C:\Program Files\Mozilla Firefox\updater.exe
              ----a-w 73,336 2008-04-07 09:08:57 C:\Program Files\Mozilla Firefox\xpicleanup.exe
              ----a-w 407,040 2008-04-07 09:08:58 C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\talkback.exe
              ----a-w 451,664 2008-04-07 09:08:55 C:\Program Files\Mozilla Firefox\uninstall\helper.exe
              ----a-w 692,104 2008-05-06 15:23:45 C:\Program Files\Spybot - Search & Destroy\unins000.exe
              ----a-w 9,259,368 2008-05-01 01:17:12 C:\Program Files\Spyware Terminator\SpywareTerminator.exe
              ----a-w 1,817,600 2008-05-08 08:13:58 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
              ----a-w 606,720 2008-05-08 08:13:59 C:\Program Files\Spyware Terminator\sp_rsser.exe
              ----a-w 1,090,410 2008-05-08 08:13:45 C:\Program Files\Spyware Terminator\unins000.exe
              ----a-w 396,288 2008-05-07 12:35:58 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
              ----a-w 770,177 2008-05-09 09:46:07 C:\Program Files\Webroot\Spy Sweeper\unins000.exe
              -c--a-w 770,177 2008-05-07 15:58:36 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1166\A0641708.exe
              -c--a-w 1,038,336 2008-05-12 16:23:56 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1171\A0641939.exe
              -c--a-w 171,008 2008-05-12 16:23:58 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1171\A0641940.exe
              -c--a-w 8,704 2008-05-12 16:23:59 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1171\A0641941.exe
              -c--a-w 178,688 2008-05-12 16:24:01 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1171\A0641942.exe
              ----a-w 7,660,656 2008-04-07 09:08:56 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0641992.exe
              ----a-w 132,232 2008-04-07 09:08:56 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642004.exe
              ----a-w 73,336 2008-04-07 09:08:57 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642008.exe
              ----a-w 451,664 2008-04-07 09:08:55 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642047.exe
              ----a-w 407,040 2008-04-07 09:08:58 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642056.exe
              ----a-w 2,003,920 2008-05-01 01:33:00 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642075.exe
              ----a-r 593,920 2008-04-09 22:19:57 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
              ----a-r 12,288 2008-04-09 22:19:57 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
              ----a-r 86,016 2008-04-09 22:19:57 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
              ----a-r 135,168 2008-04-09 22:19:56 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
              ----a-r 11,264 2008-04-09 22:19:57 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
              ----a-r 27,136 2008-04-09 22:19:57 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
              ----a-r 4,096 2008-04-09 22:19:57 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
              ----a-r 794,624 2008-04-09 22:19:58 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
              ----a-r 249,856 2008-04-09 22:19:57 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
              ----a-r 61,440 2008-04-09 22:19:56 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
              ----a-r 23,040 2008-04-09 22:19:58 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
              ----a-r 286,720 2008-04-09 22:19:56 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
              ----a-r 409,600 2008-04-09 22:19:56 C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
              ----a-r 1,038,336 2008-05-12 18:13:39 C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
              ----a-r 178,688 2008-05-12 18:13:39 C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
              ----a-r 171,008 2008-05-12 18:13:39 C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
              ----a-r 8,704 2008-05-12 18:13:39 C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
              ----a-w 2,048 2008-05-10 11:20:57 C:\WINDOWS\SYSTEM32\gfhbtssv.exe
              ----a-w 2,048 2008-05-08 07:36:10 C:\WINDOWS\SYSTEM32\jpwlcask.exe
              ----a-w 2,112 2008-05-07 06:56:43 C:\WINDOWS\SYSTEM32\kykmcosm.exe
              ----a-w 2,048 2008-05-09 07:59:58 C:\WINDOWS\SYSTEM32\lbjdrllb.exe
              ----a-w 19,836,024 2008-04-06 05:56:20 C:\WINDOWS\SYSTEM32\MRT.exe
              ----a-w 0 2008-05-05 16:13:44 C:\WINDOWS\SYSTEM32\taskkill.exe
              ----a-w 2,048 2008-05-12 10:31:37 C:\WINDOWS\SYSTEM32\uxvmjdoj.exe

