Mededeling

Collapse
No announcement yet.

Virus : Configuratie scherm niet toegankelijk

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Virus : Configuratie scherm niet toegankelijk

    Beste Forumleden van Nucia.nl

    Ik zou graag van de aanwezige kennis gebruik willen maken.

    Ik kamp al een hele tijd met een probleem waar ik de oplossing maar niet van kan vinden.

    Steeds als ik configuratie scherm of Eigenschappen op het bureau blad op wil roepen, Krijg ik de volgende melding:

    ---------------------------
    "Beperkingen"

    De bewerking is geannuleerd vanwege op uw systeem geldende beperkingen. Neem contact op met de systeem beheerder.
    ---------------------------

    Ook vraagt hij het wachtwoord van de Admin als ik Windows XP tracht opnieuw te installeren.
    Hele scala van mijn wachtwoorden geprobeerd alleen helpt dit voor geen meter.

    Ik ben zelf de beheerder van de laptop. Ik had al gezien dat meerdere mensen last hadden hiervan.
    Kunt u mij uitleggen wat ik moet doen?
    Labels: Geen
    • Citaat
  • #2
    Probeer dit:
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
    • Citaat

    Comment

    • #3
      Logfile RVAXO.

      ---RVAXO.exe Updated: 2008-02-29---first run---
      Uninstallers:
      SpySheriff uninstaller found

      Files found:
      C:\WINDOWS\Temp\win54F6.tmp.exe
      C:\WINDOWS\Temp\win556D.tmp.exe
      C:\WINDOWS\Temp\win556E.tmp.exe
      C:\WINDOWS\Temp\win556F.tmp.exe
      C:\WINDOWS\Temp\win5571.tmp.exe
      C:\WINDOWS\Temp\win61B6.tmp.exe
      C:\WINDOWS\Free Online Dating.ico
      C:\WINDOWS\Casino.ico
      C:\WINDOWS\Spyware Remover.ico
      C:\WINDOWS\system32\wowfx.dll
      C:\Install
      C:\WINDOWS\system32\actskn45.ocx

      Folders Found:
      C:\Program Files\MalwareAlarm
      C:\Program Files\SpySheriff
      C:\Program Files\outlook
      C:\Program Files\Outerinfo

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------




      Logfile Combo fix:

      ComboFix 08-02-25.3 - Martijn 2008-02-29 18:57:40.1 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.274 [GMT 1:00]
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .
      Rootkit driver pe386 is aanwezig. ...pogig tot desinfectie
      pe386 ...... driver succesvol uitgeschakeld.
      ADS - system32: deleted 54046 bytes in 1 streams.

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\Martijn\Application Data\ASEMBL~1
      C:\Documents and Settings\Martijn\Application Data\DOBE~1
      C:\Documents and Settings\Martijn\Application Data\Install.dat
      C:\Documents and Settings\Martijn\Application Data\SCURIT~1
      C:\Documents and Settings\Martijn\Application Data\SSEMBL~1
      C:\Documents and Settings\Martijn\Application Data\YMANTE~1
      C:\Documents and Settings\Martijn\Bureaublad\Find Spyware Remover.lnk
      C:\Documents and Settings\Martijn\Bureaublad\Free Online Dating.lnk
      C:\Documents and Settings\Martijn\Bureaublad\Go to Casino.lnk
      C:\Documents and Settings\Martijn\Menu Start\Programma's\Outerinfo
      C:\Documents and Settings\Martijn\Menu Start\Programma's\Outerinfo\Terms.lnk
      C:\Documents and Settings\Martijn\Mijn documenten\CROSOF~1
      C:\Documents and Settings\Martijn\Mijn documenten\FNTS~1
      C:\Documents and Settings\Martijn\Mijn documenten\ICROSO~1.NET
      C:\Program Files\asks~1
      C:\Program Files\Common Files\curity~1
      C:\Program Files\Common Files\mcroso~1
      C:\Program Files\Common Files\racle~1
      C:\WINDOWS\icroso~1
      C:\WINDOWS\icroso~1.net
      C:\WINDOWS\mcroso~1.net
      C:\WINDOWS\stem~1
      C:\WINDOWS\system32\crosof~1
      C:\WINDOWS\system32\racle~1
      C:\WINDOWS\system32\racle~2
      C:\WINDOWS\system32\sstem~1
      C:\WINDOWS\system32\wnsintsv.exe
      C:\WINDOWS\system32\wnsintsv32.exe
      C:\WINDOWS\system32\wnsxs~1
      C:\WINDOWS\tsks~1
      C:\WINDOWS\wnsxs~1

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-28 to 2008-02-29 ))))))))))))))))))))))))))))))
      .

