Mededeling

Collapse
No announcement yet.

E-bay virus

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    E-bay virus

    http://www.nucia.eu/forum/showthread.php?t=33097

    In deze thread is hetzelfde probleem. Vanaf mijn e-mailaccount is een mail verstuurd naar iedereen in mijn adressenlijst met daarin een vaag mailtje van E-bay zogenaamd. Daarin stonden 3 dezelfde rare links die waarschijnlijk naar iets rottigs door verwijzen. Nu heb ik hetzelfde gedaan als wat daar aangeraden werd, namelijk RVAXO.exe en Combofix laten draaien.

    Rvaxo log:
    ----------------RVAXO.exe first run-------------

    Files found:

    C:\WINDOWS\system32\tcbleuvd.dll
    C:\WINDOWS\system32\Snt.exe
    C:\WINDOWS\system32\Netverchk.exe

    Uninstallers Rogue scanners:


    Folders Found:

    C:\Program Files\MStart2Page

    Hosts-file was reset, If you use a custom hosts file please replace it...

    --------------RVAXO.exe last run---------------

    Files found:

    Folders Found:

    --------------RVAXO.exe finished----------------



    Combofix Log:
    ComboFix 08-01-08.2 - Jelle 2008-01-07 21:34:24.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.572 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Jelle\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Jelle\Application Data\SSEMBL~1
    C:\Documents and Settings\Jelle\Application Data\YSTEM3~1
    C:\Documents and Settings\Jelle\Application Data\YSTEM3~1\?ystem32\
    C:\WINDOWS\ppatch~1
    C:\WINDOWS\system32\sstem3~1
    C:\WINDOWS\system32\sstem3~1\n?tdde.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-08 to 2008-01-08 ))))))))))))))))))))))))))))))
    .

    2008-01-07 21:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-07 21:30 . 2008-01-07 21:30 <DIR> d-------- C:\RVAXO
    2008-01-07 21:28 . 2008-01-07 18:49 592,356 --a------ C:\WINDOWS\system32\RVAXO.bat
    2008-01-07 21:28 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
    2008-01-06 19:51 . 2008-01-06 20:47 <DIR> d-------- C:\Program Files\Windows Live
    2008-01-06 19:51 . 2008-01-06 19:57 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-01-06 19:51 . 2008-01-06 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-01-06 19:45 . 2008-01-06 20:47 <DIR> d-------- C:\Program Files\MSN Messenger
    2008-01-06 19:16 . 2008-01-07 21:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-06 19:16 . 2008-01-06 19:16 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-06 19:06 . 2008-01-06 19:06 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
    2008-01-06 19:06 . 2008-01-06 19:06 <DIR> d-------- C:\Program Files\MSECACHE
    2008-01-06 18:54 . 2008-01-06 18:54 <DIR> d-------- C:\WINDOWS\ServicePackFiles
    2008-01-06 18:54 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp
    2008-01-06 18:53 . 2008-01-06 18:53 <DIR> d-------- C:\WINDOWS\EHome
    2008-01-06 16:15 . 2008-01-06 16:15 <DIR> d-------- C:\Documents and Settings\Jelle\Application Data\gtk-2.0
    2008-01-06 13:00 . 2008-01-06 18:51 <DIR> d-------- C:\Documents and Settings\Jelle\Application Data\.purple
    2008-01-06 12:59 . 2008-01-06 13:00 <DIR> d-------- C:\Program Files\Pidgin
    2008-01-06 12:59 . 2008-01-06 12:59 <DIR> d-------- C:\Program Files\Common Files\GTK
    2008-01-06 11:23 . 2008-01-07 07:12 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
    2008-01-03 10:40 . 2008-01-03 10:40 <DIR> d-------- C:\Program Files\DNA
    2008-01-03 10:40 . 2008-01-08 21:34 <DIR> d-------- C:\Documents and Settings\Jelle\Application Data\DNA
    2007-12-30 15:52 . 2007-12-30 15:52 <DIR> d-------- C:\Documents and Settings\Jelle\Application Data\Netscape
    2007-12-30 15:51 . 2007-12-30 15:51 <DIR> d-------- C:\Program Files\Netscape
    2007-12-30 14:15 . 2008-01-03 10:41 <DIR> d-------- C:\Documents and Settings\Jelle\Application Data\Azureus
    2007-12-30 14:15 . 2007-12-30 14:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2007-12-30 14:10 . 2008-01-06 11:07 <DIR> d-------- C:\Program Files\Azureus

