Mededeling

**smeenk** · 28-12-07, 20:17

Download VirtumundoBegone (mirror)
Sla dit op op je bureaublad.

Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
Als de fix klaar is, start je de pc opnieuw op.
Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Download Combofix naar je Bureaublad.
Dubbelklik op Combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

**mark_90** · 28-12-07, 20:43

VBG:

[12/28/2007, 21:19:10] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Eigenaar\Bureaublad\VirtumundoBeGone.exe" )
[12/28/2007, 21:19:26] - Detected System Information:
[12/28/2007, 21:19:26] - Windows Version: 5.1.2600, Service Pack 2
[12/28/2007, 21:19:26] - Current Username: Eigenaar (Admin)
[12/28/2007, 21:19:26] - Windows is in NORMAL mode.
[12/28/2007, 21:19:26] - Searching for Browser Helper Objects:
[12/28/2007, 21:19:26] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} ()
[12/28/2007, 21:19:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 21:19:26] - No filename found. Continuing.
[12/28/2007, 21:19:26] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
[12/28/2007, 21:19:26] - BHO 3: {2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73} ()
[12/28/2007, 21:19:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 21:19:26] - Checking for HKLM\...\Winlogon\Notify\yayvvuu
[12/28/2007, 21:19:26] - Found: HKLM\...\Winlogon\Notify\yayvvuu - This is probably Virtumundo.
[12/28/2007, 21:19:26] - Assigning {2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73} MSEvents Object
[12/28/2007, 21:19:26] - BHO list has been changed! Starting over...
[12/28/2007, 21:19:26] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} ()
[12/28/2007, 21:19:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 21:19:26] - No filename found. Continuing.
[12/28/2007, 21:19:26] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
[12/28/2007, 21:19:26] - BHO 3: {2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73} (MSEvents Object)
[12/28/2007, 21:19:26] - ALERT: Found MSEvents Object!
[12/28/2007, 21:19:26] - BHO 4: {6D7B211A-88EA-490c-BAB9-3600D8D7C503} (ConnectionServices Class)
[12/28/2007, 21:19:26] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/28/2007, 21:19:26] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[12/28/2007, 21:19:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 21:19:26] - No filename found. Continuing.
[12/28/2007, 21:19:26] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
[12/28/2007, 21:19:26] - BHO 8: {FE95C183-851D-4DB2-AF3A-3C226CCEDC40} ()
[12/28/2007, 21:19:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 21:19:26] - Checking for HKLM\...\Winlogon\Notify\mlljh
[12/28/2007, 21:19:26] - Key not found: HKLM\...\Winlogon\Notify\mlljh, continuing.
[12/28/2007, 21:19:26] - Finished Searching Browser Helper Objects
[12/28/2007, 21:19:26] - *** Detected MSEvents Object
[12/28/2007, 21:19:26] - Trying to remove MSEvents Object...
[12/28/2007, 21:19:27] - Terminating Process: IEXPLORE.EXE
[12/28/2007, 21:19:27] - Terminating Process: RUNDLL32.EXE
[12/28/2007, 21:19:28] - Disabling Automatic Shell Restart
[12/28/2007, 21:19:28] - Terminating Process: EXPLORER.EXE
[12/28/2007, 21:19:28] - Suspending the NT Session Manager System Service
[12/28/2007, 21:19:28] - Terminating Windows NT Logon/Logoff Manager
[12/28/2007, 21:19:28] - Re-enabling Automatic Shell Restart
[12/28/2007, 21:19:28] - File to disable: C:\WINDOWS\system32\yayvvuu.dll
[12/28/2007, 21:19:28] - Renaming C:\WINDOWS\system32\yayvvuu.dll -> C:\WINDOWS\system32\yayvvuu.dll.vir
[12/28/2007, 21:19:28] - File successfully renamed!
[12/28/2007, 21:19:28] - Removing HKLM\...\Browser Helper Objects\{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73}
[12/28/2007, 21:19:28] - Removing HKCR\CLSID\{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73}
[12/28/2007, 21:19:28] - Adding Kill Bit for ActiveX for GUID: {2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73}
[12/28/2007, 21:19:28] - Deleting ATLEvents/MSEvents Registry entries
[12/28/2007, 21:19:28] - Removing HKLM\...\Winlogon\Notify\yayvvuu
[12/28/2007, 21:19:28] - Searching for Browser Helper Objects:
[12/28/2007, 21:19:28] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} ()
[12/28/2007, 21:19:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 21:19:29] - No filename found. Continuing.
[12/28/2007, 21:19:29] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
[12/28/2007, 21:19:29] - BHO 3: {6D7B211A-88EA-490c-BAB9-3600D8D7C503} (ConnectionServices Class)
[12/28/2007, 21:19:29] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/28/2007, 21:19:29] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[12/28/2007, 21:19:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 21:19:29] - No filename found. Continuing.
[12/28/2007, 21:19:29] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
[12/28/2007, 21:19:29] - BHO 7: {FE95C183-851D-4DB2-AF3A-3C226CCEDC40} ()
[12/28/2007, 21:19:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 21:19:29] - Checking for HKLM\...\Winlogon\Notify\mlljh
[12/28/2007, 21:19:29] - Key not found: HKLM\...\Winlogon\Notify\mlljh, continuing.
[12/28/2007, 21:19:29] - Finished Searching Browser Helper Objects
[12/28/2007, 21:19:29] - Finishing up...
[12/28/2007, 21:19:29] - A restart is needed.
[12/28/2007, 21:19:33] - Attempting to Restart via STOP error (Blue Screen!)

