Mededeling

Collapse
No announcement yet.

Win32 netsky Worm

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Win32 netsky Worm

    Hallo, ik heb te maken met een win32 netsky worm.
    Via een vriend heb ik te horen gekregen dat ik via jullie hier vanaf kan komen.
    De melding die ik elke keer krijg is:
    "security warning! Worm.Win32.NetSky detected on your computer".
    Tevens krijg ik de melding: windows security alert Windows has detected an internet attack attempt.

    Wat moet ik doen?

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      De laptop waar het op zit, is erg traag.
      kan het kwaad om de logjes m.b.v. een usb stick naar mijn andere computer te verplaatsen, zodat ik ze via deze op het forum plaats.
      enig gevaar?

      Comment


      • #4
        Nee dat kan geen kwaad

        Comment


        • #5
          ---RVAXO.exe Updated: 2008-02-27---first run---
          Uninstallers:

          Files found:
          C:\WINDOWS\dmdqdrxnrp.dll
          C:\WINDOWS\fsxloqf.exe
          C:\WINDOWS\dat.txt
          C:\WINDOWS\rs.txt
          C:\WINDOWS\system32\vbzip11.dll
          C:\WINDOWS\search_res.txt
          C:\WINDOWS\bdmnopx.dll
          C:\WINDOWS\admggxp.dll
          C:\WINDOWS\system32\actskn45.ocx
          C:\Documents and Settings\rogier oltvoort\Bureau~1\Error Cleaner.url
          C:\Documents and Settings\rogier oltvoort\Bureau~1\Spyware&Malware Protection.url
          C:\Documents and Settings\rogier oltvoort\Bureau~1\Privacy Protector.url
          C:\Documents and Settings\rogier oltvoort\FAVORI~1\Error Cleaner.url
          C:\Documents and Settings\rogier oltvoort\FAVORI~1\Privacy Protector.url
          C:\Documents and Settings\rogier oltvoort\FAVORI~1\Spyware&Malware Protection.url

          Folders Found:
          C:\Program Files\MyGlobalSearch

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------
          Not deleted items:

          --------------RVAXO.exe finished----------------

          Comment


          • #6
            Deckard's System Scanner v20071014.68
            Run by rogier oltvoort on 2008-02-27 18:39:16
            Computer is in Normal Mode.
            --------------------------------------------------------------------------------

            -- System Restore --------------------------------------------------------------

            Successfully created a Deckard's System Scanner Restore Point.


            -- Last 5 Restore Point(s) --
            64: 2008-02-27 17:39:34 UTC - RP488 - Deckard's System Scanner Restore Point
            63: 2008-02-15 20:13:17 UTC - RP487 - Installed Ad-Aware 2007
            62: 2008-02-15 19:51:35 UTC - RP486 - Software Distribution Service 3.0
            61: 2008-02-14 15:39:27 UTC - RP485 - Controlepunt van systeem
            60: 2008-02-13 08:17:45 UTC - RP484 - Software Distribution Service 3.0


            -- First Restore Point --
            1: 2007-11-16 19:22:20 UTC - RP425 - Controlepunt van systeem


            Backed up registry hives.
            Performed disk cleanup.



            -- HijackThis (run as rogier oltvoort.exe) -------------------------------------

            Unable to find log (file not found); running clone.
            -- HijackThis Clone ------------------------------------------------------------


            Emulating logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 2008-02-27 18:41:37
            Platform: Windows XP Service Pack 2 (5.01.2600)
            MSIE: Internet Explorer (7.00.6000.16608)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\system32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\ati2evxx.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
            C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
            C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
            C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
            C:\WINDOWS\system32\ati2evxx.exe
            C:\WINDOWS\explorer.exe
            C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            C:\Program Files\Bonjour\mDNSResponder.exe
            C:\WINDOWS\system32\CTSVCCDA.EXE
            C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
            C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
            C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
            C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
            C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
            C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
            C:\Program Files\Dell\QuickSet\quickset.exe
            C:\Program Files\Apoint\Apoint.exe
            C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
            C:\Program Files\Apoint\ApntEx.exe
            C:\Program Files\Dell\Media Experience\DMXLauncher.exe
            C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
            C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
            C:\Program Files\Common Files\Symantec Shared\ccApp.exe
            C:\WINDOWS\system32\mmrtkrnl.exe
            C:\Program Files\iTunes\iTunesHelper.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Messenger\msmsgs.exe
            C:\Documents and Settings\rogier oltvoort\Mijn documenten\Detector\CTDetect.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
            C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
            C:\Program Files\Digital Line Detect\DLG.exe
            C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
            C:\Program Files\iPod\bin\iPodService.exe
            C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
            C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
            C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
            C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
            C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
            C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
            C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
            C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
            C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
            C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
            C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
            C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
            C:\Documents and Settings\rogier oltvoort\Bureaublad\dss.exe
            C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
            R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
            R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
            R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = il-w.shfortis.walphen.net:3148
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
            R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
            R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
            O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
            O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
            O2 - BHO: SXG Advisor - {FDC5F6BF-F822-47EE-A03D-8158DF526AC9} - C:\WINDOWS\dmdqdrxnrp.dll (file missing)
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
            O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
            O3 - Toolbar: emotrlq - {7D304AC3-18E9-4836-A2AC-4D4F06D035E7} - C:\WINDOWS\emotrlq.dll
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
            O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
            O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
            O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
            O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
            O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
            O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
            O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
            O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
            O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
            O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
            O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
            O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i
            O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
            O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - HKCU\..\Run: [Creative Detector] "C:\Documents and Settings\rogier oltvoort\Mijn documenten\Detector\CTDetect.exe" /R
            O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
            O4 - HKCU\..\Run: [igndlm.exe] C:\Documents and Settings\rogier oltvoort\Mijn documenten\Download Manager\DLM.exe /windowsstart /startifwork
            O4 - HKCU\..\Run: [Update] "C:\DOCUME~1\ROGIER~1\LOCALS~1\Temp\update.exe"
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
            O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
            O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
            O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
            O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
            O4 - Global Startup: Philips FunCam Monitor.lnk = ?
            O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
            O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Documents and Settings\rogier oltvoort\Pokerstars\PokerStarsUpdate.exe
            O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
            O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
            O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
            O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
            O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
            O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
            O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
            O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{30324E31-16B3-4F27-83F7-0A1787644CAD}: NameServer = 192.168.2.1
            O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{3E49665D-B2CB-432E-88F9-FE8520F3D64A}: NameServer = 192.168.2.1
            O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
            O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
            O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
            O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
            O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
            O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
            O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
            O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
            O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
            O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
            O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
            O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
            O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
            O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
            O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
            O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
            O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
            O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
            O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
            O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe


            --
            End of file - 15456 bytes

            -- File Associations -----------------------------------------------------------

            All associations okay.


            -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

            R0 MMRTKRNL - c:\windows\system32\drivers\mmrtkrnl.sys <Not Verified; AlcaTech; BPM Studio>
            R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
            R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
            R1 StarOpen - c:\windows\system32\drivers\staropen.sys
            R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
            R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
            R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
            R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
            R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
            R3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
            R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
            R3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
            R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)>

            S3 NPF (Netgroup Packet Filter) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
            S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
            S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>


            -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

            R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
            R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
            R2 Bonjour Service (Bonjour-service) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
            R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
            R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
            R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>


            -- Device Manager: Disabled ----------------------------------------------------

            Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
            Description: 1394-netwerkkaart
            Device ID: V1394\NIC1394\2BAE830314FC000
            Manufacturer: Microsoft
            Name: 1394-netwerkkaart
            PNP Device ID: V1394\NIC1394\2BAE830314FC000
            Service: NIC1394


            -- Scheduled Tasks -------------------------------------------------------------

            2008-02-27 18:42:00 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
            2008-02-10 15:47:00 300 --a------ C:\WINDOWS\Tasks\WebReg psc 1400 series.job
            2008-01-30 18:31:16 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
            2008-01-25 20:00:00 570 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan - beheerder.job


