Mededeling

Collapse
No announcement yet.

Google zoekt niet & spyware popups

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Google zoekt niet & spyware popups

    Gisteren raakte mijn PC (Windows XP) besmet spyware en al die.. ellende. In ieder geval heb ik dat voor een groot deel kunnen verwijderen.
    Alleen werkt Google sinds vandaag niet meer. De startpagina krijg ik zonder problemen, maar zodra ik wil gaan zoeken, loopt hij vast.

    Ook krijg ik op sites geen normale popups te zien, maar spyware popups.

    Ik heb al vele scans gedraaid, zoals AVG, Norton, Ad-Aware, Hitman Pro. En ben nu beetje radeloos..

    Kan iemand mij helpen! Thanks!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:33:43, on 23-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 66.98.148.65 auto.search.msn.com
    O1 - Hosts: 66.98.148.65 auto.search.msn.es
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0CD6A1FA-FF06-4F8E-9AFE-B0091C5E0306} - C:\WINDOWS\system32\cbXonoPj.dll (file missing)
    O2 - BHO: (no name) - {26AF7FA9-A83C-4269-A187-BFE67BDF32BD} - C:\WINDOWS\system32\yayvSlIC.dll (file missing)
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} - C:\WINDOWS\system32\urqRKETJ.dll (file missing)
    O2 - BHO: (no name) - {F7492147-57BA-4670-9212-564CE945E3C0} - C:\WINDOWS\system32\ljJYoLFx.dll (file missing)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Liesl\svchost.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [BMa7c9a775] Rundll32.exe "C:\WINDOWS\system32\xllemeir.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: urqRKETJ - urqRKETJ.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

    --
    End of file - 7026 bytes

  • #2
    Start Hijackthis en vink alleen de volgende regels aan:
    O2 - BHO: (no name) - {0CD6A1FA-FF06-4F8E-9AFE-B0091C5E0306} - C:\WINDOWS\system32\cbXonoPj.dll (file missing)
    O2 - BHO: (no name) - {26AF7FA9-A83C-4269-A187-BFE67BDF32BD} - C:\WINDOWS\system32\yayvSlIC.dll (file missing)
    O2 - BHO: (no name) - {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} - C:\WINDOWS\system32\urqRKETJ.dll (file missing)
    O2 - BHO: (no name) - {F7492147-57BA-4670-9212-564CE945E3C0} - C:\WINDOWS\system32\ljJYoLFx.dll (file missing)
    O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Liesl\svchost.exe
    O4 - HKLM\..\Run: [BMa7c9a775] Rundll32.exe "C:\WINDOWS\system32\xllemeir.dll",s
    O20 - Winlogon Notify: urqRKETJ - urqRKETJ.dll (file missing)

    Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Post ook een nieuw logje van Hijackthis

    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      Bedankt voor je reactie. Ik heb het bovengenoemde berichtje uitgevoerd:

      Deckard's System Scanner v20071014.68
      Run by Liesl on 2008-04-23 18:38:06
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 5 Restore Point(s) --
      8: 2008-04-23 16:38:10 UTC - RP8 - Deckard's System Scanner Restore Point
      7: 2008-04-23 14:11:25 UTC - RP7 - Installed Ad-Aware 2007
      6: 2008-04-23 14:10:39 UTC - RP6 - Removed Ad-Aware 2007
      5: 2008-04-23 12:39:13 UTC - RP5 - Installed Java(TM) 6 Update 6
      4: 2008-04-23 12:35:05 UTC - RP4 - Removed Java(TM) 6 Update 5


      -- First Restore Point --
      1: 2008-04-22 19:13:22 UTC - RP1 - Controlepunt van systeem


      Backed up registry hives.
      Performed disk cleanup.



