Mededeling

Collapse
No announcement yet.

Oh Aub Help:( Pos Temp Out Of Control!!

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Oh Aub Help:( Pos Temp Out Of Control!!

    Kan iemand aub helpen.. mijn hele pc flipt, ik moet een paper voor school afmaken en ik kan niks meer doen..
    mijn c schijf zit onder de pos tmp files en ik ben echt aan het einde van mn latijn..
    kan iemand mij aub helpen?
    Labels: Geen
    • Citaat
  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
    • Citaat

    Comment

    • #3
      Smeenk!

      Dankje dankje dankje voor je hulp!

      Hier zijn de logs,

      RVAXOLog:

      ---RVAXO.exe Updated: 2008-02-21---first run---
      Files found:
      C:\WINDOWS\system32\upiljeme.dllbox
      C:\WINDOWS\system32\prutv.ini2
      C:\WINDOWS\system32\WLCtrl32.dll
      C:\Documents and Settings\Daniela\Mijn documenten\pos???.tmp
      C:\pos???.tmp
      C:\Documents and Settings\Daniela\Bureau~1\Help and Support Center.lnk

      Uninstallers:


      Folders Found:


      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      C:\WINDOWS\system32\WLCtrl32.dll
      C:\pos???.tmp
      C:\Documents and Settings\Daniela\Bureau~1\Help and Support Center.lnk
      Folders Found:

      --------------RVAXO.exe finished----------------


      Combofixlog:

      ComboFix 08-02-21 - Daniela 2008-02-21 18:04:49.1 - NTFSx86
      Gestart vanuit: C:\Documents and Settings\Daniela\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\Daniela\Application Data\ASKS~1
      C:\Documents and Settings\Daniela\Application Data\CROSOF~1
      C:\Documents and Settings\Daniela\Application Data\CROSOF~1.NET
      C:\Documents and Settings\Daniela\Application Data\CURITY~1
      C:\Documents and Settings\Daniela\Application Data\ICROSO~1
      C:\Documents and Settings\Daniela\Application Data\ICROSO~1.NET
      C:\Documents and Settings\Daniela\Application Data\inst.exe
      C:\Documents and Settings\Daniela\Application Data\macromedia\Flash Player\#SharedObjects\4VEKBY8K\www.broadcaster.com
      C:\Documents and Settings\Daniela\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
      C:\Documents and Settings\Daniela\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
      C:\Documents and Settings\Daniela\Application Data\MANTEC~1
      C:\Documents and Settings\Daniela\Application Data\RACLE~1
      C:\Documents and Settings\Daniela\Application Data\RACLE~2
      C:\Documents and Settings\Daniela\Application Data\TSKS~1
      C:\Documents and Settings\Daniela\Application Data\WNSXS~1
      C:\Documents and Settings\Daniela\Application Data\YSTEM3~1
      C:\Program Files\asks~1
      C:\Program Files\asks~2
      C:\Program Files\Common Files\asembl~1
      C:\Program Files\Common Files\fnts~1
      C:\Program Files\Common Files\mcroso~1
      C:\Program Files\Common Files\mcroso~1.net
      C:\Program Files\Common Files\microsoft shared\web folders\ibm00001.dll
      C:\Program Files\Common Files\microsoft shared\web folders\ibm00002.dll
