Mededeling

Collapse
No announcement yet.

computer weeral geïnfecteerd, hetzelfde probleem als vorige keer

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • computer weeral geïnfecteerd, hetzelfde probleem als vorige keer

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:29:01, on 20/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
    C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
    C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
    C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
    C:\DOCUME~1\Maarten\LOCALS~1\Temp\RtkBtMnt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\WINDOWS\system32\ubmeqwaj.exe
    C:\WINDOWS\udgtqlqz.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: GNX Rolex - {7DEE5BA2-CB70-4BBB-BD94-208BBA8AA6C4} - C:\WINDOWS\drnpfdxlsk.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ubmeqwaj] C:\WINDOWS\system32\ubmeqwaj.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKLM\..\Policies\Explorer\Run: [US6TMMHuv0] C:\WINDOWS\udgtqlqz.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 6906 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      ---RVAXO.exe Updated: 2008-03-20---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\drnpfdxlsk.dll
      C:\WINDOWS\altvxvm.dll

      Folders Found:

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------

      Comment


      • #4
        Deckard's System Scanner v20071014.68
        Run by Maarten on 2008-03-20 22:28:06
        Computer is in Normal Mode.
        --------------------------------------------------------------------------------

        -- System Restore --------------------------------------------------------------

        Successfully created a Deckard's System Scanner Restore Point.


        -- Last 5 Restore Point(s) --
        78: 2008-03-20 21:28:14 UTC - RP78 - Deckard's System Scanner Restore Point
        77: 2008-03-20 18:19:57 UTC - RP77 - TweakXP scheduled System Checkpoint
        76: 2008-03-20 18:19:11 UTC - RP76 - Installed TweakXP
        75: 2008-03-16 20:45:59 UTC - RP75 - Installed Windows Live Messenger
        74: 2008-03-05 09:29:26 UTC - RP74 - Installed TortoiseSVN 1.4.8.12137 (32 bit)


        -- First Restore Point --
        1: 2007-11-15 18:00:37 UTC - RP1 - Controlepunt van systeem


        Backed up registry hives.
        Performed disk cleanup.



        -- HijackThis (run as Maarten.exe) ---------------------------------------------

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 22:30:25, on 20/03/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Unable to get Internet Explorer version!
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\HPZipm12.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\wscntfy.exe
        C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
        C:\WINDOWS\RTHDCPL.EXE
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\hkcmd.exe
        C:\WINDOWS\system32\igfxsrvc.exe
        C:\WINDOWS\system32\igfxpers.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
        C:\WINDOWS\system32\ubmeqwaj.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
        C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
        C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
        C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
        C:\DOCUME~1\Maarten\LOCALS~1\Temp\RtkBtMnt.exe
        C:\Documents and Settings\Maarten\Bureaublad\dss.exe
        C:\PROGRA~1\TRENDM~1\HIJACK~1\Maarten.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O2 - BHO: GNX Rolex - {7DEE5BA2-CB70-4BBB-BD94-208BBA8AA6C4} - C:\WINDOWS\drnpfdxlsk.dll (file missing)
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
        O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
        O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [ubmeqwaj] C:\WINDOWS\system32\ubmeqwaj.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
        O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
        O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

        --
        End of file - 6662 bytes

        -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

        backup-20071115-172404-138 O20 - Winlogon Notify: tuvvtus - tuvvtus.dll (file missing)
        backup-20071115-172404-290 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
        backup-20071115-172404-500 O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
        backup-20071115-172404-510 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        backup-20071115-172404-593 O2 - BHO: {af8d855c-9a12-b0a9-7f84-fe8c1e7b4646} - {6464b7e1-c8ef-48f7-9a0b-21a9c558d8fa} - C:\WINDOWS\system32\wvlscano.dll (file missing)
        backup-20071115-172404-685 O4 - HKLM\..\Run: [2893e3e7] rundll32.exe "C:\WINDOWS\system32\yhfgaqfm.dll",b

        -- File Associations -----------------------------------------------------------

        All associations okay.


