Mededeling

Collapse
No announcement yet.
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • [email protected]

    Hallo, sinds een week krijg ik op mijn prive-pc via het windows security center/firewall meldingen van dit virus. Omdat ik hierdoor het internet niet meer op kan en geen e-mail meer kan ontvangen, probeer ik dit probleem via de pc op mijn werk op te lossen.
    Onderstaand mijn HJT-logfile.

    Heel graag jullie bemiddeling bij mijn probleem.

    pieter

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:57:43, on 10-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\AVG\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\svw.exe
    C:\WINDOWS\svx.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
    C:\Program Files\TomTom HOME\TomTomHOME.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [netx] C:\WINDOWS\svx.exe
    O4 - HKLM\..\Run: [netw] C:\WINDOWS\svw.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: TomTom HOME.lnk = C:\Program Files\TomTom HOME\TomTomHOME.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech Harmony Remote V5.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
    O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {33331111-1111-1111-1111-611111193423} -
    O16 - DPF: {33331111-1111-1111-1111-611111193429} -
    O16 - DPF: {33331111-1111-1111-1111-615111193427} -
    O16 - DPF: {33331111-1131-1111-1111-611111193428} -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163102940345
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Alerter AlerterUPS (AlerterUPS) - Unknown owner - C:\WINDOWS\system32\12520850t.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: ieupdater2 (Microsoft IEUpdater2) - Unknown owner - C:\Documents and Settings\P.A. van der Kruk\ie_updater.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Task Scheduler ScheduleBITS (ScheduleBITS) - Unknown owner - C:\WINDOWS\system32\1031i.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    --
    End of file - 12878 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      Opdrachten bij thuiskomst uitgevoerd; onderstaand de inhoud van de RVAXO-results.log :

      ---RVAXO.exe Updated: 2008-02-18---first run---
      Files found:
      C:\WINDOWS\sv.exe
      C:\WINDOWS\svzip.exe
      C:\WINDOWS\svc.exe
      C:\WINDOWS\runsql.exe
      C:\WINDOWS\system32\RunOnce.t__
      C:\WINDOWS\system32\RunOnce.tm_
      C:\WINDOWS\system32\spywarewarning.mht

      Uninstallers:


      Folders Found:


      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------


      Onderstaand de inhoud van het bestand MAIN.TXT :

      Deckard's System Scanner v20071014.68
      Run by P.A. van der Kruk on 2008-03-12 00:54:02
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------



      -- HijackThis (run as P.A. van der Kruk.exe) -----------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 0:54:04, on 12-3-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Norton Internet Security\ISSVC.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\AVG\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
      C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Program Files\Spyware Doctor\pctsAuxs.exe
      C:\Program Files\Spyware Doctor\pctsSvc.exe
      C:\Program Files\Spyware Doctor\pctsTray.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      C:\Program Files\AVG\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\WINDOWS\svw.exe
      C:\WINDOWS\svx.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\TomTom HOME\TomTomHOME.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Documents and Settings\P.A. van der Kruk\Bureaublad\Deckard SS.exe
      C:\PROGRA~1\TRENDM~1\HIJACK~1\PAVAND~1.EXE
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
      O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
      O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
      O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [netx] C:\WINDOWS\svx.exe
      O4 - HKLM\..\Run: [netw] C:\WINDOWS\svw.exe
      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: TomTom HOME.lnk = C:\Program Files\TomTom HOME\TomTomHOME.exe
      O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - Global Startup: Logitech Harmony Remote V5.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
      O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
      O16 - DPF: {33331111-1111-1111-1111-611111193423} -
      O16 - DPF: {33331111-1111-1111-1111-611111193429} -
      O16 - DPF: {33331111-1111-1111-1111-615111193427} -
      O16 - DPF: {33331111-1131-1111-1111-611111193428} -
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163102940345
      O17 - HKLM\System\CCS\Services\Tcpip\..\{D7372FB5-FA2C-418C-8201-FD383A24ED2D}: NameServer = 62.45.45.45 62.45.46.46
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Alerter AlerterUPS (AlerterUPS) - Unknown owner - C:\WINDOWS\system32\12520850t.exe (file missing)
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: ieupdater2 (Microsoft IEUpdater2) - Unknown owner - C:\Documents and Settings\P.A. van der Kruk\ie_updater.exe (file missing)
      O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
      O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: Task Scheduler ScheduleBITS (ScheduleBITS) - Unknown owner - C:\WINDOWS\system32\1031i.exe (file missing)
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