------------------------------------------------------------------------------

----------------RVAXO.exe first run-------------

Files found:

C:\WINDOWS\system32\yayvvuu.dll.vir
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\accdd.ini2
C:\WINDOWS\system32\hjllm.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\schost.exe
C:\WINDOWS\system32\actskn45.ocx

Uninstallers Rogue scanners:

Folders Found:

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

Folders Found:

--------------RVAXO.exe finished----------------

----------------------------------------------------------------------------

ComboFix 07-12-28.1 - Eigenaar 2007-12-28 21:34:06.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.613 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\hjllm.ini2
C:\WINDOWS\system32\mlljh.dll

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))
.

2007-12-28 21:26 . 2007-12-28 21:27 <DIR> d-------- C:\RVAXO
2007-12-28 21:24 . 2007-12-28 22:17 578,322 --a------ C:\WINDOWS\system32\RVAXO.bat
2007-12-28 21:24 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-12-28 21:08 . 2007-12-28 21:09 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-28 21:06 . 2004-08-04 14:00 572,928 --a------ C:\WINDOWS\system32\gpedit.dll
2007-12-28 21:06 . 2004-08-04 14:00 300,032 --a------ C:\WINDOWS\system32\appmgr.dll
2007-12-28 21:06 . 2004-08-04 14:00 200,192 --a------ C:\WINDOWS\system32\gptext.dll
2007-12-28 21:06 . 2004-08-04 14:00 175,616 --a------ C:\WINDOWS\system32\appmgmts.dll
2007-12-28 21:06 . 2004-08-04 14:00 118,272 --a------ C:\WINDOWS\system32\fde.dll
2007-12-28 21:06 . 2004-08-04 14:00 74,752 --a------ C:\WINDOWS\system32\fdeploy.dll
2007-12-28 21:06 . 2004-08-04 14:00 34,339 --a------ C:\WINDOWS\system32\gpedit.msc
2007-12-28 21:02 . 2007-12-28 21:02 <DIR> dr-h----- C:\Documents and Settings\Eigenaar\Onlangs geopend
2007-12-28 20:46 . 2007-12-28 21:31 <DIR> d-------- C:\Program Files\AVPersonal
2007-12-28 17:52 . 2007-12-28 19:55 <DIR> d-------- C:\Program Files\Gabest
2007-12-26 14:47 . 2007-12-26 14:47 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-22 22:59 . 2007-12-22 22:59 <DIR> d-------- C:\Program Files\Logitech
2007-12-22 22:59 . 2007-12-22 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-22 22:59 . 2007-12-22 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2007-12-22 22:56 . 2007-12-22 22:59 <DIR> d-------- C:\Program Files\Common Files\logishrd
2007-12-22 22:56 . 2004-08-04 10:03 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-12-22 22:56 . 2004-08-04 10:03 54,272 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-12-18 22:24 . 2007-12-18 22:25 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-18 20:48 . 2007-12-18 20:48 1,720,086 --a------ C:\WINDOWS\system32\TmpA14318437
2007-12-18 17:48 . 2007-12-18 18:02 754 --a------ C:\WINDOWS\WORDPAD.INI
2007-12-17 17:34 . 2007-12-18 16:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2007-12-16 21:31 . 2007-12-16 21:31 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Yahoo!
2007-12-16 12:13 . 2007-12-16 12:13 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2007-12-15 15:20 . 2007-12-15 15:20 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\dvdcss
2007-12-15 14:59 . 2007-12-15 14:59 <DIR> d-------- C:\Program Files\VideoLAN
