Mededeling

Collapse
No announcement yet.

help me aub

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    help me aub

    hoi, telkens als ik mijn pc opstart krijg ik een error met iets van RegTool.exe ofzo..dan druk gewoon op OK, dan werkt mijn pc 30 minuten normaal en dan herstart mijn pc automatisch..dit is heel vervelend..kan iemand me a.u.b. helpen? hier logje van HT:



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:02:08, on 19/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\RunOnce: [NSIS.Library.RegTool.v2] "C:\WINDOWS\system32\NSIS.Library.RegTool.v2.exe" /S
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6474CC71-5E6E-4396-8C1F-1AB74CEA949D}: NameServer = 192.168.0.1,192.168.0.136
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    --
    End of file - 5491 bytes


    alvast hartelijk bedankt!
    -Pascal
    Labels: Geen
    • Citaat
  • #2
    kan iemand me helpen?
    • Citaat

    Comment

    • #3
      dit topic is al meer als 24 uur oud en nog geen reactie? sorry voor mijn ongeduldigheid maar mijn pc start om de zoveel minuten opnieuw op..
      • Citaat

      Comment

      • #4
        Download Combofix naar je Bureaublad.
        Dubbelklik op Combofix.exe
        Kies voor "Continue" door 1 te typen gevolgd door ENTER.
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
        Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
        Plaats deze log in je volgende post.

        NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
        • Citaat

        Comment

        • #5
          hierbij het logje van combofix:

          ComboFix 07-12-22.1 - Pascal 2007-12-22 19:55:13.1 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.169 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Pascal\Local Settings\Temporary Internet Files\Content.IE5\UZ09Q47T\ComboFix[1].exe
          * Nieuw herstelpunt werd aangemaakt
          .

          (((((((((((((((((((( Bestanden Gemaakt van 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))
          .

          2007-12-20 19:36 . 2007-12-20 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2007-12-20 19:30 . 2007-12-21 16:00 <DIR> d-------- C:\Documents and Settings\Pascal\Application Data\AVG7
          2007-12-20 19:29 . 2007-12-20 19:29 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
          2007-12-20 19:28 . 2007-12-20 19:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
          2007-12-20 19:28 . 2007-12-20 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
          2007-12-19 18:36 . 2007-12-19 19:11 <DIR> d-------- C:\RVAXO
          2007-12-19 18:33 . 2007-12-19 19:20 552,738 --a------ C:\WINDOWS\system32\RVAXO.bat
          2007-12-19 18:33 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
          2007-12-11 20:37 . 2007-12-11 20:37 <DIR> d-------- C:\WINDOWS\system32\nl-nl
          2007-12-11 20:32 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
          2007-12-11 15:48 . 2007-12-11 15:48 <DIR> d-------- C:\Documents and Settings\Pascal\.housecall6.6
          2007-12-09 09:27 . 2007-12-09 09:27 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
          2007-12-09 09:27 . 2007-12-09 09:29 30,590 --a------ C:\WINDOWS\system32\pavas.ico
          2007-12-09 09:27 . 2007-12-09 09:29 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
          2007-12-09 09:27 . 2007-12-09 09:29 1,406 --a------ C:\WINDOWS\system32\Help.ico
          2007-12-05 18:34 . 2007-12-05 18:34 <DIR> d-------- C:\WINDOWS\XCLIENT Lite
          2007-12-05 17:27 . 2007-12-05 17:27 <DIR> d-------- C:\WINDOWS\.file_store_32
          2007-12-02 13:46 . 2007-12-02 13:47 <DIR> d-------- C:\Documents and Settings\Pascal\Application Data\PrevxCSI
          2007-12-02 13:46 . 2007-12-02 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
          2007-12-02 13:46 . 2007-12-02 13:47 10,624 --a------ C:\WINDOWS\system32\drivers\pxark.sys
          2007-12-01 20:22 . 2007-12-02 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
          2007-11-30 21:55 . 2007-12-02 11:33 <DIR> d-------- C:\WINDOWS\.frugoo_file_store_32
          2007-11-26 19:18 . 2007-12-16 15:18 <DIR> d-------- C:\WINDOWS\.mpr_file_store_32
          2007-11-26 19:16 . 2007-11-30 17:38 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
          2007-11-25 08:36 . 2002-12-29 01:14 81,920 --a------ C:\WINDOWS\system32\Startup.cpl
          2007-11-23 20:56 . 2007-11-23 20:56 <DIR> d-------- C:\RootkitNO
          2007-11-23 20:56 . 2007-11-23 20:56 123 --a------ C:\WINDOWS\rootkitno.ini
          2007-11-23 20:46 . 2007-11-23 20:59 <DIR> d-------- C:\Documents and Settings\Pascal\Application Data\Regrun
          2007-11-23 20:46 . 2007-11-23 20:46 <DIR> d-------- C:\backreg
          2007-11-23 20:46 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
          2007-11-23 20:45 . 2003-09-06 16:55 57,556 --a------ C:\WINDOWS\guard.bmp