        -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

        R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
        R3 tap0801 (TAP-Win32 Adapter V8) - c:\windows\system32\drivers\tap0801.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>

        S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys (file missing)
        S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys (file missing)
        S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - c:\windows\system32\drivers\awrtrd.sys (file missing)
        S3 btaudio (Bluetooth-audioapparaat) - c:\windows\system32\drivers\btaudio.sys (file missing)
        S3 BTDriver (Bluetooth virtuele-communicatiestuurprogramma) - c:\windows\system32\drivers\btport.sys (file missing)
        S3 BTWDNDIS (Bluetooth LAN Access Server) - c:\windows\system32\drivers\btwdndis.sys (file missing)
        S3 btwhid - c:\windows\system32\drivers\btwhid.sys (file missing)
        S3 catchme - c:\docume~1\maarten\locals~1\temp\catchme.sys (file missing)
        S3 UDXTTM6000 (DTV-DVB UDXTTM6000 - USB 2.0 Receiver) - c:\windows\system32\drivers\udxttm6000.sys
        S3 UDXTTM6000HID (UDXTTM6000HID - HID Driver) - c:\windows\system32\drivers\udxttm6000hid.sys <Not Verified; DTV-DVB; DTV-DVB USB2 DVB-T HID>


        -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

        S3 OpenVPNService (OpenVPN Service) - c:\program files\openvpn\bin\openvpnserv.exe
        S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
        S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>


        -- Device Manager: Disabled ----------------------------------------------------

        Class GUID:
        Description: Modem Device on High Definition Audio Bus
        Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_1025012E&REV_1000\4&2CC90C85&0&0102
        Manufacturer:
        Name: Modem Device on High Definition Audio Bus
        PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_1025012E&REV_1000\4&2CC90C85&0&0102
        Service:

        Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
        Description: Ethernet-controller
        Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_012E1025&REV_02\4&2803E7C1&0&00E2
        Manufacturer:
        Name: Ethernet-controller
        PNP Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_012E1025&REV_02\4&2803E7C1&0&00E2
        Service:

        Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
        Description: SM-buscontroller
        Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_012E1025&REV_02\3&B1BFB68&0&FB
        Manufacturer:
        Name: SM-buscontroller
        PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_012E1025&REV_02\3&B1BFB68&0&FB
        Service:


        -- Scheduled Tasks -------------------------------------------------------------

        2007-11-26 13:29:22 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


        -- Files created between 2008-02-20 and 2008-03-20 -----------------------------

        2008-03-20 22:22:41 0 d-------- C:\RVAXO
        2008-03-20 22:20:35 747874 --a------ C:\WINDOWS\system32\RVAXO.bat
        2008-03-20 22:20:35 69632 --a------ C:\WINDOWS\system32\remove.exe
        2008-03-20 19:19:18 38400 --a------ C:\WINDOWS\udgtqlqz.exe
        2008-03-20 19:19:17 98304 --a------ C:\WINDOWS\system32\ubmeqwaj.exe
        2008-03-19 08:58:13 0 d-------- C:\UT2004Demo
        2008-03-16 21:47:06 0 d-------- C:\Documents and Settings\Maarten\Tracing
        2008-03-14 15:15:16 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
        2008-03-14 15:15:04 0 d-------- C:\Q3Ademo
        2008-03-14 13:52:01 0 d-------- C:\Program Files\TopDesk
        2008-03-08 18:01:45 0 d-------- C:\Program Files\Altnet
        2008-03-08 18:01:18 0 d-------- C:\Program Files\Kazaa
        2008-03-05 14:23:47 0 d-------- C:\Program Files\Hide Window Hotkey
        2008-03-05 10:31:52 0 d-------- C:\Documents and Settings\Maarten\Application Data\Subversion
        2008-03-05 10:29:33 0 d-------- C:\Program Files\TortoiseSVN
        2008-02-28 07:32:16 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
        2008-02-27 10:48:46 0 d-------- C:\WACKY
        2008-02-25 07:08:47 0 d-------- C:\Program Files\NCH Swift Sound
        2008-02-25 07:08:33 0 d-------- C:\Program Files\NCH Software
        2008-02-22 14:14:01 0 d-------- C:\Program Files\Source Edit
        2008-02-21 03:05:44 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
        2008-02-21 03:04:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
        2008-02-21 03:04:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
        2008-02-21 03:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
        2008-02-21 03:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
        2008-02-21 03:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
        2008-02-21 03:04:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
        2008-02-21 03:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