2007-12-15 14:59 . 2007-12-15 14:59 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\vlc
2007-12-15 14:07 . 2007-12-15 14:07 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\URSoft
2007-12-15 13:32 . 2007-12-19 20:46 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\skypePM
2007-12-15 13:32 . 2007-12-15 13:32 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-15 13:31 . 2007-12-22 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-12-13 16:47 . 2007-12-13 17:16 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\UseNeXT
2007-12-11 23:32 . 2007-12-11 23:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-09 20:46 . 2007-12-09 20:46 45,056 --a------ C:\WINDOWS\system32\sstunst3.exe
2007-12-08 17:10 . 2007-12-08 17:11 <DIR> d-------- C:\Program Files\Disk Cleaner
2007-12-07 21:34 . 2007-12-07 21:37 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-12-07 18:21 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2007-12-07 18:21 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-12-07 18:21 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2007-12-07 18:21 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-12-07 18:21 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2007-12-07 18:21 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-12-07 18:21 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2007-12-07 18:21 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-12-07 16:54 . 2007-12-07 16:54 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-12-07 16:33 . 2007-12-07 16:33 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\teamspeak2
2007-12-07 16:33 . 2007-12-07 16:33 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2007-12-05 20:14 . 2007-12-05 20:14 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-12-04 19:57 . 2007-12-04 19:57 <DIR> d-------- C:\WINDOWS\Driver
2007-12-04 17:21 . 2007-12-04 17:21 674,600 --a------ C:\WINDOWS\system32\pbsvc.exe
2007-12-02 22:01 . 2007-12-02 22:01 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Talkback
2007-12-01 14:21 . 2007-12-04 17:22 22,328 --a------ C:\Documents and Settings\Eigenaar\Application Data\PnkBstrK.sys
2007-12-01 14:09 . 2007-12-01 14:09 <DIR> d-------- C:\Program Files\Activision
2007-12-01 14:08 . 2007-12-01 14:08 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-12-01 11:05 . 2007-12-01 11:05 <DIR> d-------- C:\Program Files\ConnectionServices
2007-11-30 17:27 . 2007-11-30 17:27 1,156 --a------ C:\WINDOWS\mozver.dat
2007-11-30 17:22 . 2007-11-30 17:22 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-30 15:19 . 2007-11-30 15:19 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-30 15:19 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-30 15:19 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-30 15:19 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-30 15:19 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-30 15:19 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-30 15:19 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-30 15:19 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-30 15:19 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-29 15:13 . 2007-11-16 19:31 15,939,584 --a------ C:\WINDOWS\NOD32_3.0.566(32-bit).msi