      C:\Program Files\Common Files\ppatch~1
      C:\Program Files\Common Files\racle~1
      C:\Program Files\Common Files\stem~1
      C:\Program Files\Common Files\ymante~1
      C:\Program Files\Common Files\ymbols~1
      C:\Program Files\curity~1
      C:\Program Files\ecurit~1
      C:\Program Files\icroso~1
      C:\Program Files\ppatch~1
      C:\Program Files\pppatc~1
      C:\Program Files\pppatc~2
      C:\Program Files\racle~1
      C:\Program Files\racle~1\attrib.exe
      C:\Program Files\sembly~1
      C:\Program Files\sks~1
      C:\Program Files\smbols~1
      C:\Program Files\tsks~1
      C:\WINDOWS\cookies.ini
      C:\WINDOWS\crosof~1
      C:\WINDOWS\crosof~1.net
      C:\WINDOWS\fnts~1
      C:\WINDOWS\icroso~1.net
      C:\WINDOWS\ppatch~1
      C:\WINDOWS\pppatc~1
      C:\WINDOWS\racle~1
      C:\WINDOWS\smante~1
      C:\WINDOWS\smbols~1
      C:\WINDOWS\ssembl~1
      C:\WINDOWS\sstem3~1
      C:\WINDOWS\stem32~1
      C:\WINDOWS\system32\8_exception.nls
      C:\WINDOWS\system32\87422.exe
      C:\WINDOWS\system32\adult.txt
      C:\WINDOWS\system32\dnaxgple.dll
      C:\WINDOWS\system32\dobe~1
      C:\WINDOWS\system32\drivers\LHLI47.sys
      C:\WINDOWS\system32\drivers\symavc32.sys
      C:\WINDOWS\system32\elpgxand.ini
      C:\WINDOWS\system32\finance.txt
      C:\WINDOWS\system32\fnts~1
      C:\WINDOWS\system32\icqmlib.exe
      C:\WINDOWS\system32\icroso~1
      C:\WINDOWS\system32\iepref32.dll
      C:\WINDOWS\system32\ierplc.dll
      C:\WINDOWS\system32\ips.dll
      C:\WINDOWS\system32\jgcsnkgl.dll
      C:\WINDOWS\system32\jvrxwxvl.dll
      C:\WINDOWS\system32\knkwmhti.dll
      C:\WINDOWS\system32\lanmandrv.sys
      C:\WINDOWS\system32\lanmanwrk.exe
      C:\WINDOWS\system32\laprxy.dllexe
      C:\WINDOWS\system32\lgknscgj.ini
      C:\WINDOWS\system32\mantec~1
      C:\WINDOWS\system32\ocxapi.dll
      C:\WINDOWS\system32\ocxloader.exe
      C:\WINDOWS\system32\other.txt
      C:\WINDOWS\system32\oyvahtfc.ini
      C:\WINDOWS\system32\pharma.txt
      C:\WINDOWS\system32\ppatch~1
      C:\WINDOWS\system32\ppatch~1\bak\nopdb.exe
      C:\WINDOWS\system32\ppatch~1\nopdb.exe~
      C:\WINDOWS\system32\ppatch~1\nopdb.exe1174596200
      C:\WINDOWS\system32\ppatch~1\nopdb.exe1176415041
      C:\WINDOWS\system32\prutv.ini
      C:\WINDOWS\system32\prutv.ini2
      C:\WINDOWS\system32\qmopt.dll
      C:\WINDOWS\system32\racle~1
      C:\WINDOWS\system32\rbinhscd.dll
      C:\WINDOWS\system32\sft.res
      C:\WINDOWS\system32\sjtooytd.dll
      C:\WINDOWS\system32\sltmoqtn.dll
      C:\WINDOWS\system32\upiljeme.dll
      C:\WINDOWS\system32\upiljeme.dllbox
      C:\WINDOWS\system32\vturp.dll
      C:\WINDOWS\system32\wgupmstu.dll
      C:\WINDOWS\system32\windows
      C:\WINDOWS\system32\wtsit.exe
      C:\WINDOWS\system32\wtssvit.exe
      C:\WINDOWS\system32\wvjrqjyw.ini
      C:\WINDOWS\system32\ymbols~1
      C:\WINDOWS\system32\ystem3~1
      C:\WINDOWS\ymante~1
      C:\WINDOWS\ystem3~1