              Entries: 69 (69)
              Directories: 0 Files: 69
              Bytes: 154,332,483 Blocks: 301,447
              =============
              ----a-w 106,496 2008-05-05 20:34:47 C:\Program Files\Azureus\.install4j\i4jinst.dll
              ----a-w 245,408 2008-05-05 20:34:47 C:\Program Files\Azureus\.install4j\unicows.dll
              ----a-w 22,528 2008-05-05 20:34:47 C:\Program Files\Azureus\.install4j\_shfoldr.dll
              ----a-w 81,960 12165-07-16 05:59:01 C:\Program Files\IncrediMail\bin\Im3D.dll
              ----a-w 212,992 29092-01-23 07:27:56 C:\Program Files\IncrediMail\bin\ssce5432.dll
              ----a-w 254,976 29092-01-23 07:27:56 C:\Program Files\IncrediMail\bin\xaudio.dll
              ----a-w 13,952 2008-04-07 09:08:55 C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll
              ----a-w 200,829 2008-04-04 22:04:28 C:\Program Files\Mozilla Firefox\freebl3.dll
              ----a-w 458,856 2008-04-07 09:08:56 C:\Program Files\Mozilla Firefox\js3250.dll
              ----a-w 161,392 2008-04-07 09:08:56 C:\Program Files\Mozilla Firefox\nspr4.dll
              ----a-w 378,472 2008-04-07 09:08:56 C:\Program Files\Mozilla Firefox\nss3.dll
              ----a-w 276,080 2008-04-07 09:08:56 C:\Program Files\Mozilla Firefox\nssckbi.dll
              ----a-w 34,424 2008-04-07 09:08:56 C:\Program Files\Mozilla Firefox\plc4.dll
              ----a-w 30,320 2008-04-07 09:08:56 C:\Program Files\Mozilla Firefox\plds4.dll
              ----a-w 112,232 2008-04-07 09:08:56 C:\Program Files\Mozilla Firefox\smime3.dll
              ----a-w 254,060 2008-04-04 22:04:28 C:\Program Files\Mozilla Firefox\softokn3.dll
              ----a-w 132,712 2008-04-07 09:08:56 C:\Program Files\Mozilla Firefox\ssl3.dll
              ----a-w 13,416 2008-04-07 09:08:56 C:\Program Files\Mozilla Firefox\xpcom.dll
              ----a-w 73,848 2008-04-07 09:08:57 C:\Program Files\Mozilla Firefox\xpcom_compat.dll
              ----a-w 422,000 2008-04-07 09:08:57 C:\Program Files\Mozilla Firefox\xpcom_core.dll
              ----a-w 12,400 2008-04-07 09:08:57 C:\Program Files\Mozilla Firefox\xpistub.dll
              ----a-w 67,696 2008-04-07 09:08:57 C:\Program Files\Mozilla Firefox\components\jar50.dll
              ----a-w 54,376 2008-04-07 09:08:57 C:\Program Files\Mozilla Firefox\components\jsd3250.dll
              ----a-w 34,952 2008-04-07 09:08:57 C:\Program Files\Mozilla Firefox\components\myspell.dll
              ----a-w 46,720 2008-04-07 09:08:57 C:\Program Files\Mozilla Firefox\components\spellchk.dll
              ----a-w 172,144 2008-04-07 09:08:57 C:\Program Files\Mozilla Firefox\components\xpinstal.dll
              ----a-w 99,840 2008-04-07 09:08:57 C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\BrandRes.dll
              ----a-w 156,544 2008-04-07 09:08:58 C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\fullsoft.dll
              ----a-w 14,456 2008-04-07 09:08:58 C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\qfaservices.dll
              ----a-w 22,664 2008-04-07 09:08:57 C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
              ----a-w 164,352 2008-05-08 08:13:59 C:\Program Files\Spyware Terminator\sptcontmenu.dll
              -c--a-w 280,064 2008-05-05 16:14:04 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1159\A0640311.dll
              -c--a-w 96,832 2008-05-06 07:24:34 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1159\A0640312.dll
              -c--a-w 107,584 2008-05-06 07:27:58 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1159\A0640313.dll
              -c--a-w 104,000 2008-05-06 07:23:07 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1159\A0640314.dll
              -c--a-w 281,600 2008-05-07 06:50:24 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1160\A0640511.dll
              -c--a-w 108,608 2008-05-07 06:53:30 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1160\A0640513.dll
              -c--a-w 104,512 2008-05-07 06:51:06 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1160\A0640514.dll
              -c--a-w 96,832 2008-05-07 06:56:49 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1160\A0640515.dll
              -c--a-w 103,936 2008-05-08 07:34:04 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1164\A0641632.dll
              -c--a-w 95,232 2008-05-08 07:42:20 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1165\A0641674.dll
              -c--a-w 281,088 2008-05-08 07:33:06 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1170\A0641843.dll
              -c--a-w 37,376 2008-05-12 17:55:56 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1171\A0641932.dll