      -- HijackThis (run as Liesl.exe) -----------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:39:24, on 23-4-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
      C:\WINDOWS\stsystra.exe
      C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
      C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
      C:\WINDOWS\system32\Rundll32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
      C:\Documents and Settings\Liesl\Bureaublad\dss.exe
      C:\PROGRA~1\TRENDM~1\HIJACK~1\Liesl.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
      O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
      O4 - HKLM\..\Run: [BMa7c9a775] Rundll32.exe "C:\WINDOWS\system32\xllemeir.dll",s
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
      O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
      O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
      O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
      O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

      --
      End of file - 6151 bytes

      -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

      backup-20080423-151036-315 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      backup-20080423-151036-461 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      backup-20080423-151036-490 O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      backup-20080423-151036-548 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
      backup-20080423-172024-256 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      backup-20080423-180012-502 O4 - HKLM\..\Run: [BMa7c9a775] Rundll32.exe "C:\WINDOWS\system32\xllemeir.dll",s
      backup-20080423-180012-594 O2 - BHO: (no name) - {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} - C:\WINDOWS\system32\urqRKETJ.dll (file missing)
      backup-20080423-180012-769 O20 - Winlogon Notify: urqRKETJ - urqRKETJ.dll (file missing)
      backup-20080423-180012-804 O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Liesl\svchost.exe
      backup-20080423-180012-815 O2 - BHO: (no name) - {26AF7FA9-A83C-4269-A187-BFE67BDF32BD} - C:\WINDOWS\system32\yayvSlIC.dll (file missing)
      backup-20080423-180012-898 O2 - BHO: (no name) - {0CD6A1FA-FF06-4F8E-9AFE-B0091C5E0306} - C:\WINDOWS\system32\cbXonoPj.dll (file missing)
      backup-20080423-180012-990 O2 - BHO: (no name) - {F7492147-57BA-4670-9212-564CE945E3C0} - C:\WINDOWS\system32\ljJYoLFx.dll (file missing)

      -- File Associations -----------------------------------------------------------

      All associations okay.


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module>

      S4 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
      S4 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


      -- Device Manager: Disabled ----------------------------------------------------

      No disabled devices found.


      -- Scheduled Tasks -------------------------------------------------------------

      2008-04-22 20:09:10 554 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Liesl.job


      -- Files created between 2008-03-23 and 2008-04-23 -----------------------------

      2008-04-23 18:10:50 0 d-------- C:\RVAXO
      2008-04-23 18:08:38 800405 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-04-23 18:08:38 69632 --a------ C:\WINDOWS\system32\remove.exe
      2008-04-23 16:11:27 0 d-------- C:\Program Files\Lavasoft
      2008-04-23 16:10:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-04-23 14:48:08 0 d-------- C:\Program Files\Trend Micro
      2008-04-23 14:39:16 0 d-------- C:\Program Files\Java
      2008-04-23 14:39:15 0 d-------- C:\Program Files\Common Files\Java
      2008-04-23 12:33:23 0 d-------- C:\Program Files\Altap Salamander 2.5
      2008-04-23 11:38:06 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2008-04-23 11:37:16 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
      2008-04-23 11:37:02 0 d-------- C:\Program Files\Webroot
      2008-04-23 11:37:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
      2008-04-23 11:36:51 164 --a------ C:\install.dat
      2008-04-23 11:36:40 0 d-------- C:\Documents and Settings\Liesl\Application Data\Webroot
      2008-04-23 11:35:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
      2008-04-23 11:35:22 0 d-------- C:\Temp
      2008-04-23 11:28:20 0 d-------- C:\WINDOWS\system32\GroupPolicy
      2008-04-23 11:28:09 0 d-------- C:\Program Files\Hitman Pro
      2008-04-23 11:14:48 95808 --a------ C:\WINDOWS\system32\xllemeir.dll
      2008-04-22 21:41:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-04-22 20:00:36 0 d-------- C:\Program Files\Windows Sidebar
      2008-04-22 20:00:35 0 d-------- C:\Program Files\Norton AntiVirus
      2008-04-22 19:57:30 0 d-------- C:\Program Files\Symantec
      2008-04-22 19:57:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
      2008-04-22 19:50:44 0 d-------- C:\Program Files\Common Files\Symantec Shared
      2008-04-22 00:30:36 0 d-------- C:\WINDOWS\system32\xcsDd05
      2008-04-09 14:42:39 0 d-------- C:\WINDOWS\system32\appmgmt
      2008-04-01 22:09:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-04-01 21:52:05 0 d-------- C:\WINDOWS\system32\aqVreo05
      2008-03-25 01:23:28 0 d--h----- C:\WINDOWS\PIF


      -- Find3M Report ---------------------------------------------------------------

      2008-04-23 16:10:50 0 d-------- C:\Program Files\Common Files
      2008-04-23 11:39:12 492566 --a----c- C:\WINDOWS\system32\perfh013.dat
      2008-04-23 11:39:12 91754 --a----c- C:\WINDOWS\system32\perfc013.dat
      2008-04-22 19:23:27 0 d-------- C:\Program Files\LimeWire
      2008-04-22 19:09:42 0 d-------- C:\Documents and Settings\Liesl\Application Data\AVG7
      2008-04-22 18:38:54 0 d-------- C:\Documents and Settings\Liesl\Application Data\Azureus
      2008-04-09 14:51:32 0 d-------- C:\Program Files\Canon
      2008-04-09 14:47:14 0 d-------- C:\Program Files\OpenOffice.org 2.1
      2008-03-21 13:32:07 0 d-------- C:\Program Files\MSN Messenger
      2008-03-21 13:30:50 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
      2008-03-21 13:30:19 0 d-------- C:\Program Files\Windows Live
      2008-03-12 23:59:17 0 d-------- C:\Program Files\IVT Corporation
      2008-03-12 23:59:12 32 --a------ C:\WINDOWS\0
      2008-03-12 23:50:03 0 --a------ C:\WINDOWS\system32\0
      2008-02-27 17:36:27 0 d-------- C:\Program Files\NCH Software
      2008-02-27 17:35:04 0 d-------- C:\Program Files\NCH Swift Sound
      2008-02-27 17:35:01 0 d-------- C:\Documents and Settings\Liesl\Application Data\NCH Swift Sound


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
      22-04-2008 20:04 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05-08-2005 21:05]
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [16-04-2008 12:45]
      "SigmatelSysTrayApp"="stsystra.exe" [22-03-2005 17:20 C:\WINDOWS\stsystra.exe]
      "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [08-05-2003 12:00]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25-03-2008 04:28]
      "BMa7c9a775"="C:\WINDOWS\system32\xllemeir.dll" [23-04-2008 11:14]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 03:03]
      "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [24-05-2006 20:31]

      C:\Documents and Settings\Liesl\Menu Start\Programma's\Opstarten\
      Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16-3-2005 19:16:50]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
      @="Service"

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
      "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
      "C:\Program Files\Norton AntiVirus\osCheck.exe"

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
      "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
      C:\Program Files\Winamp\wianmpa.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "TOSHIBA Bluetooth Service"=2 (0x2)
      "usnjsvc"=3 (0x3)
      "Symantec Core LC"=3 (0x3)
      "ose"=3 (0x3)
      "odserv"=3 (0x3)
      "FLEXnet Licensing Service"=3 (0x3)
      "CLTNetCnService"=2 (0x2)
      "ccSetMgr"=2 (0x2)
      "ccEvtMgr"=2 (0x2)
      "Bonjour Service"=2 (0x2)
      "Adobe LM Service"=3 (0x3)
      "aawservice"=2 (0x2)
      "LiveUpdate Notice"=2 (0x2)
      "LiveUpdate"=3 (0x3)
      "WebrootSpySweeperService"=2 (0x2)




      -- End of Deckard's System Scanner: finished at 2008-04-23 18:39:49 ------------



      ---RVAXO.exe Updated: 2008-04-22---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\BMa7c9a775.xml
      C:\WINDOWS\BMa7c9a775.txt
      C:\WINDOWS\system32\urqRKETJ.dll__DELETE_ON_REBOOT
      C:\WINDOWS\system32\CIlSvyay.ini2
      C:\WINDOWS\system32\jPonoXbc.ini2
      C:\WINDOWS\system32\xFLoYJjl.ini2
      C:\WINDOWS\system32\cbXonoPj.dll_old
      C:\WINDOWS\pskt.ini
      C:\WINDOWS\wininit.ini
      C:\WINDOWS\system32\clkcnt.txt
      C:\WINDOWS\system32\pac.txt

      Folders Found:

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------
      Last edited by Lisanne; 23-04-08, 18:46.

      Comment


      • #4
        *Ik kon mijn vorige berichtje niet meer bewerken..*

        Het probleem voltrekt zich nog steeds. De popups zijn volgens mij wel weg, alleen werkt Google nog steeds niet. Zo ook andere sites niet, zoals Dumpert.nl en zijn de meeste sites ook trager dan normaal.

        Ik hoop echt dat een van jullie mij hiermee kunnen helpen!

        Alvast bedankt!

        Comment


        • #5
          Ik heb ook de zoek.exe uit een ander bericht gedownload.. en kreeg toen dit:

          ======C:\WINDOWS====
          ----a-w 32 2008-03-12 21:59:12 C:\WINDOWS\0
          ----a-w 0 2008-04-23 16:10:48 C:\WINDOWS\0.log
          ----a-w 4,587 2008-04-23 18:30:18 C:\WINDOWS\BMa7c9a775.txt
          ----a-w 109,747 2008-04-23 16:47:21 C:\WINDOWS\BMa7c9a775.xml
          --s-a-w 2,048 2008-04-23 16:10:29 C:\WINDOWS\bootstat.dat
          ----a-w 264,955 2008-04-23 09:41:05 C:\WINDOWS\comsetup.log
          -c--a-w 17,846 2008-03-21 11:31:55 C:\WINDOWS\DPINST.LOG
          ----a-w 760,847 2008-04-23 09:41:05 C:\WINDOWS\FaxSetup.log
          ----a-w 7,138 2008-03-16 20:01:09 C:\WINDOWS\IDNMitigationAPIs.log
          ----a-w 61,861 2008-03-16 20:03:02 C:\WINDOWS\ie7.log
          ----a-w 21,415 2008-03-16 20:03:31 C:\WINDOWS\ie7_main.log
          ----a-w 852,603 2008-04-23 09:41:05 C:\WINDOWS\iis6.log
          ----a-w 1,374 2008-04-09 22:30:03 C:\WINDOWS\imsins.BAK
          ----a-w 1,374 2008-04-23 09:41:05 C:\WINDOWS\imsins.log
          ----a-w 10,736 2008-03-16 19:58:51 C:\WINDOWS\KB904942.log
          ----a-w 853 2008-04-23 09:41:34 C:\WINDOWS\KB912812.log
          ----a-w 5,923 2008-04-23 09:41:05 C:\WINDOWS\KB912919.log
          ----a-w 5,934 2008-03-16 20:00:19 C:\WINDOWS\KB915865.log
          ----a-w 11,039 2008-03-17 23:18:26 C:\WINDOWS\KB938127-IE7.log
          ----a-w 17,882 2008-04-09 22:29:01 C:\WINDOWS\KB941693.log
          ----a-w 24,123 2008-03-17 23:18:54 C:\WINDOWS\KB944533-IE7.log
          ----a-w 11,929 2008-04-09 22:27:12 C:\WINDOWS\KB945553.log
          ----a-w 26,230 2008-04-23 12:20:00 C:\WINDOWS\KB947864-IE7.log
          ----a-w 11,933 2008-04-09 22:28:26 C:\WINDOWS\KB948590.log
          ----a-w 13,519 2008-04-09 22:30:03 C:\WINDOWS\KB948881.log
          ----a-w 53,500 2008-04-23 09:41:05 C:\WINDOWS\MedCtrOC.log
          ----a-w 38,600 2008-04-23 09:41:05 C:\WINDOWS\msgsocm.log
          ----a-w 236,518 2008-04-23 09:41:03 C:\WINDOWS\msmqinst.log
          ----a-w 134,851 2008-04-23 09:41:05 C:\WINDOWS\netfxocm.log
          ----a-w 5,350 2008-03-16 20:00:50 C:\WINDOWS\NLSDownlevelMapping.log
          ----a-w 116,384 2008-04-23 16:06:41 C:\WINDOWS\ntbtlog.txt
          ----a-w 159,508 2008-04-23 09:41:05 C:\WINDOWS\ntdtcsetup.log
          ----a-w 373,288 2008-04-23 09:41:05 C:\WINDOWS\ocgen.log
          ----a-w 47,757 2008-04-23 09:41:05 C:\WINDOWS\ocmsn.log
          -c--a-w 28 2008-04-09 12:49:13 C:\WINDOWS\ODBC.INI
          ----a-w 22 2008-04-23 16:14:10 C:\WINDOWS\pskt.ini
          ----a-w 32,634 2008-04-23 16:05:03 C:\WINDOWS\SchedLgU.Txt
          ----a-w 199,399 2008-04-09 12:33:24 C:\WINDOWS\setupact.log
          ----a-w 64,477 2008-04-22 18:01:45 C:\WINDOWS\setupapi.log
          -c--a-w 54,883 2008-03-16 20:30:16 C:\WINDOWS\spupdsvc.log
          ----a-w 227 2008-04-23 13:23:15 C:\WINDOWS\system.ini
          ----a-w 38,883 2008-04-23 09:41:05 C:\WINDOWS\tabletoc.log
          ----a-w 355,068 2008-04-23 09:41:05 C:\WINDOWS\tsoc.log
          -c--a-w 76,626 2008-04-09 22:28:47 C:\WINDOWS\updspapi.log
          -c--a-w 37 2008-04-09 12:50:04 C:\WINDOWS\vbaddin.ini
          ----a-w 159 2008-04-23 16:10:45 C:\WINDOWS\wiadebug.log
          ----a-w 49 2008-04-23 16:10:45 C:\WINDOWS\wiaservc.log
          ----a-w 694 2008-04-23 13:23:15 C:\WINDOWS\win.ini
          ----a-w 1,466,028 2008-04-23 17:37:06 C:\WINDOWS\WindowsUpdate.log
          ----a-w 39,504 2008-04-23 16:52:02 C:\WINDOWS\wmsetup.log

          Entries: 50 (49)
          Directories: 0 Files: 50
          Bytes: 5,740,402 Blocks: 11,237
          ======C:\WINDOWS\system32=====
          ----a-w 0 2008-03-12 21:50:03 C:\WINDOWS\System32\0
          --sha-w 198,211 2008-04-23 02:54:50 C:\WINDOWS\System32\CIlSvyay.ini
          ----a-w 1,981,000 2008-04-10 17:27:56 C:\WINDOWS\System32\FNTCACHE.DAT
          ----a-w 135,168 2008-03-24 23:28:39 C:\WINDOWS\System32\java.exe
          ----a-w 69,632 2008-03-25 00:37:01 C:\WINDOWS\System32\javacpl.cpl
          ----a-w 135,168 2008-03-24 23:28:43 C:\WINDOWS\System32\javaw.exe
          ----a-w 139,264 2008-03-25 00:37:01 C:\WINDOWS\System32\javaws.exe
          --sha-w 201,877 2008-04-23 09:30:15 C:\WINDOWS\System32\jPonoXbc.ini
          ----a-w 6,300 2008-03-26 11:24:18 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
          ----a-w 6,341 2008-04-23 12:39:51 C:\WINDOWS\System32\jupdate-1.6.0_06-b02.log
          ----a-w 19,836,024 2008-04-06 05:56:20 C:\WINDOWS\System32\MRT.exe
          ----a-w 72,056 2008-04-23 09:39:12 C:\WINDOWS\System32\perfc009.dat
          ----a-w 91,754 2008-04-23 09:39:12 C:\WINDOWS\System32\perfc013.dat
          ----a-w 427,062 2008-04-23 09:39:12 C:\WINDOWS\System32\perfh009.dat
          ----a-w 492,566 2008-04-23 09:39:12 C:\WINDOWS\System32\perfh013.dat
          -c--a-w 1,097,486 2008-04-23 09:39:10 C:\WINDOWS\System32\PerfStringBackup.INI
          ----a-w 800,405 2008-04-21 22:01:46 C:\WINDOWS\System32\RVAXO.bat
          ----a-w 60,800 2008-04-22 18:02:24 C:\WINDOWS\System32\S32EVNT1.DLL
          ----a-w 1,845,376 2008-03-20 08:10:47 C:\WINDOWS\System32\win32k.sys
          ----a-w 2,206 2008-04-20 18:55:00 C:\WINDOWS\System32\wpa.dbl
          --sha-w 210,786 2008-04-22 20:26:11 C:\WINDOWS\System32\xFLoYJjl.ini
          ----a-w 95,808 2008-04-23 09:14:48 C:\WINDOWS\System32\xllemeir.dll

          Entries: 22 (19)
          Directories: 0 Files: 22
          Bytes: 27,905,290 Blocks: 54,514
          ======C:\WINDOWS\system32\drivers=====
          ----a-w 10,563 2008-04-22 18:02:24 C:\WINDOWS\System32\drivers\SYMEVENT.CAT
          ----a-w 805 2008-04-22 18:02:24 C:\WINDOWS\System32\drivers\SYMEVENT.INF
          ----a-w 123,952 2008-04-22 18:02:24 C:\WINDOWS\System32\drivers\SYMEVENT.SYS

          Entries: 3 (3)
          Directories: 0 Files: 3
          Bytes: 135,320 Blocks: 266
          =======C:\Program Files=====
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          =======C:=====
          --sh--w 211 2008-04-23 13:23:15 C:\boot.ini
          ----a-w 570 2008-04-23 16:09:28 C:\firstrun5.log
          ----a-w 164 2008-04-23 09:36:51 C:\install.dat
          --sha-w 1,610,612,736 2008-04-23 16:10:24 C:\pagefile.sys
          ----a-w 705 2008-04-23 16:11:15 C:\RVAXO-results.log
          ----a-w 28,435 2008-04-23 16:14:08 C:\RVAXO-Vfind.log

          Entries: 6 (4)
          Directories: 0 Files: 6
          Bytes: 1,610,642,821 Blocks: 3,145,790
          ======C:\Documents and Settings\Liesl\Application Data======
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          ======C:\Temp======
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          ======C:\Documents and Settings\Liesl======
          ---ha-w 7,602,176 2008-04-23 16:09:40 C:\Documents and Settings\Liesl\NTUSER.DAT
          ---ha-w 65,536 2008-04-23 18:35:05 C:\Documents and Settings\Liesl\ntuser.dat.LOG
          --sh--w 188 2008-04-23 16:05:00 C:\Documents and Settings\Liesl\ntuser.ini
          ----a-w 600 2008-04-23 10:40:37 C:\Documents and Settings\Liesl\winscp.RND

          Entries: 4 (1)
          Directories: 0 Files: 4
          Bytes: 7,668,500 Blocks: 14,979
          ======C:\WINDOWS\Downloaded Program Files====
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          =============


          Ik hoop dat iemand met deze informatie, mij kan helpen..

          Comment


          • #6
            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

            @ECHO OFF
            RD /S /Q C:\WINDOWS\system32\xcsDd05
            RD /S /Q C:\WINDOWS\system32\aqVreo05
            IF EXIST log.txt DEL log.txt
            ECHO Deleting files>>log.txt
            FOR %%g in (
            C:\WINDOWS\system32\xcsDd05
            C:\WINDOWS\system32\aqVreo05
            C:\WINDOWS\BMa7c9a775.txt
            C:\WINDOWS\BMa7c9a775.xml
            C:\WINDOWS\pskt.ini
            C:\WINDOWS\System32\CIlSvyay.ini
            C:\WINDOWS\System32\jPonoXbc.ini
            C:\WINDOWS\System32\xFLoYJjl.ini
            C:\WINDOWS\System32\xllemeir.dll) DO (
            del /q %%gNUCIA
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            REN %%g *NUCIA
            IF EXIST %%gNUCIA (
            ECHO renamed to %%gNUCIA>>log.txt)
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.

            Dubbelklik op del.bat en post het logje van del.bat

            Comment


            • #7
              Ik kreeg dit van het del.bat logje:

              Deleting files
              C:\WINDOWS\system32\xcsDd05 not found
              C:\WINDOWS\system32\aqVreo05 not found
              C:\WINDOWS\BMa7c9a775.txt deleted
              C:\WINDOWS\BMa7c9a775.xml deleted
              C:\WINDOWS\pskt.ini deleted
              C:\WINDOWS\System32\CIlSvyay.ini deleted
              C:\WINDOWS\System32\jPonoXbc.ini deleted
              C:\WINDOWS\System32\xFLoYJjl.ini deleted
              renamed to C:\WINDOWS\System32\xllemeir.dllNUCIA
              C:\WINDOWS\System32\xllemeir.dll deleted

              Comment


              • #8
                Herstart je computer even.