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-28 19:26 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\uTorrent
2007-12-28 18:38 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-21 16:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-18 19:49 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Uniblue
2007-12-16 20:36 --------- d-----w C:\Program Files\Teletekstbrowser
2007-12-15 13:50 --------- d-----w C:\Program Files\CyberLink
2007-12-15 13:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-07 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-12-07 17:21 --------- d-----w C:\Program Files\directx
2007-11-28 14:13 --------- d-----w C:\Program Files\AlienGUIse
2007-11-28 11:50 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-11-22 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-21 20:36 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-18 21:26 --------- d-----w C:\Program Files\Common Files\Stardock
2007-11-13 16:35 --------- d-----w C:\Program Files\DAMN NFO Viewer
2007-11-13 15:08 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\GoFetch!
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 20:34 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\TuneUp Software
2007-11-12 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-11-10 20:22 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\AccurateRip
2007-11-07 19:46 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Media Player Classic
2007-11-07 10:09 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-07 10:08 --------- d-----w C:\Program Files\Windows Live
2007-11-07 10:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-07 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-11-03 18:53 --------- d-----w C:\Program Files\NCT
2007-11-01 21:34 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\DivX
2007-10-31 19:16 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-28 13:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Eset
2007-10-23 13:20 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-10-22 07:51 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-10-22 02:49 867,848 ----a-w C:\Program Files\NOV2007_d3dx10_36_x64.cab
2007-10-22 02:49 807,132 ----a-w C:\Program Files\NOV2007_d3dx10_36_x86.cab
2007-10-22 02:49 49,392 ----a-w C:\Program Files\NOV2007_X3DAudio_x64.cab
2007-10-22 02:49 44,850 ----a-w C:\Program Files\dxdllreg_x86.cab
2007-10-22 02:49 21,744 ----a-w C:\Program Files\NOV2007_X3DAudio_x86.cab
2007-10-22 02:49 200,010 ----a-w C:\Program Files\NOV2007_XACT_x64.cab
2007-10-22 02:49 151,512 ----a-w C:\Program Files\NOV2007_XACT_x86.cab
2007-10-22 02:49 1,805,306 ----a-w C:\Program Files\NOV2007_d3dx9_36_x64.cab
2007-10-22 02:49 1,712,608 ----a-w C:\Program Files\NOV2007_d3dx9_36_x86.cab
2007-10-22 02:31 976,020 ------w C:\Program Files\BDAXP.cab
2007-10-22 02:31 917,318 ------w C:\Program Files\Apr2006_MDX1_x86.cab
2007-10-22 02:31 88,102 ------w C:\Program Files\AUG2006_xinput_x64.cab
2007-10-22 02:31 87,989 ------w C:\Program Files\Apr2006_xinput_x64.cab
2007-10-22 02:31 86,925 ------w C:\Program Files\Oct2005_xinput_x64.cab
2007-10-22 02:31 86,802 ----a-w C:\Program Files\dxupdate.cab
2007-10-22 02:31 855,886 ------w C:\Program Files\AUG2007_d3dx10_35_x64.cab
2007-10-22 02:31 800,467 ------w C:\Program Files\AUG2007_d3dx10_35_x86.cab
2007-10-22 02:31 76,808 ----a-w C:\Program Files\DSETUP.dll
2007-10-22 02:31 702,644 ------w C:\Program Files\JUN2007_d3dx10_34_x64.cab
2007-10-22 02:31 702,212 ------w C:\Program Files\APR2007_d3dx10_33_x64.cab
2007-10-22 02:31 702,072 ------w C:\Program Files\JUN2007_d3dx10_34_x86.cab
2007-10-22 02:31 699,465 ------w C:\Program Files\APR2007_d3dx10_33_x86.cab