              -c--a-w 22,441 2008-05-12 17:55:56 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1171\A0641933.dll
              -c--a-w 73,728 2008-05-12 17:55:56 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1171\A0641934.dll
              -c--a-w 73,728 2008-05-12 17:55:56 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1171\A0641935.dll
              ----a-w 41,449 2008-05-12 18:12:20 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0641961.dll
              ----a-w 27,113 2008-05-12 18:12:20 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0641962.dll
              ----a-w 73,728 2008-05-12 18:12:20 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0641963.dll
              ----a-w 73,728 2008-05-12 18:12:20 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0641964.dll
              ----a-w 13,952 2008-04-07 09:08:55 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0641993.dll
              ----a-w 200,829 2008-04-04 22:04:28 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0641994.dll
              ----a-w 458,856 2008-04-07 09:08:56 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0641995.dll
              ----a-w 161,392 2008-04-07 09:08:56 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0641996.dll
              ----a-w 378,472 2008-04-07 09:08:56 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0641997.dll
              ----a-w 276,080 2008-04-07 09:08:56 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0641998.dll
              ----a-w 34,424 2008-04-07 09:08:56 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0641999.dll
              ----a-w 30,320 2008-04-07 09:08:56 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642000.dll
              ----a-w 112,232 2008-04-07 09:08:56 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642001.dll
              ----a-w 254,060 2008-04-04 22:04:28 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642002.dll
              ----a-w 132,712 2008-04-07 09:08:56 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642003.dll
              ----a-w 13,416 2008-04-07 09:08:56 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642005.dll
              ----a-w 73,848 2008-04-07 09:08:57 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642006.dll
              ----a-w 422,000 2008-04-07 09:08:57 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642007.dll
              ----a-w 12,400 2008-04-07 09:08:57 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642009.dll
              ----a-w 22,664 2008-04-07 09:08:57 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642032.dll
              ----a-w 67,696 2008-04-07 09:08:57 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642033.dll
              ----a-w 54,376 2008-04-07 09:08:57 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642034.dll
              ----a-w 34,952 2008-04-07 09:08:57 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642035.dll
              ----a-w 46,720 2008-04-07 09:08:57 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642036.dll
              ----a-w 172,144 2008-04-07 09:08:57 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642037.dll
              ----a-w 99,840 2008-04-07 09:08:57 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642050.dll
              ----a-w 156,544 2008-04-07 09:08:58 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642051.dll
              ----a-w 14,456 2008-04-07 09:08:58 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642053.dll
              ----a-w 942,080 2008-05-01 01:32:56 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642074.dll
              ----a-w 160,768 2008-05-01 01:32:58 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642076.dll
              ----a-w 3,869,184 2008-05-01 01:32:58 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642078.dll
              ----a-w 1,150,976 2008-05-01 01:32:58 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642083.dll
              ----a-w 93,696 2008-05-12 10:28:39 C:\WINDOWS\SYSTEM32\ahfrncbt.dll
              ------w 95,232 2008-05-10 11:26:59 C:\WINDOWS\SYSTEM32\hdjagpes.dll
              ----a-w 104,960 2008-05-10 11:23:56 C:\WINDOWS\SYSTEM32\ispouhxb.dll
              ----a-w 105,984 2008-05-12 10:27:21 C:\WINDOWS\SYSTEM32\kopmxoux.dll
              ----a-w 104,960 2008-05-12 10:34:44 C:\WINDOWS\SYSTEM32\mbkadlqx.dll
              ----a-w 105,984 2008-05-08 07:39:10 C:\WINDOWS\SYSTEM32\nujkdfbl.dll
              ----a-w 105,472 2008-05-09 07:37:09 C:\WINDOWS\SYSTEM32\sggwusdl.dll
              ----a-w 93,696 2008-05-09 08:01:05 C:\WINDOWS\SYSTEM32\ueljmtaj.dll
              ----a-w 104,448 2008-05-09 07:34:33 C:\WINDOWS\SYSTEM32\xlctpwnx.dll

              Entries: 87 (87)
              Directories: 0 Files: 87
              Bytes: 16,698,501 Blocks: 32,656
              =============
              ----a-w 820,319 2008-05-07 12:07:42 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642094.bat
              ----a-w 820,319 2008-05-07 12:07:42 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1172\A0642116.bat
              ----a-w 820,319 2008-05-07 12:07:42 C:\WINDOWS\SYSTEM32\RVAXO.bat

              Entries: 3 (3)
              Directories: 0 Files: 3
              Bytes: 2,460,957 Blocks: 4,809
              =============
              --sha-w 1,608,585,216 2008-05-13 09:41:08 C:\hiberfil.sys
              --sha-w 805,306,368 2008-05-13 09:41:06 C:\pagefile.sys
              ----a-w 5,632 2008-05-08 08:13:59 C:\Documents and Settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
              ----a-w 48,765 2008-04-20 12:26:42 C:\Documents and Settings\Jan\Local Settings\Application Data\Powercinema\Dell_Config.sys
              ----a-w 4 2008-04-20 12:26:13 C:\Documents and Settings\Jan\Local Settings\Application Data\Powercinema\Dell_UserName.sys
              -c--a-w 4 2008-04-20 12:08:46 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1141\A0638950.sys
              -c--a-w 48,765 2008-04-20 12:09:14 C:\System Volume Information\_restore{F89817AF-0A8C-4752-B403-11B3333F859B}\RP1141\A0638951.sys
              ----a-w 141,312 2008-05-08 08:13:59 C:\WINDOWS\SYSTEM32\DRIVERS\sp_rsdrv2.sys

              Entries: 8 (6)
              Directories: 0 Files: 8
              Bytes: 2,414,136,066 Blocks: 4,715,113
              =============
              • Citaat

              Comment

              • #8
                Wat ik wel vreemd vind is dat jij een iets verouderde RVAXO hebt: RVAXO.exe Updated: 2008-05-07
                Terwijl ik hem jouw vandaag pas laat downloaden.

                Open een kladblokbestand.
                Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                @ECHO OFF
                IF EXIST log.txt DEL log.txt
                ECHO Deleting files>>log.txt
                FOR %%g in (
                C:\WINDOWS\SYSTEM32\gfhbtssv.exe
                C:\WINDOWS\SYSTEM32\jpwlcask.exe
                C:\WINDOWS\SYSTEM32\kykmcosm.exe
                C:\WINDOWS\SYSTEM32\lbjdrllb.exe
                C:\WINDOWS\SYSTEM32\taskkill.exe
                C:\WINDOWS\SYSTEM32\uxvmjdoj.exe
                C:\WINDOWS\SYSTEM32\ahfrncbt.dll
                C:\WINDOWS\SYSTEM32\hdjagpes.dll
                C:\WINDOWS\SYSTEM32\ispouhxb.dll
                C:\WINDOWS\SYSTEM32\kopmxoux.dll
                C:\WINDOWS\SYSTEM32\mbkadlqx.dll
                C:\WINDOWS\SYSTEM32\nujkdfbl.dll
                C:\WINDOWS\SYSTEM32\sggwusdl.dll
                C:\WINDOWS\SYSTEM32\ueljmtaj.dll
                C:\WINDOWS\SYSTEM32\xlctpwnx.dll) DO (
                DEL /Q %%gNUCIA
                IF EXIST %%g (
                ATTRIB -r -s -h %%g
                DEL %%g
                REN %%g *NUCIA
                IF EXIST %%gNUCIA (
                ECHO renamed to %%gNUCIA>>log.txt)
                IF EXIST %%g (
                ECHO %%g not deleted>>log.txt
                ) ELSE (
                ECHO %%g deleted>>log.txt)
                ) ELSE (
                ECHO %%g not found>>log.txt))
                START NOTEPAD.EXE log.txt

                Ga naar Bestand - Opslaan als.
                Bij "Opslaan in" kies je: Bureaublad
                Bij "Bestandsnaam" zet je: del.bat
                Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                Klik op de knop Opslaan.

                Dubbelklik op del.bat en post de inhoud van de logfile die opent.
                • Citaat

                Comment

                • #9
                  komt ie:

                  Deleting files
                  C:\WINDOWS\SYSTEM32\gfhbtssv.exe deleted
                  C:\WINDOWS\SYSTEM32\jpwlcask.exe deleted
                  C:\WINDOWS\SYSTEM32\kykmcosm.exe deleted
                  C:\WINDOWS\SYSTEM32\lbjdrllb.exe deleted
                  C:\WINDOWS\SYSTEM32\taskkill.exe deleted
                  C:\WINDOWS\SYSTEM32\uxvmjdoj.exe deleted
                  C:\WINDOWS\SYSTEM32\ahfrncbt.dll deleted
                  C:\WINDOWS\SYSTEM32\hdjagpes.dll deleted
                  C:\WINDOWS\SYSTEM32\ispouhxb.dll deleted
                  renamed to C:\WINDOWS\SYSTEM32\kopmxoux.dllNUCIA
                  C:\WINDOWS\SYSTEM32\kopmxoux.dll deleted
                  C:\WINDOWS\SYSTEM32\mbkadlqx.dll deleted
                  C:\WINDOWS\SYSTEM32\nujkdfbl.dll deleted
                  C:\WINDOWS\SYSTEM32\sggwusdl.dll deleted
                  C:\WINDOWS\SYSTEM32\ueljmtaj.dll deleted
                  C:\WINDOWS\SYSTEM32\xlctpwnx.dll deleted
                  • Citaat

                  Comment

                  • #10
                    heb nog even gekeken naar je opmerking over RVAXO.exe

                    klopt helemaal, er bleek er nog een op mijn systeem te staan, en die is per abuis gebruikt. voor zover ik kan nagaan is die ongeveer een maand ouder..

                    groet, Jan
                    • Citaat

                    Comment

                    • #11
                      We krijgen alles er wel uit

                      Herstart eerst even je computer.

                      Doe daarna dit:
                      Download dit bestand: zoek.exe
                      Dubbelklik het, na een tijdje opent er een logje.
                      Post de inhoud van dit logje in je volgende bericht
                      • Citaat

                      Comment

                      • #12
                        zoek.exe result

                        ik vind het een boeiend en hoopvol gebeuren
                        de resultaten van zoek.exe:

                        ======C:\WINDOWS====
                        ----a-w 0 2008-05-13 13:12:17 C:\WINDOWS\0.LOG
                        ----a-w 207 2008-05-13 09:47:21 C:\WINDOWS\BMaff3b9fe.txt
                        ----a-w 109,807 2008-05-13 10:27:53 C:\WINDOWS\BMaff3b9fe.xml
                        --s-a-w 2,048 2008-05-13 13:11:38 C:\WINDOWS\BOOTSTAT.DAT
                        ----a-w 393,480 2008-04-09 22:21:11 C:\WINDOWS\COMSETUP.LOG
                        ----a-w 1,138 2008-05-05 16:55:05 C:\WINDOWS\EventSystem.log
                        ----a-w 1,152,713 2008-04-09 22:21:10 C:\WINDOWS\FaxSetup.log
                        ----a-w 182,927 2008-04-09 22:21:11 C:\WINDOWS\IIS6.LOG
                        ----a-w 36 2008-05-09 15:55:06 C:\WINDOWS\iltwain.ini
                        ----a-w 1,374 2008-04-09 22:21:02 C:\WINDOWS\imsins.BAK
                        ----a-w 1,374 2008-04-09 22:21:11 C:\WINDOWS\imsins.log
                        ----a-w 18,404 2008-04-09 22:21:02 C:\WINDOWS\KB941693.log
                        ----a-w 12,466 2008-04-09 22:15:41 C:\WINDOWS\KB945553.log
                        ----a-w 20,052 2008-04-09 22:20:50 C:\WINDOWS\KB947864-IE7.log
                        ----a-w 12,412 2008-04-09 22:18:25 C:\WINDOWS\KB948590.log
                        ----a-w 13,780 2008-04-09 22:21:11 C:\WINDOWS\KB948881.log
                        ----a-w 1,160 2008-05-08 12:28:43 C:\WINDOWS\mozver.dat
                        ----a-w 58,507 2008-04-09 22:21:11 C:\WINDOWS\MSGSOCM.LOG
                        ----a-w 289,768 2008-05-13 09:36:26 C:\WINDOWS\ntbtlog.txt
                        ----a-w 239,136 2008-04-09 22:21:11 C:\WINDOWS\ntdtcsetup.log
                        ----a-w 574,375 2008-04-09 22:21:11 C:\WINDOWS\OCGEN.LOG
                        ----a-w 69,793 2008-04-09 22:21:11 C:\WINDOWS\OCMSN.LOG
                        ---ha-w 54,156 2008-05-05 21:40:54 C:\WINDOWS\QTFont.qfn
                        ----a-w 32,590 2008-05-13 09:30:18 C:\WINDOWS\SchedLgU.Txt
                        ----a-w 346,100 2008-05-12 18:10:38 C:\WINDOWS\setupapi.log
                        ----a-w 227 2008-05-13 12:30:48 C:\WINDOWS\SYSTEM.INI
                        ----a-w 449,745 2008-04-09 22:21:11 C:\WINDOWS\TSOC.LOG
                        ----a-w 117,578 2008-04-09 22:20:34 C:\WINDOWS\updspapi.log
                        ----a-w 159 2008-05-13 13:12:16 C:\WINDOWS\WIADEBUG.LOG
                        ----a-w 49 2008-05-13 13:12:05 C:\WINDOWS\WIASERVC.LOG
                        ----a-w 679 2008-05-13 07:14:19 C:\WINDOWS\WIN.INI
                        ----a-w 1,056,142 2008-05-13 13:14:24 C:\WINDOWS\WindowsUpdate.log
                        ----a-w 230,157 2008-05-05 16:13:17 C:\WINDOWS\wmsetup.log

                        Entries: 33 (31)
                        Directories: 0 Files: 33
                        Bytes: 5,442,539 Blocks: 10,646
                        ======C:\WINDOWS\system32=====
                        ----a-w 103,936 2008-05-10 11:19:14 C:\WINDOWS\System32\cegqojdqxx.xxx
                        --sha-w 191,162 2008-05-12 16:10:57 C:\WINDOWS\System32\cKRXwyxx.ini
                        ----a-w 16,499 2008-05-13 13:12:26 C:\WINDOWS\System32\Config.MPF
                        --sh--w 1,487,459 2008-05-08 11:56:07 C:\WINDOWS\System32\fnabyxvl.ini
                        ----a-w 243,920 2008-04-10 07:04:36 C:\WINDOWS\System32\FNTCACHE.DAT
                        --sh--w 706,592 2008-05-07 06:57:01 C:\WINDOWS\System32\gdxmhdlt.ini
                        --sh--w 1,479,861 2008-05-06 21:47:15 C:\WINDOWS\System32\inwdjfmd.ini
                        --sha-w 0 2008-05-07 22:25:37 C:\WINDOWS\System32\IOqXbccf.ini
                        --sha-w 200,044 2008-05-06 23:10:47 C:\WINDOWS\System32\jiihQXbc.ini
                        ----a-w 6,300 2008-05-10 14:42:04 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
                        ----a-w 105,984 2008-05-12 10:27:21 C:\WINDOWS\System32\kopmxoux.dllNUCIA
                        ----a-w 95,232 2008-05-08 07:42:20 C:\WINDOWS\System32\lvxybanfxx.xxx
                        ----a-w 19,836,024 2008-04-06 05:56:20 C:\WINDOWS\System32\MRT.exe
                        ----a-w 72,152 2008-04-17 08:03:54 C:\WINDOWS\System32\PERFC009.DAT
                        ----a-w 92,052 2008-04-17 08:03:54 C:\WINDOWS\System32\PERFC013.DAT
                        ----a-w 444,528 2008-04-17 08:03:54 C:\WINDOWS\System32\PERFH009.DAT
                        ----a-w 512,410 2008-04-17 08:03:54 C:\WINDOWS\System32\PERFH013.DAT
                        ----a-w 1,135,958 2008-04-17 08:03:53 C:\WINDOWS\System32\PerfStringBackup.INI
                        ----a-w 0 2008-05-06 21:33:36 C:\WINDOWS\System32\REN60.tmp
                        ----a-w 0 2008-05-06 21:33:36 C:\WINDOWS\System32\REN61.tmp
                        ----a-w 103,936 2008-05-08 07:34:04 C:\WINDOWS\System32\rgsgjdllxx.xxx
                        ----a-w 820,319 2008-05-07 12:07:42 C:\WINDOWS\System32\RVAXO.bat
                        --sh--w 1,505,043 2008-05-12 10:28:41 C:\WINDOWS\System32\sepgajdh.ini
                        --sh--w 1,505,283 2008-05-12 17:55:00 C:\WINDOWS\System32\tbcnrfha.ini
                        ----a-w 1,845,376 2008-03-20 08:10:47 C:\WINDOWS\System32\win32k.sys
                        ----a-w 1,170 2008-05-13 13:12:24 C:\WINDOWS\System32\WPA.DBL