      --
      End of file - 13038 bytes

      -- Files created between 2008-02-12 and 2008-03-12 -----------------------------

      2008-03-12 00:48:20 0 d-------- C:\RVAXO
      2008-03-12 00:48:13 16384 --a------ C:\WINDOWS\system32\Restart.exe <Not Verified; WareSoft Software; restart>
      2008-03-10 23:10:34 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2008-03-10 23:10:18 0 d-------- C:\Documents and Settings\P.A. van der Kruk\Application Data\PC Tools
      2008-03-10 20:36:43 0 d-------- C:\Program Files\Lavasoft
      2008-03-10 20:36:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-03-10 20:34:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-03-08 15:27:11 705654 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-03-08 15:27:11 69632 --a------ C:\WINDOWS\system32\remove.exe
      2008-02-21 20:54:17 0 d-------- C:\Program Files\CDLAB


      -- Find3M Report ---------------------------------------------------------------

      2008-03-12 00:54:35 0 d-------- C:\Program Files\Common Files\Symantec Shared
      2008-03-12 00:40:34 0 d-------- C:\Program Files\Common Files
      2008-03-10 23:26:39 0 d-------- C:\Program Files\Spyware Doctor
      2008-03-10 23:11:42 514008 --a------ C:\WINDOWS\system32\perfh013.dat
      2008-03-10 23:11:42 103852 --a------ C:\WINDOWS\system32\perfc013.dat
      2008-03-03 21:34:40 144 --ahs---- C:\WINDOWS\system32\1357329379.dat
      2008-02-14 22:59:07 0 d-------- C:\Program Files\CD covers
      2008-02-13 23:52:22 0 d-------- C:\Documents and Settings\P.A. van der Kruk\Application Data\Skype
      2008-02-13 23:50:02 0 d-------- C:\Documents and Settings\P.A. van der Kruk\Application Data\skypePM
      2008-02-13 23:44:15 0 d-------- C:\Program Files\CdCoverCreator
      2008-02-13 20:52:06 0 d-------- C:\Program Files\Emule
      2008-02-05 00:11:45 44544 -r-hs---- C:\WINDOWS\system32\amcompatd.exe
      2008-02-05 00:11:45 45568 -r-hs---- C:\WINDOWS\system32\acleditl.exe
      2008-02-05 00:11:45 179200 --a------ C:\WINDOWS\svx.exe
      2008-02-05 00:11:44 179200 --a------ C:\WINDOWS\svw.exe
      2008-02-01 00:19:18 0 d--h----- C:\Program Files\Yes


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [26-08-2005 18:14]
      "SoundMan"="SOUNDMAN.EXE" [17-08-2005 18:39 C:\WINDOWS\SOUNDMAN.EXE]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05-08-2005 21:05]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11-05-2005 23:12]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 11:50]
      "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [14-07-2005 15:09]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08-03-2006 15:54]
      "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [28-11-2006 23:16]
      "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [10-03-2004 23:26]
      "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10-11-2006 11:35]
      "!AVG Anti-Spyware"="C:\Program Files\AVG\AVG Anti-Spyware 7.5\avgas.exe" [11-06-2007 10:25]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [19-10-2007 20:16]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02-11-2007 18:36]
      "netx"="C:\WINDOWS\svx.exe" [05-02-2008 00:11]
      "netw"="C:\WINDOWS\svw.exe" [05-02-2008 00:11]
      "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01-02-2008 12:55]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [02-04-2007 19:50]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11-09-2007 21:34]

      C:\Documents and Settings\P.A. van der Kruk\Menu Start\Programma's\Opstarten\
      TomTom HOME.lnk - C:\Program Files\TomTom HOME\TomTomHOME.exe [6-4-2006 16:41:30]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23-9-2005 21:05:26]
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11-5-2005 23:23:26]
      Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2-4-2007 19:50:45]
      Logitech Harmony Remote V5.lnk - C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe [22-2-2006 15:47:44]
      Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [12-5-2005 0:49:24]

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      "IEUpdate"= C:\WINDOWS\system32\acleditl.exe
      "UpdateWin"= C:\WINDOWS\system32\amcompatd.exe

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
      "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StreamZap Remote]
      C:\PROGRA~1\STREAM~1\Remote\zremote.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
      "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s




      -- End of Deckard's System Scanner: finished at 2008-03-12 00:55:07 ------------


      pieter

      Comment


      • #4
        Open de map RVAXO op je bureaublad en dubbelklik het bestand Uninstall.cmd
        Dit zal RVAXO verwijderen.

