Mededeling

Collapse
No announcement yet.

worm.win32 netsky virus

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • worm.win32 netsky virus

    beste
    Sinds vandaag heb ik een of ander virus op m'n pc en krijg regelmatig zo'n geel balkje in m'n internet explorer.
    warning: possible spyware or adware infection click here to scan your computer for spyware and adware.

    Ook krijg ik regelmatig een waarschuwing:
    Spyware alert!
    worm.win32.netsky detected on your machine. ...
    dan kan je ja of nee klikken voor antispyware software aan te schaffen maar er is mij gezegd dat dat meestal heel slecht is.
    en dan nog maar om te zwijgen van m'n nieuwe startpagina
    http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2

    PS: het is allemaal begonnen met een videocodec af te halen en sinds toen had ik een nieuwe werkbalk: the emlkdvo

    Help alsjeblieft, ik smeek je want wat ik ook doe, niets helpt!!
    hijacklog:

    Logfile of HijackThis v1.99.1
    Scan saved at 21:20:01, on 25/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Easy Computing\True Image\TrueImageMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Documents and Settings\Croonenborghs\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: BDEX System - {C4248759-304D-477D-A1B3-F706CF99756D} - C:\WINDOWS\domnftwlvq.dll (file missing)
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: The emlkdvo - {DCDC837F-EC7C-4E37-A549-A719A08E06CF} - C:\WINDOWS\emlkdvo.dll (file missing)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Easy Computing\True Image\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8338] command /c del "C:\WINDOWS\emlkdvo.dll_tobedeleted_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC586] cmd /c del "C:\WINDOWS\emlkdvo.dll_tobedeleted_old"
    O4 - HKLM\..\RunOnce: [SDSetup] C:\Documents and Settings\Croonenborghs\Bureaublad\sdsetup.exe
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5754] command /c del "C:\WINDOWS\bvtqfvx.dll_tobedeleted_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1889] cmd /c del "C:\WINDOWS\bvtqfvx.dll_tobedeleted_old"
    O4 - HKLM\..\RunOnce: [RVAXO] RVAXO.bat
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9845] command /c del "C:\WINDOWS\emlkdvo.dll_tobedeleted_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4048] cmd /c del "C:\WINDOWS\emlkdvo.dll_tobedeleted_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9013] command /c del "C:\WINDOWS\bvtqfvx.dll_tobedeleted_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD529] cmd /c del "C:\WINDOWS\bvtqfvx.dll_tobedeleted_old"
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {389956FE-3A45-469C-B944-70308E06BAAC} (CVServerObject Object) - http://koddaerttennis.dyndns.info:8000/videocom.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162213379953
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162215196484
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: bvtqfvx - {CA0E62E8-D63B-4126-8631-AF7394CBD7ED} - C:\WINDOWS\bvtqfvx.dll
    O21 - SSODL: alxvdvm - {2796D468-8C46-49D4-B37A-01D24F82FA92} - C:\WINDOWS\alxvdvm.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    Last edited by berndcr; 25-12-07, 21:24. Reden: iets vergeten

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht tesamen met een nieuw logje van HijackThis.

    Comment


    • #3
      d

      hey
      is het normaal dat het msdos venstertje dat dat heel traag gaat??echt heeeeel traag!!
      en hoe weet je of het gedaan heeft met iets te doen en je dus misschien handmatig moet herstarten?

      grtjes

      Comment


      • #4
        Herstart zelf de computer, start RVAXO.cmd dan nog een keer en post het logje dat verschijnt.
        Verschijnt het logje niet, zoek dan dit bestand: C:\RVAXO-results.log

        Post ook een nieuw logje van Hijackthis

        Comment


        • #5
          d

          hier het hijack file + RVAXO
          weet wel niet of het helemaal correct is want RVAXO deed gedurende 20 min niets en toen heb ik maar handmatig herstart en toen kwam gewoon hetzelfde venster er terug op.

          ----------------RVAXO.exe first run-------------

          Files found:

          C:\WINDOWS\dat.txt
          C:\WINDOWS\rs.txt
          C:\WINDOWS\search_res.txt
          ----------------RVAXO.exe first run-------------

          Files found:

          C:\WINDOWS\system32\actskn45.ocx



          hijack
          Logfile of HijackThis v1.99.1
          Scan saved at 12:45:53, on 26/12/2007
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
          C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
          C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
          C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
          C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
          C:\WINDOWS\system32\CTsvcCDA.exe
          C:\WINDOWS\eHome\ehRecvr.exe
          C:\WINDOWS\eHome\ehSched.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\PnkBstrA.exe
          C:\Program Files\CyberLink\Shared Files\RichVideo.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
          C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
          C:\WINDOWS\Explorer.EXE
          C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
          C:\WINDOWS\system32\dllhost.exe
          C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\WINDOWS\ehome\ehtray.exe
          C:\WINDOWS\RTHDCPL.EXE
          C:\Program Files\Easy Computing\True Image\TrueImageMonitor.exe
          C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
          C:\WINDOWS\system32\LVCOMSX.EXE
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          C:\Program Files\Logitech\Video\LogiTray.exe
          C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
          C:\Program Files\Windows Media Player\WMPNSCFG.exe
          C:\WINDOWS\eHome\ehmsas.exe
          C:\Program Files\Logitech\Video\FxSvr2.exe
          C:\WINDOWS\system32\NOTEPAD.EXE
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Documents and Settings\Croonenborghs\Bureaublad\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
          O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
          O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
          O2 - BHO: BDEX System - {C4248759-304D-477D-A1B3-F706CF99756D} - C:\WINDOWS\domnftwlvq.dll (file missing)
          O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
          O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: The emlkdvo - {DCDC837F-EC7C-4E37-A549-A719A08E06CF} - C:\WINDOWS\emlkdvo.dll (file missing)
          O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
          O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
          O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
          O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
          O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
          O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Easy Computing\True Image\TrueImageMonitor.exe
          O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
          O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
          O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
          O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
          O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
          O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
          O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
          O11 - Options group: [INTERNATIONAL] International*
          O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
          O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
          O16 - DPF: {389956FE-3A45-469C-B944-70308E06BAAC} (CVServerObject Object) - http://koddaerttennis.dyndns.info:8000/videocom.cab
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162213379953
          O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162215196484
          O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
          O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
          O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
          O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
          O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
          O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
          O21 - SSODL: bvtqfvx - {CA0E62E8-D63B-4126-8631-AF7394CBD7ED} - C:\WINDOWS\bvtqfvx.dll (file missing)
          O21 - SSODL: alxvdvm - {2796D468-8C46-49D4-B37A-01D24F82FA92} - C:\WINDOWS\alxvdvm.dll (file missing)
          O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
          O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
          O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
          O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
          O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
          O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
          O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
          O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
          O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
          O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
          O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

          nogmaals, weet niet of RVAXO correct is

          Comment


          • #6
            RVAXO lijkt om de één of andere reden zijn werk niet afgemaakt te hebben

            Start Hijackthis en plaats een vinkje voor de volgende regels:
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
            O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
            O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
            O2 - BHO: BDEX System - {C4248759-304D-477D-A1B3-F706CF99756D} - C:\WINDOWS\domnftwlvq.dll (file missing)
            O3 - Toolbar: The emlkdvo - {DCDC837F-EC7C-4E37-A549-A719A08E06CF} - C:\WINDOWS\emlkdvo.dll (file missing)
            O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
            O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
            O21 - SSODL: bvtqfvx - {CA0E62E8-D63B-4126-8631-AF7394CBD7ED} - C:\WINDOWS\bvtqfvx.dll (file missing)
            O21 - SSODL: alxvdvm - {2796D468-8C46-49D4-B37A-01D24F82FA92} - C:\WINDOWS\alxvdvm.dll (file missing)

            Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".


            Download Combofix naar je Bureaublad.
            Dubbelklik op Combofix.exe
            Kies voor "Continue" door 1 te typen gevolgd door ENTER.
            Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
            Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
            Plaats deze log in je volgende post.

            NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

            Comment


            • #7
              opgelost

              hey
              op de een of andere reden is alles terug in orde
              RVAXO heeft z'n werk kunnen afronden en m'n startpagina is terug in orde, the emlkdvo is weg en krijg geen enkele melding meer
              dus bedankt!!

              Comment


              • #8
                Zou je voor de zekerheid toch die stappen uit mijn laatste post willen langslopen en de logjes posten?

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X