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2007-12-20 17:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
          2007-12-19 19:51 --------- d-----w C:\Documents and Settings\Pascal\Application Data\MSN6
          2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
          2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
          2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
          2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
          2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
          2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
          2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
          2007-12-02 12:50 --------- d-----w C:\Documents and Settings\Pascal\Application Data\Hamachi
          2007-11-25 18:38 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
          2007-11-20 17:40 402,784 ----a-w C:\WINDOWS\system32\deploytk.dll
          2007-11-17 21:09 --------- d-----w C:\Program Files\MSN Messenger
          2007-11-17 20:37 --------- d-----w C:\Documents and Settings\Pascal\Application Data\EAST Technologies
          2007-11-08 17:07 --------- d-----w C:\Documents and Settings\Pascal\Application Data\SecondLife
          2007-11-01 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ghost Controls
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
          "AWMON"="C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [2004-09-16 15:15]
          "SoundMan"="SOUNDMAN.EXE" [2003-11-13 11:23 C:\WINDOWS\SOUNDMAN.EXE]
          "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 14:30]
          "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-08 12:00]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k"

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
          "NSIS.Library.RegTool.v2"="C:\WINDOWS\system32\NSIS.Library.RegTool.v2.exe"

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03]
          "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-20 19:29]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
          2007-05-11 02:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
          2003-06-25 14:30 335872 --a------ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
          C:\WINDOWS\system32\dumprep 0 -k

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
          2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
          C:\Program Files\QuickTime\qttask.exe -atboottime

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
          SOUNDMAN.EXE

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

          R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-06-12 11:31]
          S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys
          S3 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2007-12-02 13:47]
          S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys

          *Newly Created Service* - CATCHME
          *Newly Created Service* - PROCEXP90
          .
          **************************************************************************

          catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2007-12-22 19:56:24
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2007-12-22 19:56:50
          .
          2007-11-19 19:12:30 --- E O F ---

          zeer hard bedankt voor de hulp
          • Citaat

          Comment

          • #6
            Download de bijlage: CFScript.txt

            Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



            Dit zal ComboFix doen herstarten.
            Start opnieuw op als daarom gevraagd wordt,
            en post de inhoud van de Combofix.txt in je volgende antwoord.
            Vertel of er nog problemen zijn
            Bijgevoegde Bestanden
            • Citaat

            Comment

            • #7
              logje:


              ComboFix 07-12-23.1 - Pascal 2007-12-23 9:58:16.2 - NTFSx86
              Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.222 [GMT 1:00]
              Gestart vanuit: C:\Documents and Settings\Pascal\Bureaublad\ComboFix.exe
              Command switches used :: C:\Documents and Settings\Pascal\Bureaublad\cfscript[1].txt
              * Nieuw herstelpunt werd aangemaakt
              .

              (((((((((((((((((((( Bestanden Gemaakt van 2007-11-23 to 2007-12-23 ))))))))))))))))))))))))))))))
              .

              2007-12-20 19:36 . 2007-12-20 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
              2007-12-20 19:30 . 2007-12-21 16:00 <DIR> d-------- C:\Documents and Settings\Pascal\Application Data\AVG7
              2007-12-20 19:29 . 2007-12-20 19:29 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
              2007-12-20 19:28 . 2007-12-20 19:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
              2007-12-20 19:28 . 2007-12-20 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
              2007-12-19 18:36 . 2007-12-19 19:11 <DIR> d-------- C:\RVAXO
              2007-12-19 18:33 . 2007-12-19 19:20 552,738 --a------ C:\WINDOWS\system32\RVAXO.bat
              2007-12-19 18:33 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
              2007-12-11 20:37 . 2007-12-11 20:37 <DIR> d-------- C:\WINDOWS\system32\nl-nl
              2007-12-11 20:32 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
              2007-12-11 15:48 . 2007-12-11 15:48 <DIR> d-------- C:\Documents and Settings\Pascal\.housecall6.6
              2007-12-09 09:27 . 2007-12-09 09:27 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
              2007-12-09 09:27 . 2007-12-09 09:29 30,590 --a------ C:\WINDOWS\system32\pavas.ico
              2007-12-09 09:27 . 2007-12-09 09:29 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
              2007-12-09 09:27 . 2007-12-09 09:29 1,406 --a------ C:\WINDOWS\system32\Help.ico
              2007-12-05 18:34 . 2007-12-05 18:34 <DIR> d-------- C:\WINDOWS\XCLIENT Lite
              2007-12-05 17:27 . 2007-12-05 17:27 <DIR> d-------- C:\WINDOWS\.file_store_32
              2007-12-02 13:46 . 2007-12-02 13:47 <DIR> d-------- C:\Documents and Settings\Pascal\Application Data\PrevxCSI
              2007-12-02 13:46 . 2007-12-02 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
              2007-12-02 13:46 . 2007-12-02 13:47 10,624 --a------ C:\WINDOWS\system32\drivers\pxark.sys
              2007-12-01 20:22 . 2007-12-02 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
              2007-11-30 21:55 . 2007-12-02 11:33 <DIR> d-------- C:\WINDOWS\.frugoo_file_store_32
              2007-11-26 19:18 . 2007-12-16 15:18 <DIR> d-------- C:\WINDOWS\.mpr_file_store_32
              2007-11-26 19:16 . 2007-11-30 17:38 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
              2007-11-25 08:36 . 2002-12-29 01:14 81,920 --a------ C:\WINDOWS\system32\Startup.cpl
              2007-11-23 20:56 . 2007-11-23 20:56 <DIR> d-------- C:\RootkitNO
              2007-11-23 20:56 . 2007-11-23 20:56 123 --a------ C:\WINDOWS\rootkitno.ini
              2007-11-23 20:46 . 2007-11-23 20:59 <DIR> d-------- C:\Documents and Settings\Pascal\Application Data\Regrun
              2007-11-23 20:46 . 2007-11-23 20:46 <DIR> d-------- C:\backreg
              2007-11-23 20:46 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
              2007-11-23 20:45 . 2003-09-06 16:55 57,556 --a------ C:\WINDOWS\guard.bmp

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2007-12-20 17:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
              2007-12-19 19:51 --------- d-----w C:\Documents and Settings\Pascal\Application Data\MSN6
              2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
              2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
              2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
              2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
              2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
              2007-12-02 12:50 --------- d-----w C:\Documents and Settings\Pascal\Application Data\Hamachi
              2007-11-25 18:38 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
              2007-11-17 21:09 --------- d-----w C:\Program Files\MSN Messenger
              2007-11-17 20:37 --------- d-----w C:\Documents and Settings\Pascal\Application Data\EAST Technologies
              2007-11-08 17:07 --------- d-----w C:\Documents and Settings\Pascal\Application Data\SecondLife
              2007-11-01 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ghost Controls
              .

              ((((((((((((((((((((((((((((( [email protected]_19.56.25,56 )))))))))))))))))))))))))))))))))))))))))
              .
              + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
              + 2007-12-23 09:00:54 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_620.dat
              .
              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
              "AWMON"="C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [2004-09-16 15:15]
              "SoundMan"="SOUNDMAN.EXE" [2003-11-13 11:23 C:\WINDOWS\SOUNDMAN.EXE]
              "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 14:30]
              "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
              "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-08 12:00]
              "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
              "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k"
              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
              "NSIS.Library.RegTool.v2"="C:\WINDOWS\system32\NSIS.Library.RegTool.v2.exe"

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03]
              "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-20 19:29]

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
              2007-05-11 02:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
              2003-06-25 14:30 335872 --a------ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
              C:\WINDOWS\system32\dumprep 0 -k

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
              2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
              C:\Program Files\QuickTime\qttask.exe -atboottime

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
              SOUNDMAN.EXE

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
              C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

              R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-06-12 11:31]
              S3 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2007-12-02 13:47]

              .
              **************************************************************************

              catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2007-12-23 10:01:28
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              scannen van verborgen bestanden ...

              Scan succesvol afgerond
              verborgen bestanden: 0

              **************************************************************************
              .
              Voltooingstijd: 2007-12-23 10:02:16 - machine was rebooted [Pascal]
              C:\ComboFix2.txt ... 2007-12-22 19:56
              .
              2007-11-19 19:12:30 --- E O F ---



              ik zal later laten weten of er nog problemen zijn, bedankt voor je tijd en hulp
              • Citaat

              Comment

              • #8
                Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
                Dit zal alles van RVAXO doen verwijderen.

                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Ga naar Start - Uitvoeren en geef hier het volgende in:
                Combofix /U
                Druk daarna op OK.
                Let op: Er moet een spatie tussen Combofix en /U zitten.

                Dit zal Combofix deïnstalleren.

                Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                Kijk hier hoe je je systeemherstel moet uitschakelen.
                Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                Vertel of er nog problemen zijn
                • Citaat

                Comment

                Vorige template Volgende
                Sorry, you are not authorized to view this page
                Working...
                X