        Download nu even een nieuwe versie van RVAXO en voer deze uit op dezelfde wijze als de vorige keer.

        Post het logje dat je krijgt

        Comment


        • #5
          Oude RVAXO verwijderd, en hierna opnieuw gedownload en in veilige modus uitgevoerd. Onderstaand het nieuwe logje:


          ---RVAXO.exe Updated: 2008-02-18---first run---
          Files found:

          Uninstallers:


          Folders Found:


          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------

          Files found:

          Folders Found:

          --------------RVAXO.exe finished----------------


          Pieter

          Comment


          • #6
            ---RVAXO.exe Updated: 2008-02-18---first run---
            Vreemd hoor dat je steeds weer met die oude versie aankomt

            Dubbelklik Unistall.cmd in de map RVAXO op je bureaublad

            Download je RVAXO wel via deze link?: http://home.hetnet.nl/~stefsmeenk/RVAXO.exe

            Ik heb zelf de indruk dat jij RVAXO.exe ergens anders vandaan haalt

            Comment


            • #7
              Dat klopt inderdaad, omdat ik de download al eerder op een geheugenkaartje gezet had aangezien ik thuis het internet niet op kan.

              Die zal ik nu verwijderen, en jouw download op het kaartje zetten zodat ik die vanavond kan gebruiken.

              Excuus voor mijn foutieve uitvoering van de opdracht!


              pieter

              Comment


              • #8
                Och, je bent de eerste niet en ook vast de laatste niet die dit overkomt.
                Je wil niet weten hoe veel fixes er mislukken doordat men niet goed leest en zo

                Die update-datum bewijst op deze manier zijn nut

                Comment


                • #9
                  Nou, onderstaand de resultaten van het nieuwe herziene RVAXO-logje dan :


                  ---RVAXO.exe Updated: 2008-03-13---first run---
                  Uninstallers:

                  Files found:
                  C:\WINDOWS\system32\amcompatd.exe
                  C:\WINDOWS\system32\acleditl.exe
                  C:\WINDOWS\svx.exe
                  C:\WINDOWS\svw.exe

                  Folders Found:

                  Hosts-file was reset, If you use a custom hosts file please replace it...

                  --------------RVAXO.exe last run---------------
                  Not deleted items:

                  --------------RVAXO.exe finished----------------


                  pieter

                  Comment


                  • #10
                    Post ook maar even een nieuw logje van Deckard's System Scanner

                    Comment


                    • #11
                      Deckard's System Scanner uitgevoerd; onderstaand het logje daarvan :


                      Deckard's System Scanner v20071014.68
                      Run by P.A. van der Kruk on 2008-03-14 23:23:59
                      Computer is in Normal Mode.
                      --------------------------------------------------------------------------------



                      -- HijackThis (run as P.A. van der Kruk.exe) -----------------------------------

                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 23:24:05, on 14-3-2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\csrss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\Ati2evxx.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
                      C:\WINDOWS\system32\Ati2evxx.exe
                      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                      C:\Program Files\Norton Internet Security\ISSVC.exe
                      C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
                      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                      C:\Program Files\AVG\AVG Anti-Spyware 7.5\guard.exe
                      C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
                      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
                      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
                      C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
                      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                      C:\WINDOWS\system32\HPZipm12.exe
                      C:\Program Files\Spyware Doctor\pctsAuxs.exe
                      C:\Program Files\Spyware Doctor\pctsSvc.exe
                      C:\Program Files\Spyware Doctor\pctsTray.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\system32\wdfmgr.exe
                      C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
                      C:\WINDOWS\system32\wscntfy.exe
                      C:\WINDOWS\System32\alg.exe
                      C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
                      C:\WINDOWS\SOUNDMAN.EXE
                      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
                      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
                      C:\Program Files\AVG\AVG Anti-Spyware 7.5\avgas.exe
                      C:\Program Files\QuickTime\QTTask.exe
                      C:\Program Files\iTunes\iTunesHelper.exe
                      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
                      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                      C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
                      C:\Program Files\TomTom HOME\TomTomHOME.exe
                      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
                      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
                      C:\Program Files\iPod\bin\iPodService.exe
                      C:\Documents and Settings\P.A. van der Kruk\Bureaublad\dss.exe
                      C:\PROGRA~1\TRENDM~1\HIJACK~1\PAVAND~1.EXE
                      C:\WINDOWS\system32\wbem\wmiprvse.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                      O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
                      O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
                      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                      O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
                      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
                      O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
                      O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
                      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
                      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
                      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
                      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
                      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
                      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
                      O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
                      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG\AVG Anti-Spyware 7.5\avgas.exe" /minimized
                      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
                      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                      O4 - Startup: TomTom HOME.lnk = C:\Program Files\TomTom HOME\TomTomHOME.exe
                      O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                      O4 - Global Startup: Logitech Harmony Remote V5.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
                      O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
                      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
                      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
                      O16 - DPF: {33331111-1111-1111-1111-611111193423} -
                      O16 - DPF: {33331111-1111-1111-1111-611111193429} -
                      O16 - DPF: {33331111-1111-1111-1111-615111193427} -
                      O16 - DPF: {33331111-1131-1111-1111-611111193428} -
                      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163102940345
                      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
                      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      O23 - Service: Alerter AlerterUPS (AlerterUPS) - Unknown owner - C:\WINDOWS\system32\12520850t.exe (file missing)
                      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG\AVG Anti-Spyware 7.5\guard.exe
                      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                      O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
                      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
                      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
                      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
                      O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
                      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                      O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
                      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                      O23 - Service: ieupdater2 (Microsoft IEUpdater2) - Unknown owner - C:\Documents and Settings\P.A. van der Kruk\ie_updater.exe (file missing)
                      O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
                      O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
                      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
                      O23 - Service: Task Scheduler ScheduleBITS (ScheduleBITS) - Unknown owner - C:\WINDOWS\system32\1031i.exe (file missing)
                      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
                      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
                      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

                      --
                      End of file - 12784 bytes

                      -- Files created between 2008-02-14 and 2008-03-14 -----------------------------

                      2008-03-13 23:12:35 0 d-------- C:\RVAXO
                      2008-03-13 23:10:42 741748 --a------ C:\WINDOWS\system32\RVAXO.bat
                      2008-03-13 23:10:42 69632 --a------ C:\WINDOWS\system32\remove.exe
                      2008-03-10 23:10:34 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
                      2008-03-10 23:10:18 0 d-------- C:\Documents and Settings\P.A. van der Kruk\Application Data\PC Tools
                      2008-03-10 20:36:43 0 d-------- C:\Program Files\Lavasoft
                      2008-03-10 20:36:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                      2008-03-10 20:34:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
                      2008-02-21 20:54:17 0 d-------- C:\Program Files\CDLAB


                      -- Find3M Report ---------------------------------------------------------------

                      2008-03-14 21:41:57 0 d-------- C:\Program Files\Common Files
                      2008-03-12 00:54:35 0 d-------- C:\Program Files\Common Files\Symantec Shared
                      2008-03-10 23:26:39 0 d-------- C:\Program Files\Spyware Doctor
                      2008-03-10 23:11:42 514008 --a------ C:\WINDOWS\system32\perfh013.dat
                      2008-03-10 23:11:42 103852 --a------ C:\WINDOWS\system32\perfc013.dat
                      2008-03-03 21:34:40 144 --ahs---- C:\WINDOWS\system32\1357329379.dat
                      2008-02-14 22:59:07 0 d-------- C:\Program Files\CD covers
                      2008-02-13 23:52:22 0 d-------- C:\Documents and Settings\P.A. van der Kruk\Application Data\Skype
                      2008-02-13 23:50:02 0 d-------- C:\Documents and Settings\P.A. van der Kruk\Application Data\skypePM
                      2008-02-13 23:44:15 0 d-------- C:\Program Files\CdCoverCreator
                      2008-02-13 20:52:06 0 d-------- C:\Program Files\Emule
                      2008-02-01 00:19:18 0 d--h----- C:\Program Files\Yes


                      -- Registry Dump ---------------------------------------------------------------

                      *Note* empty entries & legit default entries are not shown


                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [26-08-2005 18:14]
                      "SoundMan"="SOUNDMAN.EXE" [17-08-2005 18:39 C:\WINDOWS\SOUNDMAN.EXE]
                      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05-08-2005 21:05]
                      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11-05-2005 23:12]
                      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 11:50]
                      "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [14-07-2005 15:09]
                      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08-03-2006 15:54]
                      "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [28-11-2006 23:16]
                      "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [10-03-2004 23:26]
                      "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10-11-2006 11:35]
                      "!AVG Anti-Spyware"="C:\Program Files\AVG\AVG Anti-Spyware 7.5\avgas.exe" [11-06-2007 10:25]
                      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [19-10-2007 20:16]
                      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02-11-2007 18:36]
                      "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01-02-2008 12:55]

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [02-04-2007 19:50]
                      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11-09-2007 21:34]

                      C:\Documents and Settings\P.A. van der Kruk\Menu Start\Programma's\Opstarten\
                      TomTom HOME.lnk - C:\Program Files\TomTom HOME\TomTomHOME.exe [6-4-2006 16:41:30]

                      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                      Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23-9-2005 21:05:26]
                      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11-5-2005 23:23:26]
                      Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2-4-2007 19:50:45]
                      Logitech Harmony Remote V5.lnk - C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe [22-2-2006 15:47:44]
                      Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [12-5-2005 0:49:24]

                      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
                      "DisableRegistryTools"=0 (0x0)

                      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
                      "IEUpdate"= C:\WINDOWS\system32\acleditl.exe
                      "UpdateWin"= C:\WINDOWS\system32\amcompatd.exe

                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
                      @="Service"

                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
                      "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StreamZap Remote]
                      C:\PROGRA~1\STREAM~1\Remote\zremote.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
                      "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s




                      -- End of Deckard's System Scanner: finished at 2008-03-14 23:25:00 ------------


                      pieter

                      Comment


                      • #12
                        Open een klablokbestand.
                        Kopieer onderstaande code in dit kladblokbestand.
                        Ga naar Bestand - Opslaan als.
                        Bij "Opslaan in" kies je: Bureaublad
                        Bij "Bestandsnaam" zet je: del.bat
                        Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                        Klik op de knop Opslaan.
                        Code:
                        sc delete AlerterUPS
                        sc delete "Microsoft IEUpdater2"
                        sc delete ScheduleBITS
                        Dubbelklik daarna op del.bat


                        Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht
                        O16 - DPF: {33331111-1111-1111-1111-611111193423} -
                        O16 - DPF: {33331111-1111-1111-1111-611111193429} -
                        O16 - DPF: {33331111-1111-1111-1111-615111193427} -
                        O16 - DPF: {33331111-1131-1111-1111-611111193428} -

                        Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

                        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
                        Dit zal alles van RVAXO doen verwijderen.

                        Je Java software is verouderd.
                        Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                        Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                        • Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
                        • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                        • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                        • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                        • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                        • Herhaal dit tot alle oudere versies verdwenen zijn.
                        • Na het verwijderen van alle oudere versies, herstart je pc.
                        • Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                        Download ATF cleaner (mirror)(gemaakt door Atribune)

                        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                        Dubbelklik op ATF cleaner om het programma te starten.
                        Op het tabblad "Main", plaats je een vinkje bij Select All.
                        Klik op de knop Empty Selected.

                        Het volgende doen als je ook FireFox als browser hebt:
                        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                        Klik op de knop Empty Selected.