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-08 20:36 --------- d-----w C:\Documents and Settings\Jelle\Application Data\Skype
    2008-01-06 17:51 --------- d-----w C:\Documents and Settings\Jelle\Application Data\.purple
    2008-01-06 11:02 --------- d-----w C:\Documents and Settings\Jelle\Application Data\BitTorrent
    2008-01-06 10:19 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-01-06 10:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-01-03 09:40 --------- d-----w C:\Program Files\BitTorrent
    2007-12-30 13:07 --------- d-----w C:\Program Files\SmartFTP Client
    2007-12-24 15:56 --------- d-----w C:\Documents and Settings\Jelle\Application Data\U3
    2007-12-20 15:34 --------- d-----w C:\Program Files\Google
    2007-12-19 10:16 --------- d-----w C:\Documents and Settings\Jelle\Application Data\CoreFTP
    2007-12-06 20:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-06 11:54 --------- d-----w C:\Documents and Settings\Jelle\Application Data\dvdcss
    2007-11-20 21:25 --------- d-----w C:\Program Files\Electronic Arts
    2007-11-13 22:12 --------- d-----w C:\Program Files\CoreFTP
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-12 12:05 --------- d-----w C:\Program Files\RegCleaner
    2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
    2007-03-24 17:07 32,992 ----a-w C:\Documents and Settings\Jelle\Application Data\GDIPFONTCACHEV1.DAT
    2007-01-07 15:35 512 ----a-w C:\Documents and Settings\Jelle\Application Data\wklnhst.dat
    2007-01-03 19:14 49 ----a-w C:\Documents and Settings\Jelle\Application Data\internaldb41.dat
    2007-01-03 19:14 337 ----a-w C:\Documents and Settings\Jelle\Application Data\internaldb1942.dat
    2006-12-05 11:00 20,480 ----a-w C:\Documents and Settings\Jelle\Application Data\internaldb4827.dat
    2006-12-05 10:59 9,216 ----a-w C:\Documents and Settings\Jelle\Application Data\internaldb8467.dat
    2006-12-05 10:59 0 ----a-w C:\Documents and Settings\Jelle\Application Data\internaldb6334.dat
    2006-12-05 10:59 0 ----a-w C:\Documents and Settings\Jelle\Application Data\internaldb5436.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-31 16:40 22879528]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-01-03 10:40 290112]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
    "nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-19 11:35 185784]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 13:23 200704]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920]
    "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
    "OpenMstart"="C:\WINDOWS\system32\Snt.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingdm32]
    wingdm32.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
    C:\WINDOWS\system32\br_rt.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    --a------ 2007-11-27 23:45 588080 C:\Program Files\BitTorrent\bittorrent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Chckup]
    C:\WINDOWS\system32\Netverchk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
    C:\FRAPS\FRAPS.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hitman Pro Expiration Helper]
    C:\Program Files\Hitman Pro\xphelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2007-06-28 23:43 8466432 C:\WINDOWS\system32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2007-06-28 23:43 81920 C:\WINDOWS\system32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
    --a------ 2004-09-23 13:41 860160 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    --a------ 2004-10-14 10:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2006-11-28 12:27 36972 C:\Program Files\Java\jre1.5.0\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhatPulse]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "svcWRSSSDK"=2 (0x2)
    "SDhelper"=3 (0x3)
    "iPod Service"=3 (0x3)
    "dmadmin"=3 (0x3)
    "Diskeeper"=2 (0x2)

    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-05-04 08:27]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
    \Shell\AutoRun\command - K:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{447cc3d8-91fc-11db-b9cd-0015f2283d57}]
    \Shell\AutoRun\command - K:\LaunchU3.exe

    *Newly Created Service* - PROCEXP90
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-08 21:36:31
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-01-08 21:37:17
    ComboFix-quarantined-files.txt 2008-01-08 20:37:16





    Weet iemand wat voor raar programma dit veroorzaakt en hoe ik er van af kom? Alvast bedankt.
    Labels: Geen
    • Citaat
  • #2
    Download Combofix even opnieuw en maak daarmee een nieuw logje.
    Plaats dat in je volgende bericht.
    Vertel ook of je nog steeds problemen ondervindt
    • Citaat

    Comment

    • #3
      Hallo

      Sindsdien heeft mijn pc niet meer uit zichzelf vreemde mailtjes verstuurd, dus ik weet niet of er nog steeds rare dingen erin zitten. In ieder geval, ik heb combofix opnieuw laten draaien, en dit logje is eruit gekomen.



      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))
      .

      2008-01-16 18:17 . 2008-01-16 18:17 754 --a------ C:\WINDOWS\WORDPAD.INI
      2008-01-11 16:41 . 2008-01-11 16:41 <DIR> dr-hs---- C:\sys
      2008-01-07 21:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2008-01-07 21:30 . 2008-01-07 21:30 <DIR> d-------- C:\RVAXO
      2008-01-07 21:28 . 2008-01-07 18:49 592,356 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-01-07 21:28 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2008-01-06 19:51 . 2008-01-06 20:47 <DIR> d-------- C:\Program Files\Windows Live
      2008-01-06 19:51 . 2008-01-06 19:57 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
      2008-01-06 19:51 . 2008-01-06 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-01-06 19:45 . 2008-01-06 20:47 <DIR> d-------- C:\Program Files\MSN Messenger
      2008-01-06 19:16 . 2008-01-17 19:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-01-06 19:16 . 2008-01-06 19:16 1,409 --a------ C:\WINDOWS\QTFont.for
      2008-01-06 19:06 . 2008-01-06 19:06 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
      2008-01-06 19:06 . 2008-01-06 19:06 <DIR> d-------- C:\Program Files\MSECACHE
      2008-01-06 18:54 . 2008-01-06 18:54 <DIR> d-------- C:\WINDOWS\ServicePackFiles
      2008-01-06 18:54 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp
      2008-01-06 18:53 . 2008-01-06 18:53 <DIR> d-------- C:\WINDOWS\EHome
      2008-01-06 16:15 . 2008-01-06 16:15 <DIR> d-------- C:\Documents and Settings\Jelle\Application Data\gtk-2.0
      2008-01-06 13:00 . 2008-01-06 18:51 <DIR> d-------- C:\Documents and Settings\Jelle\Application Data\.purple
      2008-01-06 12:59 . 2008-01-06 13:00 <DIR> d-------- C:\Program Files\Pidgin
      2008-01-06 12:59 . 2008-01-06 12:59 <DIR> d-------- C:\Program Files\Common Files\GTK
      2008-01-06 11:23 . 2008-01-07 07:12 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
      2008-01-03 10:40 . 2008-01-03 10:40 <DIR> d-------- C:\Program Files\DNA
      2008-01-03 10:40 . 2008-01-18 18:50 <DIR> d-------- C:\Documents and Settings\Jelle\Application Data\DNA
      2007-12-30 15:52 . 2007-12-30 15:52 <DIR> d-------- C:\Documents and Settings\Jelle\Application Data\Netscape
      2007-12-30 15:51 . 2007-12-30 15:51 <DIR> d-------- C:\Program Files\Netscape
      2007-12-30 14:15 . 2008-01-03 10:41 <DIR> d-------- C:\Documents and Settings\Jelle\Application Data\Azureus
      2007-12-30 14:15 . 2007-12-30 14:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
      2007-12-30 14:10 . 2008-01-06 11:07 <DIR> d-------- C:\Program Files\Azureus

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-18 17:48 --------- d-----w C:\Documents and Settings\Jelle\Application Data\Skype
      2008-01-15 17:49 --------- d-----w C:\Documents and Settings\Jelle\Application Data\BitTorrent
      2008-01-09 13:02 33,768 ----a-w C:\Documents and Settings\Jelle\Application Data\GDIPFONTCACHEV1.DAT
      2008-01-06 17:51 --------- d-----w C:\Documents and Settings\Jelle\Application Data\.purple
      2008-01-06 10:19 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-01-06 10:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
      2008-01-03 09:40 --------- d-----w C:\Program Files\BitTorrent
      2007-12-30 13:07 --------- d-----w C:\Program Files\SmartFTP Client
      2007-12-24 15:56 --------- d-----w C:\Documents and Settings\Jelle\Application Data\U3
      2007-12-20 15:34 --------- d-----w C:\Program Files\Google
      2007-12-19 10:16 --------- d-----w C:\Documents and Settings\Jelle\Application Data\CoreFTP
      2007-12-06 20:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2007-12-06 11:54 --------- d-----w C:\Documents and Settings\Jelle\Application Data\dvdcss
      2007-11-20 21:25 --------- d-----w C:\Program Files\Electronic Arts
      2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
      2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
      2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
      2007-01-07 15:35 512 ----a-w C:\Documents and Settings\Jelle\Application Data\wklnhst.dat
      2007-01-03 19:14 49 ----a-w C:\Documents and Settings\Jelle\Application Data\internaldb41.dat
      2007-01-03 19:14 337 ----a-w C:\Documents and Settings\Jelle\Application Data\internaldb1942.dat
      2006-12-05 11:00 20,480 ----a-w C:\Documents and Settings\Jelle\Application Data\internaldb4827.dat
      2006-12-05 10:59 9,216 ----a-w C:\Documents and Settings\Jelle\Application Data\internaldb8467.dat
      2006-12-05 10:59 0 ----a-w C:\Documents and Settings\Jelle\Application Data\internaldb6334.dat
      2006-12-05 10:59 0 ----a-w C:\Documents and Settings\Jelle\Application Data\internaldb5436.dat
      .

      ((((((((((((((((((((((((((((( [email protected]_21.36.43,95 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
      + 2008-01-18 17:56:43 655,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
      + 2008-01-18 17:56:43 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
      + 2008-01-18 17:56:43 655,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
      + 2008-01-18 17:56:43 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
      + 2008-01-18 17:56:44 5,378,048 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
      + 2008-01-18 17:56:44 40,960 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
      .
      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
      "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-31 16:40 22879528]
      "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-01-03 10:40 290112]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
      "nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe]
      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-19 11:35 185784]
      "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 13:23 200704]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920]
      "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
      "OpenMstart"="C:\WINDOWS\system32\Snt.exe" [ ]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingdm32]
      wingdm32.dll

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
      backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
      backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
      C:\WINDOWS\system32\br_rt.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
      --a------ 2007-11-27 23:45 588080 C:\Program Files\BitTorrent\bittorrent.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Chckup]
      C:\WINDOWS\system32\Netverchk.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
      --a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
      C:\FRAPS\FRAPS.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hitman Pro Expiration Helper]
      C:\Program Files\Hitman Pro\xphelper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
      --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
      --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
      --a------ 2007-06-28 23:43 8466432 C:\WINDOWS\system32\NvCpl.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
      --a------ 2007-06-28 23:43 81920 C:\WINDOWS\system32\NvMcTray.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
      --a------ 2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
      --a------ 2004-09-23 13:41 860160 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
      --a------ 2004-10-14 10:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      --a------ 2006-11-28 12:27 36972 C:\Program Files\Java\jre1.5.0\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhatPulse]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "svcWRSSSDK"=2 (0x2)
      "SDhelper"=3 (0x3)
      "iPod Service"=3 (0x3)
      "dmadmin"=3 (0x3)
      "Diskeeper"=2 (0x2)

      R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-05-04 08:27]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
      \Shell\AutoRun\command - K:\LaunchU3.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{447cc3d8-91fc-11db-b9cd-0015f2283d57}]
      \Shell\AutoRun\command - K:\LaunchU3.exe

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-18 18:58:39
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-01-18 18:59:21
      ComboFix-quarantined-files.txt 2008-01-18 17:59:18
      ComboFix2.txt 2008-01-08 20:37:18
      • Citaat

      Comment

      • #4
        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd

        Download de bijlage: CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord.
        Bijgevoegde Bestanden
        • Citaat

        Comment

        • #5
          Bedankt voor je snelle reactie.