                Dubbelklik na de herstart nog een keer op del.bat
                Post daarna een nieuw logje van Hijackthis

                Comment


                • #9
                  Nieuw logje van del.bat:

                  Deleting files
                  C:\WINDOWS\system32\xcsDd05 not found
                  C:\WINDOWS\system32\aqVreo05 not found
                  C:\WINDOWS\BMa7c9a775.txt deleted
                  C:\WINDOWS\BMa7c9a775.xml not found
                  C:\WINDOWS\pskt.ini not found
                  C:\WINDOWS\System32\CIlSvyay.ini not found
                  C:\WINDOWS\System32\jPonoXbc.ini not found
                  C:\WINDOWS\System32\xFLoYJjl.ini not found
                  C:\WINDOWS\System32\xllemeir.dll not found


                  En Hijackthis:

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 23:04:42, on 23-4-2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
                  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                  C:\WINDOWS\stsystra.exe
                  C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
                  C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
                  C:\Program Files\Windows Media Player\wmplayer.exe
                  C:\WINDOWS\system32\notepad.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                  O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
                  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                  O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
                  O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
                  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                  O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
                  O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
                  O4 - HKLM\..\Run: [BMa7c9a775] Rundll32.exe "C:\WINDOWS\system32\xllemeir.dll",s
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                  O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
                  O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
                  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                  O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
                  O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
                  O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
                  O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
                  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                  O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
                  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                  O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                  O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

                  --
                  End of file - 6325 bytes


                  *Ik waardeer jullie hulp enorm - nogmaals bedankt hiervoor!*

                  Comment


                  • #10
                    Verwijder met Hijackthis de volgende regel nog:
                    O4 - HKLM\..\Run: [BMa7c9a775] Rundll32.exe "C:\WINDOWS\system32\xllemeir.dll",s

                    Heb je java verwijderd?
                    Ik zie namelijk dit:
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)

                    Eventueel opnieuw installeren

                    Ondervind je nog problemen?

                    Comment


                    • #11
                      Ik heb Java opnieuw geinstaleerd (had hem volgens mij niet verwijderd, maar keb in 2 dagen tijd zoveel verwijderd en geinstaleerd, dat ie misschien een keer is meegegaan..), opnieuw opgestart en toen nog een keer Hijackthis gedraait. Ik hoop voor de laatste keer :P

                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 23:25:05, on 23-4-2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\Ati2evxx.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
                      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\system32\wuauclt.exe
                      C:\WINDOWS\system32\userinit.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                      C:\WINDOWS\stsystra.exe
                      C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
                      C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
                      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                      O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
                      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                      O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
                      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
                      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                      O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
                      O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
                      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                      O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
                      O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
                      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                      O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
                      O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
                      O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
                      O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
                      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                      O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
                      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                      O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

                      --
                      End of file - 6196 bytes


                      En als ik het zo bekijk is het probleem opgelost!
                      Ik krijg geen popups meer, en ik kan ook weer normaal in Google zoeken (alle zoekmachines werkte niet, behalve Windows Live Search)

                      BEDANKT! Ben echt super blij met jullie manier van oplossen!

                      Comment


                      • #12
                        Graag gedaan hoor

                        Logje lijkt OK, java geeft nog steeds (file missing) maar dat zal dan wel niet kloppen.

                        Doe dit nog:
                        Download ATF cleaner (mirror)(gemaakt door Atribune)

                        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                        Dubbelklik op ATF cleaner om het programma te starten.
                        Op het tabblad "Main", plaats je een vinkje bij Select All.
                        Klik op de knop Empty Selected.

                        Het volgende doen als je ook FireFox als browser hebt:
                        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                        Klik op de knop Empty Selected.

                        Het volgende doen als je ook Opera als browser hebt:
                        Klik op tabblad "Opera", plaats een vinkje bij Select All.
                        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        Klik op de knop Empty Selected.
                        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                        Kijk hier hoe je je systeemherstel moet uitschakelen.
                        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                        Dan denk ik dat we klaar zijn

                        Comment


                        • #13
                          Ik heb ATF Cleaner gedraait, en ik denk inderdaad dat de problemen nu (EINDELIJK) opgelost zijn!

                          Mijn dank is groot!!

                          Comment


                          • #14
                            Graag gedaan hoor

                            Comment

                            Sorry, you are not authorized to view this page
                            Working...
                            X