2007-10-22 02:31 56,902 ------w C:\Program Files\APR2007_xinput_x86.cab
2007-10-22 02:31 502,792 ----a-w C:\Program Files\DXSETUP.exe
2007-10-22 02:31 47,018 ------w C:\Program Files\AUG2006_xinput_x86.cab
2007-10-22 02:31 46,898 ------w C:\Program Files\Apr2006_xinput_x86.cab
2007-10-22 02:31 46,247 ------w C:\Program Files\Oct2005_xinput_x86.cab
2007-10-22 02:31 4,163,518 ------w C:\Program Files\Apr2006_MDX1_x86_Archive.cab
2007-10-22 02:31 213,767 ------w C:\Program Files\DEC2006_d3dx10_00_x64.cab
2007-10-22 02:31 201,696 ------w C:\Program Files\AUG2007_XACT_x64.cab
2007-10-22 02:31 200,722 ------w C:\Program Files\JUN2007_XACT_x64.cab
2007-10-22 02:31 199,366 ------w C:\Program Files\APR2007_XACT_x64.cab
2007-10-22 02:31 198,275 ------w C:\Program Files\FEB2007_XACT_x64.cab
2007-10-22 02:31 193,435 ------w C:\Program Files\DEC2006_XACT_x64.cab
2007-10-22 02:31 192,680 ------w C:\Program Files\DEC2006_d3dx10_00_x86.cab
2007-10-22 02:31 183,863 ------w C:\Program Files\AUG2006_XACT_x64.cab
2007-10-22 02:31 183,321 ------w C:\Program Files\OCT2006_XACT_x64.cab
2007-10-22 02:31 181,745 ------w C:\Program Files\JUN2006_XACT_x64.cab
2007-10-22 02:31 180,021 ------w C:\Program Files\Apr2006_XACT_x64.cab
2007-10-22 02:31 179,247 ------w C:\Program Files\Feb2006_XACT_x64.cab
2007-10-22 02:31 156,612 ------w C:\Program Files\AUG2007_XACT_x86.cab
2007-10-22 02:31 156,509 ------w C:\Program Files\JUN2007_XACT_x86.cab
2007-10-22 02:31 154,825 ------w C:\Program Files\APR2007_XACT_x86.cab
2007-10-22 02:31 151,583 ------w C:\Program Files\FEB2007_XACT_x86.cab
2007-10-22 02:31 146,559 ------w C:\Program Files\DEC2006_XACT_x86.cab
2007-10-22 02:31 138,977 ------w C:\Program Files\OCT2006_XACT_x86.cab
2007-10-22 02:31 138,195 ------w C:\Program Files\AUG2006_XACT_x86.cab
2007-10-22 02:31 134,631 ------w C:\Program Files\JUN2006_XACT_x86.cab
2007-10-22 02:31 133,991 ------w C:\Program Files\Apr2006_XACT_x86.cab
2007-10-22 02:31 133,297 ------w C:\Program Files\Feb2006_XACT_x86.cab
2007-10-22 02:31 13,265,040 ------w C:\Program Files\dxnt.cab
2007-10-22 02:31 100,417 ------w C:\Program Files\APR2007_xinput_x64.cab
2007-10-22 02:31 1,803,760 ------w C:\Program Files\AUG2007_d3dx9_35_x64.cab
2007-10-22 02:31 1,711,752 ------w C:\Program Files\AUG2007_d3dx9_35_x86.cab
2007-10-22 02:31 1,673,224 ----a-w C:\Program Files\dsetup32.dll
2007-10-22 02:31 1,611,374 ------w C:\Program Files\JUN2007_d3dx9_34_x64.cab
2007-10-22 02:31 1,610,958 ------w C:\Program Files\APR2007_d3dx9_33_x64.cab
2007-10-22 02:31 1,610,886 ------w C:\Program Files\JUN2007_d3dx9_34_x86.cab
2007-10-22 02:31 1,609,639 ------w C:\Program Files\APR2007_d3dx9_33_x86.cab
2007-10-22 02:31 1,575,336 ------w C:\Program Files\DEC2006_d3dx9_32_x86.cab
2007-10-22 02:31 1,572,114 ------w C:\Program Files\DEC2006_d3dx9_32_x64.cab
2007-10-22 02:31 1,413,862 ------w C:\Program Files\OCT2006_d3dx9_31_x64.cab
2007-10-22 02:31 1,398,718 ------w C:\Program Files\Apr2006_d3dx9_30_x64.cab
2007-10-22 02:31 1,363,684 ------w C:\Program Files\Feb2006_d3dx9_29_x64.cab
2007-10-22 02:31 1,358,864 ------w C:\Program Files\Dec2005_d3dx9_28_x64.cab
2007-10-22 02:31 1,351,430 ------w C:\Program Files\Aug2005_d3dx9_27_x64.cab
2007-10-22 02:31 1,348,242 ------w C:\Program Files\Apr2005_d3dx9_25_x64.cab
2007-10-22 02:31 1,336,890 ------w C:\Program Files\Jun2005_d3dx9_26_x64.cab
2007-10-22 02:31 1,248,387 ------w C:\Program Files\Feb2005_d3dx9_24_x64.cab
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D7B211A-88EA-490c-BAB9-3600D8D7C503}]
2007-10-24 18:28 399872 --a------ C:\Program Files\ConnectionServices\ConnectionServices.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="-RUNDLL32.exe"