          Nieuwe log:

          ComboFix 08-01-18.5 - Jelle 2008-01-18 19:45:44.3 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.632 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Jelle\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\Jelle\Bureaublad\cfscript.txt
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
          .

          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))
          .

          2008-01-16 18:17 . 2008-01-16 18:17 754 --a------ C:\WINDOWS\WORDPAD.INI
          2008-01-11 16:41 . 2008-01-11 16:41 <DIR> dr-hs---- C:\sys
          2008-01-07 21:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
          2008-01-07 21:30 . 2008-01-07 21:30 <DIR> d-------- C:\RVAXO
          2008-01-07 21:28 . 2008-01-07 18:49 592,356 --a------ C:\WINDOWS\system32\RVAXO.bat
          2008-01-07 21:28 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
          2008-01-06 19:51 . 2008-01-06 20:47 <DIR> d-------- C:\Program Files\Windows Live
          2008-01-06 19:51 . 2008-01-06 19:57 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
          2008-01-06 19:51 . 2008-01-06 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
          2008-01-06 19:45 . 2008-01-06 20:47 <DIR> d-------- C:\Program Files\MSN Messenger
          2008-01-06 19:16 . 2008-01-17 19:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
          2008-01-06 19:16 . 2008-01-06 19:16 1,409 --a------ C:\WINDOWS\QTFont.for
          2008-01-06 19:06 . 2008-01-06 19:06 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
          2008-01-06 19:06 . 2008-01-06 19:06 <DIR> d-------- C:\Program Files\MSECACHE
          2008-01-06 18:54 . 2008-01-06 18:54 <DIR> d-------- C:\WINDOWS\ServicePackFiles
          2008-01-06 18:54 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp
          2008-01-06 18:53 . 2008-01-06 18:53 <DIR> d-------- C:\WINDOWS\EHome
          2008-01-06 16:15 . 2008-01-06 16:15 <DIR> d-------- C:\Documents and Settings\Jelle\Application Data\gtk-2.0
          2008-01-06 13:00 . 2008-01-06 18:51 <DIR> d-------- C:\Documents and Settings\Jelle\Application Data\.purple
          2008-01-06 12:59 . 2008-01-06 13:00 <DIR> d-------- C:\Program Files\Pidgin
          2008-01-06 12:59 . 2008-01-06 12:59 <DIR> d-------- C:\Program Files\Common Files\GTK
          2008-01-06 11:23 . 2008-01-07 07:12 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
          2008-01-03 10:40 . 2008-01-03 10:40 <DIR> d-------- C:\Program Files\DNA
          2008-01-03 10:40 . 2008-01-18 19:40 <DIR> d-------- C:\Documents and Settings\Jelle\Application Data\DNA
          2007-12-30 15:52 . 2007-12-30 15:52 <DIR> d-------- C:\Documents and Settings\Jelle\Application Data\Netscape
          2007-12-30 15:51 . 2007-12-30 15:51 <DIR> d-------- C:\Program Files\Netscape
          2007-12-30 14:15 . 2008-01-03 10:41 <DIR> d-------- C:\Documents and Settings\Jelle\Application Data\Azureus
          2007-12-30 14:15 . 2007-12-30 14:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
          2007-12-30 14:10 . 2008-01-06 11:07 <DIR> d-------- C:\Program Files\Azureus

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-18 18:20 --------- d-----w C:\Documents and Settings\Jelle\Application Data\Skype
          2008-01-15 17:49 --------- d-----w C:\Documents and Settings\Jelle\Application Data\BitTorrent
          2008-01-09 13:02 33,768 ----a-w C:\Documents and Settings\Jelle\Application Data\GDIPFONTCACHEV1.DAT
          2008-01-06 17:51 --------- d-----w C:\Documents and Settings\Jelle\Application Data\.purple
          2008-01-06 10:19 --------- d-----w C:\Program Files\Common Files\Adobe
          2008-01-06 10:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
          2008-01-03 09:40 --------- d-----w C:\Program Files\BitTorrent
          2007-12-30 13:07 --------- d-----w C:\Program Files\SmartFTP Client
          2007-12-24 15:56 --------- d-----w C:\Documents and Settings\Jelle\Application Data\U3
          2007-12-20 15:34 --------- d-----w C:\Program Files\Google
          2007-12-19 10:16 --------- d-----w C:\Documents and Settings\Jelle\Application Data\CoreFTP
          2007-12-06 20:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
          2007-12-06 11:54 --------- d-----w C:\Documents and Settings\Jelle\Application Data\dvdcss
          2007-11-20 21:25 --------- d-----w C:\Program Files\Electronic Arts
          2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
          2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
          2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
          2007-01-07 15:35 512 ----a-w C:\Documents and Settings\Jelle\Application Data\wklnhst.dat
          2007-01-03 19:14 49 ----a-w C:\Documents and Settings\Jelle\Application Data\internaldb41.dat
          2007-01-03 19:14 337 ----a-w C:\Documents and Settings\Jelle\Application Data\internaldb1942.dat
          2006-12-05 11:00 20,480 ----a-w C:\Documents and Settings\Jelle\Application Data\internaldb4827.dat
          2006-12-05 10:59 9,216 ----a-w C:\Documents and Settings\Jelle\Application Data\internaldb8467.dat
          2006-12-05 10:59 0 ----a-w C:\Documents and Settings\Jelle\Application Data\internaldb6334.dat
          2006-12-05 10:59 0 ----a-w C:\Documents and Settings\Jelle\Application Data\internaldb5436.dat
          .

          ((((((((((((((((((((((((((((( [email protected]_21.36.43,95 )))))))))))))))))))))))))))))))))))))))))
          .
          + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
          + 2008-01-18 18:45:40 655,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
          + 2008-01-18 18:45:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
          + 2008-01-18 18:45:40 655,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
          + 2008-01-18 18:45:41 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
          + 2008-01-18 18:45:41 5,378,048 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
          + 2008-01-18 18:45:41 40,960 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
          "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
          "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-31 16:40 22879528]
          "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-01-03 10:40 290112]
          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
          "nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe]
          "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-19 11:35 185784]
          "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 13:23 200704]
          "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920]
          "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
          backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
          backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
          --a------ 2007-11-27 23:45 588080 C:\Program Files\BitTorrent\bittorrent.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
          --a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
          C:\FRAPS\FRAPS.EXE

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hitman Pro Expiration Helper]
          C:\Program Files\Hitman Pro\xphelper.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
          --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
          --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
          --a------ 2007-06-28 23:43 8466432 C:\WINDOWS\system32\NvCpl.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
          --a------ 2007-06-28 23:43 81920 C:\WINDOWS\system32\NvMcTray.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
          --a------ 2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
          --a------ 2004-09-23 13:41 860160 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
          --a------ 2004-10-14 10:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhatPulse]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
          "svcWRSSSDK"=2 (0x2)
          "SDhelper"=3 (0x3)
          "iPod Service"=3 (0x3)
          "dmadmin"=3 (0x3)
          "Diskeeper"=2 (0x2)

          R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-05-04 08:27]

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
          \Shell\AutoRun\command - K:\LaunchU3.exe

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{447cc3d8-91fc-11db-b9cd-0015f2283d57}]
          \Shell\AutoRun\command - K:\LaunchU3.exe

          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-18 19:46:29
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2008-01-18 19:47:07
          ComboFix-quarantined-files.txt 2008-01-18 18:47:06
          ComboFix2.txt 2008-01-18 17:59:21
          ComboFix3.txt 2008-01-08 20:37:18
          • Citaat

          Comment

          • #6
            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Ga naar Start - Uitvoeren en geef hier het volgende in:
            Combofix /U
            Druk daarna op OK.
            Let op: Er moet een spatie tussen Combofix en /U zitten.

            Dit zal Combofix deïnstalleren.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Zijn alle problemen dan voorbij?
            • Citaat

            Comment

            Vorige template Volgende
            Sorry, you are not authorized to view this page
            Working...
            X