            -- Files created between 2008-01-27 and 2008-02-27 -----------------------------

            2008-02-27 18:28:09 0 d-------- C:\RVAXO
            2008-02-27 18:24:56 712426 --a------ C:\WINDOWS\system32\RVAXO.bat
            2008-02-27 18:24:56 69632 --a------ C:\WINDOWS\system32\remove.exe
            2008-02-15 21:13:20 0 d-------- C:\Program Files\Lavasoft
            2008-02-15 21:13:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
            2008-02-13 10:24:48 0 d-------- C:\WINDOWS\network diagnostic
            2008-02-13 08:08:50 204800 --a------ C:\WINDOWS\emotrlq.dll <Not Verified; ; emotrlq Module>
            2008-02-13 00:27:39 0 d-------- C:\Program Files\MediaAccumulativeCodec
            2008-02-10 16:48:59 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
            2008-01-30 18:33:39 0 d-------- C:\Documents and Settings\rogier oltvoort\Application Data\Apple Computer
            2008-01-30 18:33:09 0 d-------- C:\Program Files\iPod
            2008-01-30 18:32:52 0 d-------- C:\Program Files\iTunes
            2008-01-30 18:32:27 0 d-------- C:\Program Files\Bonjour
            2008-01-30 18:31:34 0 d-------- C:\Program Files\QuickTime
            2008-01-30 18:31:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
            2008-01-30 18:31:10 0 d-------- C:\Program Files\Apple Software Update
            2008-01-30 18:30:38 0 d-------- C:\Program Files\Common Files\Apple
            2008-01-30 18:30:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


            -- Find3M Report ---------------------------------------------------------------

            2008-02-27 18:41:30 0 d-------- C:\Program Files\Common Files\Symantec Shared
            2008-02-15 21:12:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
            2008-02-13 10:55:18 0 d-------- C:\Documents and Settings\rogier oltvoort\Application Data\uTorrent
            2008-02-11 22:30:45 38614 --a------ C:\Documents and Settings\rogier oltvoort\Application Data\wklnhst.dat
            2008-01-30 18:30:38 0 d-------- C:\Program Files\Common Files
            2008-01-11 21:21:08 0 d--h----- C:\Program Files\InstallShield Installation Information
            2008-01-11 21:21:07 0 d-------- C:\Documents and Settings\rogier oltvoort\Application Data\Samsung
            2008-01-11 21:21:01 0 d-------- C:\Program Files\Samsung
            2008-01-03 17:52:45 0 d-------- C:\Program Files\IKEA HomePlanner


            -- Registry Dump ---------------------------------------------------------------

            *Note* empty entries & legit default entries are not shown


            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDC5F6BF-F822-47EE-A03D-8158DF526AC9}]
            C:\WINDOWS\dmdqdrxnrp.dll

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [26-07-2006 03:03]
            "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12-05-2005 21:00]
            "@"=""
            "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [30-10-2004 14:59]
            "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04-03-2005 11:26]
            "Apoint"="C:\Program Files\Apoint\Apoint.exe" [13-09-2004 16:33]
            "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [23-02-2005 16:19]
            "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [15-09-2004 01:01]
            "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe"
            "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [27-07-2004 16:50]
            "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11-05-2005 22:12]
            "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09-01-2007 21:59]
            "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [05-09-2006 18:22]
            "Realtime Audio Engine"="mmrtkrnl.exe" [23-05-2007 13:16 C:\WINDOWS\system32\mmrtkrnl.exe]
            "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12-03-2007 09:22]
            "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10-01-2008 15:27]
            "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15-01-2008 03:22]

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 12:00]
            "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13-10-2004 17:24]
            "Creative Detector"="C:\Documents and Settings\rogier oltvoort\Mijn documenten\Detector\CTDetect.exe" [02-12-2004 17:23]
            "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11-07-2007 09:47]
            "igndlm.exe"="C:\Documents and Settings\rogier oltvoort\Mijn documenten\Download Manager\DLM.exe" [05-03-2007 22:57]
            "Update"="C:\DOCUME~1\ROGIER~1\LOCALS~1\Temp\update.exe"

            C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
            Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14-12-2004 4:44:06]
            Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [22-12-2004 13:42:28]
            Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3-10-2005 19:28:42]
            HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11-5-2005 22:23:26]
            Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13-2-2001 1:01:04]
            Philips FunCam Monitor.lnk - C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe [19-5-2006 21:04:25]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
            C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 07-09-2004 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
            @="Service"

            *Newly Created Service* - COMHOST



            -- End of Deckard's System Scanner: finished at 2008-02-27 18:43:46 ------------
            Bijgevoegde Bestanden

            Comment


            • #7
              Open een klablokbestand.
              Kopieer onderstaande code in dit kladblokbestand.
              Ga naar Bestand - Opslaan als.
              Bij "Opslaan in" kies je: Bureaublad
              Bij "Bestandsnaam" zet je: del.bat
              Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
              Klik op de knop Opslaan.
              Code:
              FOR %%d in (
              MediaAccumulativeCodec
              emotrlq.dll) DO (
              echo Gevonden mappen: >> C:\delete.log
              FOR /F "tokens=*" %%h in ('DIR /B /S %systemdrive%\%%d*') DO ECHO %%h >> C:\delete.log
              FOR /F "tokens=*" %%h in ('DIR /B /S %systemdrive%\%%d*') DO ECHO del /q "%%h" >> delete.bat
              FOR /F "tokens=*" %%h in ('DIR /B /S /a:d %systemdrive%\%%d*') DO ECHO rd /s /q "%%h" >> delete.bat
              if exist delete.bat call delete.bat
              if exist delete.bat del /q delete.bat
              echo. >> C:\delete.log
              echo Niet verwijderd: >> C:\delete.log
              FOR /F "tokens=*" %%h in ('DIR /B /S %systemdrive%\%%d*') DO ECHO %%h >> C:\delete.log
              echo. >> C:\delete.log
              start notepad delete.log)
              Dubbelklik daarna op del.bat
              Last edited by smeenk; 28-02-08, 01:12.

              Comment


              • #8
                Als ik dat doe, krijg ik de melding:
                Cannot find the delete.log file.
                Ik neem aan dat ik log had moeten krijgen, en die dan hier plaatsen?

                Comment


                • #9
                  Probeer deze code eens:
                  Code:
                  FOR %%d in (
                  MediaAccumulativeCodec
                  emotrlq.dll) DO (
                  echo Gevonden mappen >> log.txt
                  FOR /F "tokens=*" %%h in ('DIR /B /S %systemdrive%\%%d*') DO ECHO %%h >> log.txt
                  FOR /F "tokens=*" %%j in ('DIR /B /S %systemdrive%\%%d*') DO ECHO del /q "%%j" >> delete.bat
                  FOR /F "tokens=*" %%i in ('DIR /B /S /a:d %systemdrive%\%%d*') DO ECHO rd /s /q "%%i" >> delete.bat
                  if exist delete.bat call delete.bat
                  echo. >> log.txt
                  echo Niet verwijderd >> log.txt
                  FOR /F "tokens=*" %%g in ('DIR /B /S %systemdrive%\%%d*') DO ECHO %%g >> log.txt
                  echo. >> log.txt
                  start notepad log.txt
                  exit)

                  Comment


                  • #10
                    Oke, ik ben een beetje stom bezig.
                    Omdat ik erg moe was gister, voerde ik die code in bij het kladblok op de vekeerde computer(die schoon is).
                    Ik zal vandaag de code bij de besmette laptop invoeren en dan hier weer wat plaatsen.
                    Last edited by voltvoort; 28-02-08, 07:43.

                    Comment


                    • #11
                      Heb het weer geprobeerd.
                      Met de eerste code kreeg ik weer de volgende melding:
                      Cannot find the delete.log file.
                      Met de tweede code kreeg ik dit:
                      Gevonden mappen

                      Niet verwijderd

                      Wat nu?

                      Comment


                      • #12
                        De mappen en bestanden zijn met het eerste scriptje al verwijderd alleen niet in het logje geplaatst.

                        Daarom vindt het 2e scriptje niets meer

                        Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
                        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
                        O2 - BHO: SXG Advisor - {FDC5F6BF-F822-47EE-A03D-8158DF526AC9} - C:\WINDOWS\dmdqdrxnrp.dll (file missing)
                        O4 - HKCU\..\Run: [Update] "C:\DOCUME~1\ROGIER~1\LOCALS~1\Temp\update.exe"
                        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
                        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
                        O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)

                        Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

                        Je Java software is verouderd.
                        Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                        Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                        • Download Java Runtime Environment (JRE) 6u4 en bewaar het naar je Bureaublad.
                        • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                        • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                        • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                        • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                        • Herhaal dit tot alle oudere versies verdwenen zijn.
                        • Na het verwijderen van alle oudere versies, herstart je pc.
                        • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

                        Post daarna een nieuw logje van Deckard's System Scanner

                        Comment


                        • #13
                          Deckard's System Scanner v20071014.68
                          Run by rogier oltvoort on 2008-02-28 17:22:10
                          Computer is in Normal Mode.
                          --------------------------------------------------------------------------------



                          -- HijackThis (run as rogier oltvoort.exe) -------------------------------------

                          Logfile of HijackThis v1.99.1
                          Scan saved at 17:22:12, on 28-2-2008
                          Platform: Windows XP SP2 (WinNT 5.01.2600)
                          MSIE: Internet Explorer v7.00 (7.00.6000.16608)

                          Running processes:
                          C:\WINDOWS\System32\smss.exe
                          C:\WINDOWS\system32\winlogon.exe
                          C:\WINDOWS\system32\services.exe
                          C:\WINDOWS\system32\lsass.exe
                          C:\WINDOWS\system32\Ati2evxx.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
                          C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
                          C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
                          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                          C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
                          C:\WINDOWS\system32\Ati2evxx.exe
                          C:\WINDOWS\Explorer.EXE
                          C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                          C:\WINDOWS\system32\spoolsv.exe
                          C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
                          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                          C:\Program Files\Bonjour\mDNSResponder.exe
                          C:\WINDOWS\system32\CTsvcCDA.exe
                          C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
                          C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                          C:\WINDOWS\system32\HPZipm12.exe
                          C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                          C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
                          C:\Program Files\Dell\QuickSet\quickset.exe
                          C:\Program Files\Apoint\Apoint.exe
                          C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
                          C:\Program Files\Apoint\Apntex.exe
                          C:\Program Files\Dell\Media Experience\DMXLauncher.exe
                          C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                          C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                          C:\WINDOWS\system32\mmrtkrnl.exe
                          C:\Program Files\iTunes\iTunesHelper.exe
                          C:\WINDOWS\system32\ctfmon.exe
                          C:\Program Files\Messenger\msmsgs.exe
                          C:\Documents and Settings\rogier oltvoort\Mijn documenten\Detector\CTDetect.exe
                          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                          C:\Program Files\iPod\bin\iPodService.exe
                          C:\Documents and Settings\rogier oltvoort\Bureaublad\dss.exe
                          C:\PROGRA~1\HIJACK~1\ROGIER~1.EXE