"NvMediaCenter"="-RUNDLL32.exe"

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarsOnTaskbar"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^Alienware Dock.lnk]
backup=C:\WINDOWS\pss\Alienware Dock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
-C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe clear

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
"VTTimer"=VTTimer.exe
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit
"RTHDCPL"=RTHDCPL.EXE
"S3Trayp"=S3trayp.exe
"nwiz"=nwiz.exe /install

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 08:51]
S3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-11-10 09:06]

.
Inhoud van de 'Gedeelde Taken' map
"2007-12-28 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-12-25 21:36:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-05 21:36:36 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 21:38:56
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-12-28 21:40:26 - machine was rebooted
.
2007-12-26 13:49:47 --- E O F ---

**smeenk** · 28-12-07, 22:21

Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd

Download de bijlage: CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.
Post ook een nieuw logje van Hijackthis en vertel of je nog problemen ondervindt

Bijgevoegde Bestanden

cfscript.txt (146 Bytes, 119 keer bekeken)

**mark_90** · 29-12-07, 10:17

Ik krijg het logje van Combofix niet, ik zie als laatst een blauw scherm met daarin '' start geen programma's op'' of zo, en dan doet ie niks meer, het kan eraan liggen dat de taakbalk en de pictogrammen ook 1 keer verdwijnen en dat is bij het laatste blauwe scherm, misschien dat ie zich daaraan stoord of zo:S ik heb wel hijackthislogje:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14, on 2007-12-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eigenaar\Bureaublad\Nieuwe map\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] -RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] -RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Unknown owner - -C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing)
O23 - Service: PACSPTISVR - Unknown owner - -C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - -C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - -C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - -"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe" (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - -"C:\Program Files\Windows Live\installer\WLSetupSvc.exe" (file missing)
O23 - Service: WMP54Gv4SVC - Unknown owner - -"C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe" (file missing)
O23 - Service: Windows Media Player Network Sharing-service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)

--
End of file - 7636 bytes

**smeenk** · 29-12-07, 10:23

Je Hijackthis logje ziet er op zich wel goed uit

Verwijder de volgende map:
C:\Qoobox

Maak dan je prullenbak leeg.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix deïnstalleren.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Vertel of je nog problemen ondervindt

**mark_90** · 29-12-07, 10:32

Ik heb geen problemen meer

heel erg bedankt!

**smeenk** · 29-12-07, 10:34

Graag gedaan hoor

**mark_90** · 29-12-07, 10:36

Het duurt meestal wel erg lang voordat ik mijn bureablad enzo ziet als ik um opstart, ik krijg soms een minuut dat scherm te zien met ''Welkom'' . Of moet ik deze vraag ergens anders stellen?

**smeenk** · 29-12-07, 11:42

Je zou ook dit nog even kunnen proberen:
Download Dial-a-fix-2006 en pak beide bestanden in hun eigen map uit naar je Bureaublad.

In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe
In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all).
Klik daarna op "GO" en laat de tool alle instellingen terugzetten.
Sluit dit venster na afloop door onderaan op "Exit" te klikken.

Meld of dat verbetering geeft.

Mededeling

Pictogrammen en taalbalk verdwijnen constant om 10 sec.

Pictogrammen en taalbalk verdwijnen constant om 10 sec.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment