Mededeling

Collapse
No announcement yet.

virus ? Help ?

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • virus ? Help ?

    Hallo,

    Ik krijg steeds melding dat ik met een virus zit en verschillende pop-ups om programma's tegen spyware te installeren. Mijn zoon zei gisteren dat hij een boodschap gekregen had, wat weet ik niet juis, maar ik vermoed dat hij iets verkeerd gedaan heeft .
    Onderaan het scherm staat nu steeds een geel driehoekje te pinken met vermelding : System Alert:[email protected] en nog wat details bij.
    Ik geraak ook niet meer op mijn E-mail. Heb reeds verschillende malen spybot search en distroy gedraaid, mijn norton, en adaware. Bij de laatste kreeg ik wel het virus vermeld maar kon het op geen enkele wijze verwijderen of isoleren.
    Hierbij zend ik jullie mijn hijackthis-log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:24:50, on 26/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NetProject\scit.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\NetProject\scm.exe
    C:\Program Files\USB ADSL\CnxDslTb.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\TomTom HOME\TomTomHOME.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing)
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\USB ADSL\CnxDslTb.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
    O4 - S-1-5-18 Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'Default user')
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/229?21cb0fa7d5f94570ad9340756c2077d9
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/230?21cb0fa7d5f94570ad9340756c2077d9
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fotobook.foto.com/NewUploader/ImageUploader4.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/activeX/SpeedUploader.cab
    O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - C:\WINDOWS\system32\wbchha.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 11300 bytes

    alvast bedankt
    nirak

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      Hier is al één resultaat, het volgende volgt :

      ---RVAXO.exe Updated: 2008-02-26---first run---
      Uninstallers:

      Files found:
      C:\Documents and Settings\All Users\Menu Start\Online Security Guide.url
      C:\Documents and Settings\All Users\Menu Start\Security Troubleshooting.url
      C:\Documents and Settings\thuis\FAVORI~1\Online Security Test.url

      Folders Found:
      C:\Program Files\NetProject

      Hosts-file was reset, If you use a custom hosts file please replace it...
      -------------Extra search method----------------
      C:\Documents and Settings\Administrator\Menu Start\Programma's\Bureau-accessoires\Toegankelijkheid\Hulpprogrammabeheer.lnk
      C:\Documents and Settings\Default User\Menu Start\Programma's\Bureau-accessoires\Toegankelijkheid\Hulpprogrammabeheer.lnk
      C:\Documents and Settings\thuis\Menu Start\Programma's\Bureau-accessoires\Toegankelijkheid\Hulpprogrammabeheer.lnk
      C:\WINDOWS\system32\config\systemprofile\Menu Start\Programma's\Bureau-accessoires\Toegankelijkheid\Hulpprogrammabeheer.lnk

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------

      Comment


      • #4
        Hier is het volgende resultaat :

        Deckard's System Scanner v20071014.68
        Run by thuis on 2008-02-26 21:16:50
        Computer is in Normal Mode.
        --------------------------------------------------------------------------------

        -- System Restore --------------------------------------------------------------

        Successfully created a Deckard's System Scanner Restore Point.


        -- Last 5 Restore Point(s) --
        39: 2008-02-26 20:16:58 UTC - RP39 - Deckard's System Scanner Restore Point
        38: 2008-02-26 15:27:20 UTC - RP38 - Controlepunt van systeem
        37: 2008-02-24 17:04:57 UTC - RP37 - Controlepunt van systeem
        36: 2008-02-20 15:49:03 UTC - RP36 - Removed Will Rock
        35: 2008-02-19 16:58:33 UTC - RP35 - Controlepunt van systeem


        -- First Restore Point --
        1: 2007-12-18 22:59:35 UTC - RP1 - Controlepunt van systeem


        Backed up registry hives.
        Performed disk cleanup.



        -- HijackThis (run as thuis.exe) -----------------------------------------------

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 21:19:03, on 26/02/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16608)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\WINDOWS\ALCWZRD.EXE
        C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
        C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
        C:\Program Files\USB ADSL\CnxDslTb.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\TomTom HOME\TomTomHOME.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
        C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\MSN Messenger\MsnMsgr.Exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
        C:\Program Files\SpywareGuard\sgmain.exe
        C:\Program Files\SpywareGuard\sgbhp.exe
        C:\Documents and Settings\thuis\Bureaublad\dss.exe
        C:\PROGRA~1\TRENDM~1\HIJACK~1\thuis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
        O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
        O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
        O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
        O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
        O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
        O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
        O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
        O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\USB ADSL\CnxDslTb.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
        O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: BTTray.lnk = ?
        O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
        O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/229?21cb0fa7d5f94570ad9340756c2077d9
        O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/230?21cb0fa7d5f94570ad9340756c2077d9
        O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
        O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
        O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
        O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
        O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fotobook.foto.com/NewUploader/ImageUploader4.cab
        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
        O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/activeX/SpeedUploader.cab
        O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
        O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
        O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
        O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
        O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

        --
        End of file - 10322 bytes

        -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

        backup-20070826-202215-179 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        backup-20070826-202215-326 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
        backup-20070826-202215-399 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
        backup-20070826-202215-574 O2 - BHO: adssite - {F31B3634-12AA-41ca-B021-0685C3B3E4CA} - C:\WINDOWS\system32\nss8C.dll
        backup-20070828-223134-209 O17 - HKLM\System\CCS\Services\Tcpip\..\{F6A5A8BB-9947-47A9-808B-444DC2110ECA}: NameServer = 208.67.220.220,208.67.222.222
        backup-20070828-223134-239 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
        backup-20070828-223134-843 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

        -- File Associations -----------------------------------------------------------

        .js - unable to read key
        .js - unable to read key


        -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

        R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
        R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

        S3 btwmodem (Bluetooth-modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2401>
        S3 CnxEtP (ADSL USB MODEM WAN Adapter Filter Driver) - c:\windows\system32\drivers\cnxetp.sys <Not Verified; Conexant; Conexant USB ADSL Modem>
        S3 CnxEtU (ADSL USB MODEM Loader) - c:\windows\system32\drivers\cnxetu.sys <Not Verified; Conexant; Conexant USB ADSL Modem>
        S3 CnxTgN (ADSL USB MODEM WAN Adapter Driver) - c:\windows\system32\drivers\cnxtgn.sys <Not Verified; Conexant Systems Inc.; Conexant AccessRunner ADSL>
        S3 oUltraf - c:\docume~1\thuis\locals~1\temp\oultraf.sys (file missing)


        -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

        All services whitelisted.


        -- Device Manager: Disabled ----------------------------------------------------

        No disabled devices found.


        -- Scheduled Tasks -------------------------------------------------------------

        2008-02-26 21:10:02 256 --a------ C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job


        -- Files created between 2008-01-26 and 2008-02-26 -----------------------------

        2008-02-26 21:04:33 0 d-------- C:\RVAXO
        2008-02-26 20:50:23 540 --a------ C:\WINDOWS\system32\rvaxo-del.bat
        2008-02-26 20:45:01 718788 --a------ C:\WINDOWS\system32\RVAXO.bat
        2008-02-26 20:45:01 69632 --a------ C:\WINDOWS\system32\remove.exe
        2008-02-26 18:48:21 691545 --a------ C:\WINDOWS\unins000.exe
        2008-02-26 18:48:21 2543 --a------ C:\WINDOWS\unins000.dat
        2008-02-26 16:34:54 0 dr-h----- C:\Documents and Settings\thuis\Onlangs geopend
        2008-01-29 19:35:11 0 d-------- C:\Documents and Settings\thuis\Application Data\SolidWorks


        -- Find3M Report ---------------------------------------------------------------

        2008-02-26 21:18:11 0 d-------- C:\Program Files\Common Files\Symantec Shared
        2008-02-26 16:35:34 0 d-------- C:\Program Files\SpywareGuard
        2008-02-25 22:23:23 0 d-------- C:\Program Files\SpywareBlaster
        2008-02-24 11:00:52 0 d-------- C:\Documents and Settings\thuis\Application Data\LimeWire
        2008-02-20 16:49:16 0 d--h----- C:\Program Files\InstallShield Installation Information
        2008-02-15 23:02:43 0 d-------- C:\Program Files\Google
        2008-02-04 14:39:33 0 d-------- C:\Program Files\Codemasters
        2008-01-26 19:06:09 0 d-------- C:\Documents and Settings\thuis\Application Data\U3
        2008-01-25 23:04:23 0 d-------- C:\Program Files\TicTacPhoto
        2008-01-23 16:04:56 0 d-------- C:\Program Files\Ubi Soft
        2008-01-18 14:13:58 0 d-------- C:\Program Files\Norton 360
        2008-01-14 22:10:49 0 d-------- C:\Documents and Settings\thuis\Application Data\Symantec
        2008-01-13 18:19:44 0 d-------- C:\Documents and Settings\thuis\Application Data\Adobe
        2008-01-11 21:48:34 0 d-------- C:\Program Files\Symantec
        2008-01-11 21:46:46 0 d-------- C:\Program Files\Common Files
        2007-12-26 11:16:22 458570 --a------ C:\WINDOWS\system32\perfh013.dat
        2007-12-26 11:16:21 77628 --a------ C:\WINDOWS\system32\perfc013.dat
        2007-12-14 11:55:23 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >


        -- Registry Dump ---------------------------------------------------------------

        *Note* empty entries & legit default entries are not shown


        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [07/01/2005 17:07 C:\WINDOWS\system32\HdAShCut.exe]
        "SoundMan"="SOUNDMAN.EXE" [21/06/2005 08:09 C:\WINDOWS\SOUNDMAN.EXE]
        "AlcWzrd"="ALCWZRD.EXE" [13/07/2005 08:47 C:\WINDOWS\ALCWZRD.EXE]
        "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [26/03/2003 08:19]
        "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [17/12/2002 11:40]
        "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [02/12/2002 20:56]
        "CnxDslTaskBar"="C:\Program Files\USB ADSL\CnxDslTb.exe" [26/01/2007 09:04]
        "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/04/2007 08:41]
        "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12/03/2007 09:22]
        "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [14/03/2007 15:52]
        "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/05/2007 11:45]
        "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
        "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/01/2007 22:59]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:03]
        "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 11:54]

        C:\Documents and Settings\thuis\Menu Start\Programma's\Opstarten\
        SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [29/08/2003 18:05:35]

        C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
        Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [21/11/2003 17:08:52]
        Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]
        BTTray.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [24/08/2005 13:06:54]

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
        "DisableRegistryTools"=0 (0x0)

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
        @="Service"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
        @="Service"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
        @="Volume shadow copy"

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
        "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

        *Newly Created Service* - COMHOST



        -- End of Deckard's System Scanner: finished at 2008-02-26 21:19:38 ------------

        Wat nu ?
        Er is in ieder geval al geen irritant knipperend driehoekje meer !

        Nirak

        Comment


        • #5
          Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
          Dit zal alles van RVAXO doen verwijderen.

          Download ATF cleaner (mirror)(gemaakt door Atribune)

          Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

          Dubbelklik op ATF cleaner om het programma te starten.
          Op het tabblad "Main", plaats je een vinkje bij Select All.
          Klik op de knop Empty Selected.

          Het volgende doen als je ook FireFox als browser hebt:
          Klik op tabblad "Firefox", plaats een vinkje bij Select All.
          Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
          (dit haalt het vinkje weer weg bij "Firefox saved passwords")
          Klik op de knop Empty Selected.

          Het volgende doen als je ook Opera als browser hebt:
          Klik op tabblad "Opera", plaats een vinkje bij Select All.
          Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
          Klik op de knop Empty Selected.
          Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten..

          Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
          Kijk hier hoe je je systeemherstel moet uitschakelen.
          Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

          Dan denk ik dat alles weer OK is

          Comment


          • #6
            Hallo, ik heb alles gedaan en denk inderdaad dat het daarmee opgelost is.
            Alweer bedankt
            Nirak

            Comment


            • #7
              Graag gedaan hoor

              Comment

              Sorry, you are not authorized to view this page
              Working...
              X