        -- Find3M Report ---------------------------------------------------------------

        2008-03-20 16:20:26 0 d-------- C:\Documents and Settings\Maarten\Application Data\Real
        2008-03-19 09:42:35 0 d-------- C:\Program Files\BitComet
        2008-03-19 09:42:23 0 d-------- C:\Program Files\VstPlugins
        2008-03-19 09:42:23 0 d-------- C:\Program Files\Image-Line
        2008-03-16 21:46:04 0 d-------- C:\Program Files\Windows Live
        2008-03-11 22:48:27 0 d-------- C:\Documents and Settings\Maarten\Application Data\LimeWire
        2008-03-08 18:08:11 0 d-------- C:\Program Files\LimeWire
        2008-02-28 21:46:45 0 d-------- C:\Program Files\DivX
        2008-02-28 07:32:16 0 d-a------ C:\Program Files\Common Files
        2008-02-25 11:27:38 0 d-------- C:\Documents and Settings\Maarten\Application Data\NCH Swift Sound
        2008-02-17 15:29:50 0 d-------- C:\Program Files\Babylon
        2008-02-17 13:10:11 0 d-------- C:\Documents and Settings\Maarten\Application Data\Thinstall
        2008-02-16 17:46:34 0 d--h----- C:\Program Files\InstallShield Installation Information
        2008-02-16 17:46:34 0 d-------- C:\Program Files\Easy Computing
        2008-02-13 01:01:46 0 d-------- C:\Program Files\PKR
        2008-02-11 11:01:26 0 d-------- C:\Program Files\Common Files\Adobe
        2008-02-10 19:52:01 0 d-------- C:\Documents and Settings\Maarten\Application Data\Media Player Classic
        2008-02-10 19:51:21 0 d-------- C:\Program Files\K-Lite Codec Pack
        2008-02-07 12:26:29 0 d-------- C:\Program Files\Windows NT
        2008-02-07 12:26:29 0 d-------- C:\Program Files\Movie Maker
        2008-02-07 12:26:29 0 d-------- C:\Program Files\Messenger
        2008-02-05 17:55:28 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
        2008-02-05 17:49:52 1720086 --a------ C:\WINDOWS\system32\TmpA275531
        2008-02-04 18:51:47 121853 --a------ C:\DMKeygen_packed.exe
        2008-02-03 14:49:04 219136 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
        2008-02-01 00:53:38 0 d-------- C:\Program Files\Virtools
        2008-02-01 00:53:37 1928 --a------ C:\WINDOWS\mozver.dat
        2008-01-30 23:17:56 0 d-------- C:\Documents and Settings\Maarten\Application Data\Syntrillium
        2008-01-23 11:45:51 0 d-------- C:\Program Files\Common Files\xing shared
        2008-01-23 11:45:48 0 d-------- C:\Program Files\Common Files\Real
        2008-01-23 11:45:39 0 d-------- C:\Program Files\Real
        2008-01-19 11:09:41 118784 --a------ C:\WINDOWS\dsdxirmv.exe
        2008-01-06 20:28:09 65536 --a------ C:\WINDOWS\IFinst27.exe
        2008-01-05 10:28:44 459070 --a------ C:\WINDOWS\system32\perfh013.dat
        2008-01-05 10:28:44 77858 --a------ C:\WINDOWS\system32\perfc013.dat
        2008-01-04 10:38:47 80 -r-hs---- C:\WINDOWS\system32\C86EFB6BF7.dll
        2007-12-25 00:21:36 51736 --ah----- C:\WINDOWS\system32\mlfcache.dat
        2007-12-23 22:20:06 2048 --a------ C:\WINDOWS\system32\Tr_sttool.dat
        2007-12-20 18:38:39 113383 --a------ C:\WINDOWS\hpoins07.dat


        -- Registry Dump ---------------------------------------------------------------

        *Note* empty entries & legit default entries are not shown


        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DEE5BA2-CB70-4BBB-BD94-208BBA8AA6C4}]
        C:\WINDOWS\drnpfdxlsk.dll

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "RTHDCPL"="RTHDCPL.EXE" [10/05/2007 18:08 C:\WINDOWS\RTHDCPL.exe]
        "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 14:00]
        "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [24/08/2007 11:01]
        "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [24/08/2007 11:01]
        "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [24/08/2007 11:00]
        "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [23/01/2008 11:45]
        "System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [26/02/2006 00:41]
        "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
        "ubmeqwaj"="C:\WINDOWS\system32\ubmeqwaj.exe" [20/03/2008 19:19]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
        "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/03/2008 21:52]

        C:\Documents and Settings\Maarten\Menu Start\Programma's\Opstarten\
        Konfabulator.lnk - C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe [4/08/2005 19:31:16]

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
        "NoViewOnDrive"=0 (0x0)
        "NoLogoff"=0 (0x0)