                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                          R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
                          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = il-w.shfortis.walphen.net:3148
                          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                          R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
                          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                          O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
                          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
                          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
                          O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
                          O3 - Toolbar: emotrlq - {7D304AC3-18E9-4836-A2AC-4D4F06D035E7} - C:\WINDOWS\emotrlq.dll
                          O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                          O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
                          O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
                          O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
                          O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
                          O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
                          O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
                          O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                          O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                          O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
                          O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i
                          O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
                          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
                          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                          O4 - HKCU\..\Run: [Creative Detector] "C:\Documents and Settings\rogier oltvoort\Mijn documenten\Detector\CTDetect.exe" /R
                          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                          O4 - HKCU\..\Run: [igndlm.exe] C:\Documents and Settings\rogier oltvoort\Mijn documenten\Download Manager\DLM.exe /windowsstart /startifwork
                          O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                          O4 - Global Startup: Bluetooth Manager.lnk = ?
                          O4 - Global Startup: Digital Line Detect.lnk = ?
                          O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                          O4 - Global Startup: Philips FunCam Monitor.lnk = C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
                          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
                          O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Documents and Settings\rogier oltvoort\Pokerstars\PokerStarsUpdate.exe
                          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
                          O11 - Options group: [INTERNATIONAL] International*
                          O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                          O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
                          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                          O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
                          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
                          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                          O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
                          O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
                          O17 - HKLM\System\CCS\Services\Tcpip\..\{30324E31-16B3-4F27-83F7-0A1787644CAD}: NameServer = 192.168.2.1
                          O17 - HKLM\System\CCS\Services\Tcpip\..\{3E49665D-B2CB-432E-88F9-FE8520F3D64A}: NameServer = 192.168.2.1
                          O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                          O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                          O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
                          O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
                          O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
                          O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
                          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                          O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                          O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
                          O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
                          O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
                          O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
                          O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
                          O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
                          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                          O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
                          O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                          O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
                          O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
                          O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
                          O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                          O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
                          O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
                          O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                          O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                          O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


                          -- Files created between 2008-01-28 and 2008-02-28 -----------------------------

                          2008-02-28 17:03:56 0 d-------- C:\Program Files\Common Files\Java
                          2008-02-27 18:28:09 0 d-------- C:\RVAXO
                          2008-02-27 18:24:56 712426 --a------ C:\WINDOWS\system32\RVAXO.bat
                          2008-02-27 18:24:56 69632 --a------ C:\WINDOWS\system32\remove.exe
                          2008-02-15 21:13:20 0 d-------- C:\Program Files\Lavasoft
                          2008-02-15 21:13:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                          2008-02-13 10:24:48 0 d-------- C:\WINDOWS\network diagnostic
                          2008-02-13 08:08:50 204800 --a------ C:\WINDOWS\emotrlq.dll <Not Verified; ; emotrlq Module>
                          2008-02-10 16:48:59 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
                          2008-01-30 18:33:39 0 d-------- C:\Documents and Settings\rogier oltvoort\Application Data\Apple Computer
                          2008-01-30 18:33:09 0 d-------- C:\Program Files\iPod
                          2008-01-30 18:32:52 0 d-------- C:\Program Files\iTunes
                          2008-01-30 18:32:27 0 d-------- C:\Program Files\Bonjour
                          2008-01-30 18:31:34 0 d-------- C:\Program Files\QuickTime
                          2008-01-30 18:31:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
                          2008-01-30 18:31:10 0 d-------- C:\Program Files\Apple Software Update
                          2008-01-30 18:30:38 0 d-------- C:\Program Files\Common Files\Apple
                          2008-01-30 18:30:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


                          -- Find3M Report ---------------------------------------------------------------

                          2008-02-28 17:04:45 0 d-------- C:\Program Files\Java
                          2008-02-28 17:03:56 0 d-------- C:\Program Files\Common Files
                          2008-02-28 17:03:35 0 d-------- C:\Program Files\Common Files\Symantec Shared
                          2008-02-15 21:12:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
                          2008-02-13 10:55:18 0 d-------- C:\Documents and Settings\rogier oltvoort\Application Data\uTorrent
                          2008-02-11 22:30:45 38614 --a------ C:\Documents and Settings\rogier oltvoort\Application Data\wklnhst.dat
                          2008-01-11 21:21:08 0 d--h----- C:\Program Files\InstallShield Installation Information
                          2008-01-11 21:21:07 0 d-------- C:\Documents and Settings\rogier oltvoort\Application Data\Samsung
                          2008-01-11 21:21:01 0 d-------- C:\Program Files\Samsung
                          2008-01-03 17:52:45 0 d-------- C:\Program Files\IKEA HomePlanner