                        Het volgende doen als je ook Opera als browser hebt:
                        Klik op tabblad "Opera", plaats een vinkje bij Select All.
                        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        Klik op de knop Empty Selected.
                        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                        Kijk hier hoe je je systeemherstel moet uitschakelen.
                        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                        Post als laatste nog een nieuw logje van Hijackthis ter controle

                        Comment


                        • #13
                          Hoi Smeenk, ik heb alles uitgevoerd zonder problemen. Zie hieronder het nieuwe logje van Hijackthis :


                          Logfile of Trend Micro HijackThis v2.0.2
                          Scan saved at 0:18:05, on 19-3-2008
                          Platform: Windows XP SP2 (WinNT 5.01.2600)
                          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                          Boot mode: Normal

                          Running processes:
                          C:\WINDOWS\System32\smss.exe
                          C:\WINDOWS\system32\csrss.exe
                          C:\WINDOWS\system32\winlogon.exe
                          C:\WINDOWS\system32\services.exe
                          C:\WINDOWS\system32\lsass.exe
                          C:\WINDOWS\system32\Ati2evxx.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\system32\Ati2evxx.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
                          C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                          C:\Program Files\Norton Internet Security\ISSVC.exe
                          C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                          C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
                          C:\WINDOWS\Explorer.EXE
                          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                          C:\WINDOWS\system32\spoolsv.exe
                          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                          C:\Program Files\AVG\AVG Anti-Spyware 7.5\guard.exe
                          C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
                          C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
                          C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
                          C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
                          C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                          C:\WINDOWS\system32\HPZipm12.exe
                          C:\Program Files\Spyware Doctor\pctsAuxs.exe
                          C:\Program Files\Spyware Doctor\pctsSvc.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\Program Files\Spyware Doctor\pctsTray.exe
                          C:\WINDOWS\system32\wdfmgr.exe
                          C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
                          C:\WINDOWS\system32\wscntfy.exe
                          C:\WINDOWS\System32\alg.exe
                          C:\WINDOWS\SOUNDMAN.EXE
                          C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                          C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
                          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
                          C:\Program Files\AVG\AVG Anti-Spyware 7.5\avgas.exe
                          C:\Program Files\QuickTime\QTTask.exe
                          C:\Program Files\iTunes\iTunesHelper.exe
                          C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                          C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                          C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                          C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
                          C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
                          C:\Program Files\TomTom HOME\TomTomHOME.exe
                          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
                          C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
                          C:\Program Files\iPod\bin\iPodService.exe
                          C:\Program Files\Internet Explorer\iexplore.exe
                          C:\WINDOWS\system32\wbem\wmiprvse.exe
                          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                          O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                          O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
                          O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
                          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                          O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
                          O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
                          O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
                          O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
                          O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
                          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                          O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                          O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
                          O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                          O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
                          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                          O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
                          O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
                          O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
                          O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG\AVG Anti-Spyware 7.5\avgas.exe" /minimized
                          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                          O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
                          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                          O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                          O4 - Startup: TomTom HOME.lnk = C:\Program Files\TomTom HOME\TomTomHOME.exe
                          O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                          O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                          O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                          O4 - Global Startup: Logitech Harmony Remote V5.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
                          O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
                          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                          O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                          O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
                          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163102940345
                          O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
                          O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                          O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                          O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG\AVG Anti-Spyware 7.5\guard.exe
                          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                          O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
                          O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
                          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                          O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
                          O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
                          O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
                          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                          O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
                          O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                          O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
                          O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                          O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
                          O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
                          O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
                          O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
                          O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                          O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

                          --
                          End of file - 12182 bytes


                          pieter

                          Comment


                          • #14
                            Logje ziet er goed uit hoor

                            Nog even een restantje in het register opruimen.

                            1) Open een kladblokbestand.
                            2) Kopieer onderstaande code in dit kladblokbestand.
                            3) Ga naar Bestand - Opslaan als.
                            -Bij "Opslaan in" kies je: Bureaublad
                            -Bij "Bestandsnaam" zet je: fix.reg
                            -Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                            -Klik op de knop Opslaan.
                            Code:
                            REGEDIT4
                            
                            [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
                            "IEUpdate"=-
                            "UpdateWin"=-
                            4) Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.

                            Comment


                            • #15
                              Is nu ook opgeruimd
                              Intussen weer geprobeerd het internet op te komen of mail binnen te halen, maar internet geeft de bekende melding 'De pagina kan niet worden weergegeven' of 'Zoekpagina kan niet worden geopend' (in een klein venstertje).
                              Daarna Norton nog uitgeschakeld, waarna het wél lukte.
                              Kun jij zeggen hoe dit ook nog opgelost kan worden?

                              Bedankt,
                              Pieter

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X