                        Entries: 26 (18)
                        Directories: 0 Files: 26
                        Bytes: 32,511,240 Blocks: 63,510
                        ======C:\WINDOWS\system32\drivers=====
                        ----a-w 141,312 2008-05-08 08:13:59 C:\WINDOWS\System32\drivers\sp_rsdrv2.sys

                        Entries: 1 (1)
                        Directories: 0 Files: 1
                        Bytes: 141,312 Blocks: 276
                        =======C:\Program Files=====
                        Entries: 0 (0)
                        Directories: 0 Files: 0
                        Bytes: 0 Blocks: 0
                        =======C:=====
                        --sha-r 211 2008-05-13 07:14:20 C:\BOOT.INI
                        ----a-w 1 2008-05-10 12:16:45 C:\FINA5.CHK
                        ----a-w 646 2008-05-13 09:38:59 C:\firstrun6.log
                        --sha-w 1,608,585,216 2008-05-13 13:11:37 C:\hiberfil.sys
                        ----a-w 164 2008-05-09 09:46:53 C:\install.dat
                        --sha-w 805,306,368 2008-05-13 13:11:35 C:\pagefile.sys
                        ----a-w 830 2008-05-13 10:18:38 C:\RVAXO-results.log
                        ----a-w 20,659 2008-05-13 10:20:41 C:\RVAXO-Vfind.log

                        Entries: 8 (5)
                        Directories: 0 Files: 8
                        Bytes: 2,413,914,095 Blocks: 4,714,680
                        ======C:\Documents and Settings\Jan\Application Data======
                        Entries: 0 (0)
                        Directories: 0 Files: 0
                        Bytes: 0 Blocks: 0
                        ======C:\Temp======
                        Entries: 0 (0)
                        Directories: 0 Files: 0
                        Bytes: 0 Blocks: 0
                        ======C:\Documents and Settings\Jan======
                        ----a-w 10,201 2008-05-13 11:30:04 C:\Documents and Settings\Jan\intlname.ols
                        ---ha-w 7,864,320 2008-05-13 13:10:16 C:\Documents and Settings\Jan\NTUSER.DAT
                        ---ha-w 73,728 2008-05-13 13:17:17 C:\Documents and Settings\Jan\ntuser.dat.LOG
                        --sh--w 288 2008-05-13 13:09:53 C:\Documents and Settings\Jan\NTUSER.INI

                        Entries: 4 (1)
                        Directories: 0 Files: 4
                        Bytes: 7,948,537 Blocks: 15,525
                        ======C:\WINDOWS\Downloaded Program Files====
                        ----a-w 1,060 2008-04-02 13:18:28 C:\WINDOWS\Downloaded Program Files\jinstall-6u5.inf

                        Entries: 1 (1)
                        Directories: 0 Files: 1
                        Bytes: 1,060 Blocks: 3
                        =============
                        • Citaat