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

      .
      -------\LEGACY_LANMANDRV
      -------\LEGACY_LHLI47
      -------\LEGACY_NTMLSVC
      -------\LEGACY_RUNTIME
      -------\lanmandrv
      -------\NtmlSvc


      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-21 to 2008-02-21 ))))))))))))))))))))))))))))))
      .

      2008-02-21 17:36 . 2008-02-21 17:37 7,168 --a------ C:\WINDOWS\system32\WLCtrl32.dl_
      2008-02-21 17:35 . 2008-02-21 17:41 <DIR> d-------- C:\RVAXO
      2008-02-21 17:29 . 2008-02-21 15:42 708,525 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-02-21 17:29 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2008-02-21 16:18 . 2008-02-21 16:27 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
      2008-02-21 14:45 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
      2008-02-21 14:45 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
      2008-02-21 14:45 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
      2008-02-21 14:25 . 2008-02-21 14:25 <DIR> d-------- C:\Program Files\Windows Live
      2008-02-21 14:24 . 2008-02-21 16:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-02-21 14:12 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
      2008-02-21 14:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
      2008-02-21 14:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
      2008-02-21 14:12 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
      2008-02-21 13:51 . 2008-02-21 13:51 <DIR> d-------- C:\Documents and Settings\Daniela\Application Data\Symantec
      2008-02-21 13:47 . 2008-02-21 13:47 <DIR> d-------- C:\Documents and Settings\Daniela\Application Data\Yahoo!
      2008-02-21 13:47 . 2008-02-21 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
      2008-02-21 12:48 . 2008-02-21 12:48 <DIR> d-------- C:\Program Files\Windows Sidebar
      2008-02-21 12:48 . 2008-02-21 13:35 <DIR> d-------- C:\Program Files\Norton AntiVirus
      2008-02-21 12:41 . 2008-02-21 12:55 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
      2008-02-21 12:41 . 2008-02-21 12:55 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
      2008-02-21 12:41 . 2008-02-21 12:55 10,652 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
      2008-02-21 12:41 . 2008-02-21 12:55 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
      2008-02-20 07:08 . 2008-02-21 11:25 <DIR> d-------- C:\Program Files\Common Files\12
      2008-02-20 07:08 . 2008-02-21 11:25 <DIR> d-------- C:\Program Files\12
      2008-02-19 17:17 . 2008-02-19 17:17 <DIR> d-------- C:\Program Files\ESET
      2008-02-19 17:17 . 2008-02-19 17:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
      2008-02-17 13:10 . 2008-02-21 17:37 21,632 --a------ C:\WINDOWS\system32\drivers\Xek38.sys
      2008-02-17 13:10 . 2008-02-19 15:46 18,368 --a------ C:\WINDOWS\system32\service.sys
      2008-02-17 13:10 . 2008-02-21 18:39 7,168 --a------ C:\WINDOWS\system32\WLCtrl32.dll
      2008-02-17 13:10 . 2008-02-17 13:10 29 --a------ C:\WINDOWS\system32\rooppeer.tmp
      2008-02-17 12:56 . 2008-02-18 18:07 <DIR> d-------- C:\Documents and Settings\Daniela\Application Data\Vso
      2008-02-17 12:56 . 2008-02-17 12:56 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
      2008-02-17 12:56 . 2008-02-18 18:07 47,360 --a------ C:\Documents and Settings\Daniela\Application Data\pcouffin.sys
      2008-02-17 12:29 . 2004-10-12 14:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
      2008-02-17 12:29 . 2004-10-12 14:46 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
      2008-02-17 12:29 . 2004-10-05 16:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
      2008-02-17 12:29 . 2004-10-12 14:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
      2008-02-17 12:29 . 2003-04-03 00:17 172,032 --a------ C:\WINDOWS\system32\ac3filter.ax
      2008-02-17 12:29 . 2004-10-04 01:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
      2008-02-10 19:46 . 2008-02-10 19:46 <DIR> d-------- C:\Program Files\DivX
      2008-02-03 14:42 . 2008-02-03 14:42 <DIR> d-------- C:\Documents and Settings\Daniela\Application Data\Nero
      2008-02-03 14:35 . 2008-02-03 14:39 <DIR> d-------- C:\Program Files\Common Files\Nero
      2008-02-03 14:35 . 2008-02-03 14:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
      2008-02-03 14:14 . 2008-02-03 14:14 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
      2008-02-03 14:14 . 2008-02-03 14:14 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-21 17:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-02-21 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
      2008-02-21 11:55 --------- d-----w C:\Program Files\Symantec
      2008-02-21 11:33 --------- d-----w C:\Program Files\Yahoo!
      2008-02-19 15:56 --------- d-----w C:\Program Files\MSN Messenger
      2008-02-19 15:54 --------- d-----w C:\Program Files\QuickTime
      2008-02-19 15:42 --------- d-----w C:\Program Files\LimeWire
      2008-02-19 15:41 --------- d-----w C:\Program Files\Corel
      2008-02-19 15:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-02-19 15:34 --------- d-----w C:\Program Files\Samsung
      2008-02-07 03:47 --------- d-----w C:\Program Files\Soulseek
      2008-02-03 13:15 --------- d-----w C:\Program Files\MessengerPlus! 3
      2008-02-03 13:14 --------- d-----w C:\Program Files\Google
      2008-02-03 13:08 --------- d-----w C:\Program Files\WMR11
      2008-02-03 13:08 --------- d-----w C:\Program Files\Windows Media Connect 2
      2008-02-03 13:08 --------- d-----w C:\Program Files\Viewpoint
      2008-02-03 13:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
      2008-02-03 13:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
      2008-02-03 10:56 --------- d-----w C:\Documents and Settings\Daniela\Application Data\skypePM
      2008-01-24 16:33 --------- d-----w C:\Documents and Settings\Daniela\Application Data\LimeWire
      2007-12-24 23:54 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
      2007-12-24 23:54 --------- d-----w C:\Program Files\Skype
      2007-12-21 07:21 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
      2007-12-21 07:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
      2007-12-21 07:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
      2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
      2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
      2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
      2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
      2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
      .

      ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3130CBE3-5B72-09F3-531B-5300B7CEDFC0}]
      C:\WINDOWS\system32\hmynara.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
      2008-02-21 13:04 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\kb dtqqj]
      @={BA4B6A67-38AF-954E-3708-E9E558367CE3}

      [HKEY_CLASSES_ROOT\CLSID\{BA4B6A67-38AF-954E-3708-E9E558367CE3}]
      C:\WINDOWS\system32\kbdtqqj.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
      "CSIM"="D:\DRIVERS\aim.exe" [ ]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:15 1667584]
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
      "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Cmaudio"="cmicnfg.cpl"
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-25 03:33 2899968]
      "nwiz"="nwiz.exe" [2006-07-25 03:33 782336 C:\WINDOWS\system32\nwiz.exe]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-25 03:33 46080]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 15:55 267064]
      "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792]
      "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
      "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
      "NBKeyScan"="E:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
      "service.exe"="C:\WINDOWS\system32\service.exe" [ ]
      "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 06:07 51048]
      "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-25 05:53 714608]
      "isCfgWiz"="C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" [2007-08-24 10:49 607624]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      UvA - Informatiseringscentrum CISCO VPN Client.lnk - C:\Program Files\Cisco Systems\vpngui.exe [2007-01-24 19:04:07 1528880]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "DisallowRun"= 1 (0x1)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
      WLCtrl32.dll 2008-02-21 18:39 7168 C:\WINDOWS\system32\WLCtrl32.dll

      R0 Xek38;Xek38;C:\WINDOWS\system32\Drivers\Xek38.sys [2008-02-21 17:37]
      R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
      R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 06:07]
      R2 LxrHP30d;LxrHP30d;C:\WINDOWS\system32\Drivers\LxrHP30d.sys [2006-04-01 15:02]
      R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]
      S3 EraserUtilDrvI3;EraserUtilDrvI3;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI3.sys
      S3 PciCon;PciCon;F:\PciCon.sys
      S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
      S3 service.sys;service.sys;C:\WINDOWS\system32\service.sys [2008-02-19 15:46]
      S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3653e312-c188-11da-9b2a-00138f89819f}]
      \Shell\AutoRun\command - H:\HPSecure\Windows\HPSecure30.exe

      *Newly Created Service* - SHAREDACCESS
      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-02-01 20:52:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-21 18:45:36
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      --------------------- DLLs Geladen Onder Lopende Processen ---------------------

      PROCESS: C:\WINDOWS\system32\winlogon.exe
      -> C:\WINDOWS\system32\WLCtrl32.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Cisco Systems\cvpnd.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      E:\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\RunDll32.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
      .
      **************************************************************************
      .
      Voltooingstijd: 2008-02-21 18:48:41 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-02-21 17:48:34
      • Citaat

      Comment

      • #4
        Zou je eens de map RVAXO willen openen en dan op "Uninstall.cmd" willen klikken.
        Dit verwijderd alles van RVAXO.
        Download RVAXO opnieuw en laat deze nog eens lopen.
        Als de PC niet vanzelf herstart, doe dit dan zelf.
        Als na de herstart RVAXO niet opgestart wordt, start hem dan zelf nog een keer.
        Post na afloop het nieuwe logje van RVAXO en een nieuw logje van Hijackthis
        • Citaat

        Comment

        • #5
          Hey, ik heb die RVAXO nog n keertje gedaan..

          Hier dat logje:

          ---RVAXO.exe Updated: 2008-02-21---first run---
          Files found:
          C:\WINDOWS\system32\WLCtrl32.dll
          C:\Documents and Settings\Daniela\Bureau~1\Help and Support Center.lnk

          Uninstallers:


          Folders Found:


          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------

          Files found:

          C:\WINDOWS\system32\WLCtrl32.dll
          Folders Found:

          --------------RVAXO.exe finished----------------


          mayb een domme vraag maar uhm die hijackthis log is dat t zelfde als die combifix?
          • Citaat

          Comment

          • #6
            Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
            Dit zal alles van RVAXO doen verwijderen.


            Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:


            Driver::
            Xek38

            File::
            C:\WINDOWS\system32\WLCtrl32.dl_
            C:\WINDOWS\system32\WLCtrl32.dll
            C:\WINDOWS\system32\drivers\Xek38.sys
            C:\WINDOWS\system32\service.sys
            C:\WINDOWS\system32\rooppeer.tmp

            Registry::
            [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3130CBE3-5B72-09F3-531B-5300B7CEDFC0}]
            [-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\kb dtqqj]
            [-HKEY_CLASSES_ROOT\CLSID\{BA4B6A67-38AF-954E-3708-E9E558367CE3}]
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "service.exe"=-
            [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]



            Sla dit op op je Bureaublad als CFScript.txt

            Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



            Dit zal ComboFix doen herstarten.
            Start opnieuw op als daarom gevraagd wordt,
            en post de inhoud van de Combofix.txt in je volgende antwoord.

            Post ook een nieuw logje van Hijackthis
            Last edited by smeenk; 22-02-08, 18:11.
            • Citaat

            Comment

            Vorige template Volgende
            Sorry, you are not authorized to view this page
            Working...
            X