                          -- Registry Dump ---------------------------------------------------------------

                          *Note* empty entries & legit default entries are not shown


                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12-05-2005 21:00]
                          "@"=""
                          "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [30-10-2004 14:59]
                          "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04-03-2005 11:26]
                          "Apoint"="C:\Program Files\Apoint\Apoint.exe" [13-09-2004 16:33]
                          "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [23-02-2005 16:19]
                          "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [15-09-2004 01:01]
                          "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe"
                          "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [27-07-2004 16:50]
                          "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11-05-2005 22:12]
                          "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09-01-2007 21:59]
                          "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [05-09-2006 18:22]
                          "Realtime Audio Engine"="mmrtkrnl.exe" [23-05-2007 13:16 C:\WINDOWS\system32\mmrtkrnl.exe]
                          "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12-03-2007 09:22]
                          "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10-01-2008 15:27]
                          "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15-01-2008 03:22]
                          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [14-12-2007 03:42]

                          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 12:00]
                          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13-10-2004 17:24]
                          "Creative Detector"="C:\Documents and Settings\rogier oltvoort\Mijn documenten\Detector\CTDetect.exe" [02-12-2004 17:23]
                          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11-07-2007 09:47]
                          "igndlm.exe"="C:\Documents and Settings\rogier oltvoort\Mijn documenten\Download Manager\DLM.exe" [05-03-2007 22:57]

                          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                          Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14-12-2004 4:44:06]
                          Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [22-12-2004 13:42:28]
                          Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3-10-2005 19:28:42]
                          HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11-5-2005 22:23:26]
                          Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13-2-2001 1:01:04]
                          Philips FunCam Monitor.lnk - C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe [19-5-2006 21:04:25]

                          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
                          C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 07-09-2004 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
                          @="Service"

                          *Newly Created Service* - COMHOST



                          -- End of Deckard's System Scanner: finished at 2008-02-28 17:22:30 ------------
                          Last edited by voltvoort; 28-02-08, 18:06.

                          Comment


                          • #14
                            Logje ziet er goed uit

                            Kan je dit bestand zelf vinden en verwijderen:
                            C:\WINDOWS\emotrlq.dll

                            Open de map RVAXO en dubbelklik op Uninstall.cmd
                            Dit zal alles van RVAXO doen verwijderen.

                            Download ATF cleaner (mirror)(gemaakt door Atribune)

                            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                            Dubbelklik op ATF cleaner om het programma te starten.
                            Op het tabblad "Main", plaats je een vinkje bij Select All.
                            Klik op de knop Empty Selected.

                            Het volgende doen als je ook FireFox als browser hebt:
                            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                            Klik op de knop Empty Selected.

                            Het volgende doen als je ook Opera als browser hebt:
                            Klik op tabblad "Opera", plaats een vinkje bij Select All.
                            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                            Klik op de knop Empty Selected.
                            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                            Ga naar Start - Uitvoeren en geef hier het volgende in:
                            Combofix /U
                            Druk daarna op OK.
                            Let op: Er moet een spatie tussen Combofix en /U zitten.

                            Dit zal Combofix deïnstalleren.

                            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                            Kijk hier hoe je je systeemherstel moet uitschakelen.
                            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                            Zijn alle problemen dan voorbij?

                            Comment


                            • #15
                              Combofix kon die niet vinden, is het er dan al af?
                              De bestanden die ik van je moest dowloaden(hijackthis, ATF-cleener, del.bat), kan ik die gewoon verwijderen?
                              Is het handig om eens in de zoveel tijd de ATF-cleener te gerbuiken?
                              Alles doet het weer. Nu even wat programma's verwijderen, zodat ie wat sneller wordt.
                              Heel erg bedankt voor je hulp, keep up the good work
                              Ik kom zeker terug als er weer eens iets aan de hand is.

                              Greetz voltvoort

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X