                        Comment

                        • #13
                          Open een kladblokbestand.
                          Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                          @ECHO OFF
                          IF EXIST log.txt DEL log.txt
                          ECHO Deleting files>>log.txt
                          FOR %%g in (
                          C:\WINDOWS\BMaff3b9fe.txt
                          C:\WINDOWS\BMaff3b9fe.xml
                          C:\WINDOWS\System32\cegqojdqxx.xxx
                          C:\WINDOWS\System32\cKRXwyxx.ini
                          C:\WINDOWS\System32\fnabyxvl.ini
                          C:\WINDOWS\System32\gdxmhdlt.ini
                          C:\WINDOWS\System32\inwdjfmd.ini
                          C:\WINDOWS\System32\IOqXbccf.ini
                          C:\WINDOWS\System32\jiihQXbc.ini
                          C:\WINDOWS\System32\kopmxoux.dllNUCIA
                          C:\WINDOWS\System32\lvxybanfxx.xxx
                          C:\WINDOWS\System32\REN60.tmp
                          C:\WINDOWS\System32\REN61.tmp
                          C:\WINDOWS\System32\rgsgjdllxx.xxx
                          C:\WINDOWS\System32\sepgajdh.ini
                          C:\WINDOWS\System32\tbcnrfha.ini) DO (
                          DEL /Q %%gNUCIA
                          IF EXIST %%g (
                          ATTRIB -r -s -h %%g
                          DEL %%g
                          REN %%g *NUCIA
                          IF EXIST %%gNUCIA (
                          ECHO renamed to %%gNUCIA>>log.txt)
                          IF EXIST %%g (
                          ECHO %%g not deleted>>log.txt
                          ) ELSE (
                          ECHO %%g deleted>>log.txt)
                          ) ELSE (
                          ECHO %%g not found>>log.txt))
                          START NOTEPAD.EXE log.txt

                          Ga naar Bestand - Opslaan als.
                          Bij "Opslaan in" kies je: Bureaublad
                          Bij "Bestandsnaam" zet je: del.bat
                          Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                          Klik op de knop Opslaan.

                          Dubbelklik op del.bat en post de inhoud van de logfile die opent.
                          • Citaat

                          Comment

                          • #14
                            resultaat

                            gedaan, resultaat:

                            Deleting files
                            C:\WINDOWS\BMaff3b9fe.txt deleted
                            C:\WINDOWS\BMaff3b9fe.xml deleted
                            C:\WINDOWS\System32\cegqojdqxx.xxx deleted
                            C:\WINDOWS\System32\cKRXwyxx.ini deleted
                            C:\WINDOWS\System32\fnabyxvl.ini deleted
                            C:\WINDOWS\System32\gdxmhdlt.ini deleted
                            C:\WINDOWS\System32\inwdjfmd.ini deleted
                            C:\WINDOWS\System32\IOqXbccf.ini deleted
                            C:\WINDOWS\System32\jiihQXbc.ini deleted
                            C:\WINDOWS\System32\kopmxoux.dllNUCIA deleted
                            C:\WINDOWS\System32\lvxybanfxx.xxx deleted
                            C:\WINDOWS\System32\REN60.tmp deleted
                            C:\WINDOWS\System32\REN61.tmp deleted
                            C:\WINDOWS\System32\rgsgjdllxx.xxx deleted
                            C:\WINDOWS\System32\sepgajdh.ini deleted
                            C:\WINDOWS\System32\tbcnrfha.ini deleted
                            • Citaat

                            Comment

                            • #15
                              Doe dit nog:

                              Download ATF cleaner (mirror)(gemaakt door Atribune)

                              Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                              Dubbelklik op ATF cleaner om het programma te starten.
                              Op het tabblad "Main", plaats je een vinkje bij Select All.
                              Klik op de knop Empty Selected.

                              Het volgende doen als je ook FireFox als browser hebt:
                              Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                              Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                              (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                              Klik op de knop Empty Selected.

                              Het volgende doen als je ook Opera als browser hebt:
                              Klik op tabblad "Opera", plaats een vinkje bij Select All.
                              Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                              Klik op de knop Empty Selected.
                              Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                              Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                              Kijk hier hoe je je systeemherstel moet uitschakelen.
                              Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                              Post dan even een nieuw logje van Hijackthis en vertel of er nog problemen zijn.

                              Groeten smeenk
                              • Citaat

                              Comment

                              Vorige 1 2 template Volgende
                              Sorry, you are not authorized to view this page
                              Working...
                              X