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
        "appinit_dlls"=MsgPlusLoader.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinManager.lnk]
        path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinManager.lnk
        backup=C:\WINDOWS\pss\WinManager.lnkCommon Startup

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
        "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
        "Bonjour Service"=2 (0x2)
        "BthServ"=2 (0x2)
        "TapiSrv"=3 (0x3)
        "WMPNetworkSvc"=3 (0x3)
        "odserv"=3 (0x3)
        "Microsoft Office Groove Audit Service"=3 (0x3)
        "Adobe LM Service"=3 (0x3)
        "WebrootSpySweeperService"=2 (0x2)
        "usnjsvc"=3 (0x3)
        "Schedule"=2 (0x2)
        "RDSessMgr"=3 (0x3)
        "mnmsrvc"=3 (0x3)
        "helpsvc"=2 (0x2)
        "NMIndexingService"=3 (0x3)
        "NBService"=3 (0x3)
        "FastUserSwitchingCompatibility"=3 (0x3)
        "wuauserv"=2 (0x2)

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
        bthsvcs BthServ


        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
        AutoRun\command- F:\SETUP.EXE
        configure\command- F:\SETUP.EXE
        install\command- F:\SETUP.EXE




        -- End of Deckard's System Scanner: finished at 2008-03-20 22:30:59 ------------

        Comment


        • #5
          Start Hijackthis en vink alleen de volgende regels aan:
          O2 - BHO: GNX Rolex - {7DEE5BA2-CB70-4BBB-BD94-208BBA8AA6C4} - C:\WINDOWS\drnpfdxlsk.dll (file missing)
          O4 - HKLM\..\Run: [ubmeqwaj] C:\WINDOWS\system32\ubmeqwaj.exe
          O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

          Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

          Herstart je computer.

          Probeer na de herstart de volgende bestanden te verwijderen:
          C:\WINDOWS\udgtqlqz.exe
          C:\WINDOWS\system32\ubmeqwaj.exe

          Verwijder ook de volgende map:
          C:\Program Files\Altnet

          Maak dan je prullenbak leeg.

          Post een nieuw logje van Hijackthis ter controle

          Comment


          • #6
            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 23:08:13, on 20/03/2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Unable to get Internet Explorer version!
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            C:\Program Files\Alwil Software\Avast4\ashServ.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\system32\HPZipm12.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
            C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\wscntfy.exe
            C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\RTHDCPL.EXE
            C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            C:\WINDOWS\system32\hkcmd.exe
            C:\WINDOWS\system32\igfxpers.exe
            C:\Program Files\Common Files\Real\Update_OB\realsched.exe
            C:\WINDOWS\system32\igfxsrvc.exe
            C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
            C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
            C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
            C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
            C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
            C:\Program Files\Mozilla Firefox\firefox.exe
            C:\DOCUME~1\Maarten\LOCALS~1\Temp\RtkBtMnt.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
            O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
            O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
            O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
            O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
            O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
            O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
            O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
            O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
            O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
            O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
            O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
            O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
            O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
            O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
            O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
            O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
            O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
            O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
            O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

            --
            End of file - 6435 bytes

            Comment


            • #7
              Logje ziet er goed uit

              Werkt je Internet Explorer nog wel?

              Comment


              • #8
                ik gebruik die niet, zou ook niet weten waar die naartoe is

                Alvast bedankt!! (weeral)

                Comment


                • #9
                  Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
                  Dit zal alles van RVAXO doen verwijderen.

                  Je Java software is verouderd.
                  Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                  Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                  • Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
                  • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                  • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                  • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                  • Herhaal dit tot alle oudere versies verdwenen zijn.
                  • Na het verwijderen van alle oudere versies, herstart je pc.
                  • Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                  Download ATF cleaner (mirror)(gemaakt door Atribune)

                  Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                  Dubbelklik op ATF cleaner om het programma te starten.
                  Op het tabblad "Main", plaats je een vinkje bij Select All.
                  Klik op de knop Empty Selected.

                  Het volgende doen als je ook FireFox als browser hebt:
                  Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                  Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                  (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                  Klik op de knop Empty Selected.

                  Het volgende doen als je ook Opera als browser hebt:
                  Klik op tabblad "Opera", plaats een vinkje bij Select All.
                  Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                  Klik op de knop Empty Selected.
                  Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                  Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                  Kijk hier hoe je je systeemherstel moet uitschakelen.
                  Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                  Dan zou alles weer OK moeten zijn

                  Comment

                  Sorry, you are not authorized to view this page
                  Working...
                  X