      2008-02-29 18:55 . 2008-02-29 18:55 268 --ah----- C:\sqmdata00.sqm
      2008-02-29 18:55 . 2008-02-29 18:55 244 --ah----- C:\sqmnoopt00.sqm
      2008-02-29 18:45 . 2008-02-29 18:45 <DIR> d-------- C:\RVAXO
      2008-02-29 18:43 . 2008-02-29 19:15 714,616 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-02-29 18:43 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2008-02-29 15:42 . 2008-02-29 15:42 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
      2008-02-29 15:42 . 2008-02-29 15:42 74,376 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
      2008-02-29 15:42 . 2008-02-29 15:42 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
      2008-02-29 15:42 . 2008-02-29 15:42 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
      2008-02-29 15:41 . 2008-02-29 15:41 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
      2008-02-29 15:41 . 2008-02-29 15:41 <DIR> d-------- C:\Program Files\AVG
      2008-02-29 15:41 . 2008-02-29 15:41 <DIR> d-------- C:\Documents and Settings\Martijn\Application Data\AVGTOOLBAR
      2008-02-29 15:40 . 2008-02-29 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
      2008-02-27 17:56 . 2004-08-04 13:00 450,794 -ra------ C:\txtsetup.sif
      2008-02-26 21:35 . 2008-02-26 21:39 1,887 --a------ C:\WINDOWS\diagwrn.xml
      2008-02-26 21:35 . 2008-02-26 21:39 1,887 --a------ C:\WINDOWS\diagerr.xml
      2008-02-26 21:33 . 2008-02-26 21:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
      2008-02-26 21:32 . 2008-02-26 21:32 0 --a------ C:\WINDOWS\gc_408.tmp
      2008-02-26 21:31 . 2000-01-01 22:14 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
      2008-02-26 21:31 . 2000-01-01 22:27 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
      2008-02-26 21:31 . 2000-01-01 22:14 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
      2008-02-26 21:31 . 2000-01-01 22:27 <DIR> dr------- C:\Documents and Settings\Administrator\Mijn documenten
      2008-02-26 21:31 . 2000-01-01 22:14 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
      2008-02-26 21:31 . 2000-01-01 22:27 <DIR> dr------- C:\Documents and Settings\Administrator\Favorieten
      2008-02-26 21:31 . 2008-02-29 18:42 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-29 14:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{459BA04E-1CAF-1F57-F04F-1AE34DEBAABE}]

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
      2008-02-29 15:41 2041600 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC1B201D-9DF4-C25F-F6DA-C3DECEB30EB1}]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      {A057A204-BACC-4D26-9990-79A187E2698E}

      [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
      [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
      "RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-06-27 11:35 139264]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 17:06 68856]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ATIModeChange"="Ati2mdxx.exe" [2001-09-05 02:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-22 21:10 335872]
      "CHotkey"="mHotkey.exe" [2001-12-26 14:12 472576 C:\WINDOWS\mHotkey.exe]
      "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-10-10 19:14 98304]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-10-10 19:14 503808]
      "SbUsb AudCtrl"="sbusbdll.dll" [2003-08-06 06:33 68608 C:\WINDOWS\system32\sbusbdll.dll]
      "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
      "CTDVDDet"="C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE" [2003-06-18 01:00 45056]
      "CTSysVol"="C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe" [2003-07-09 14:36 57344]
      "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
      "Anti-Blaxx Manager"="C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe" [2005-04-13 23:32 217088]
      "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]
      "ChelloDesktop"="C:\Program Files\chello\ChelloDesktop.exe" [2002-05-29 12:24 151552]
      "BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-12-13 14:01 6670008]
      "Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 14:31 1122304]
      "Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 14:14 497152]
      "UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 21:27 304640]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
      "SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
      "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-02-29 15:41 1171712]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
      Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-04 19:10:27 124912]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwpy32]
      winwpy32.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=avgrsstx.dll

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]
      backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Pinnacle Scheduler.lnk]
      backup=C:\WINDOWS\pss\Pinnacle Scheduler.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      -ra------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\BearShare\\BearShare.exe"=
      "C:\\WINDOWS\\explorer.exe"=
      "C:\\Program Files\\Azureus\\Azureus.exe"=
      "C:\\Program Files\\LimeWire\\LimeWire.exe"=
      "D:\\Unreal Anthology\\UT2004\\System\\UT2004.exe"=
      "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
      "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
      "D:\\delta\\dfx.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "%windir%\\system32\\winav.exe"=
      "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
      "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
      "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

      R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-02-29 15:42]
      R0 d347rt;d347rt;C:\WINDOWS\system32\Drivers\d347rt.sys [2004-08-22 15:31]
      R0 d347us;d347us;C:\WINDOWS\system32\DRIVERS\d347us.sys [2004-08-22 15:31]
      R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
      R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-02-29 15:42]
      R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 17:06]
      R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-02-29 15:41]
      R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-02-29 15:41]
      R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-02-29 15:42]
      R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 21:22]
      R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 11:10]
      R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 21:23]
      S3 Am772;AMD Alchemy(tm) Solutions Wireless 802.11 Adapter;C:\WINDOWS\system32\DRIVERS\Am772.sys [2003-10-27 04:49]
      S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys [2001-08-17 22:04]
      S3 efipsk;efipsk;C:\DOCUME~1\Martijn\LOCALS~1\Temp\efipsk.sys [2000-10-11 05:56]
      S3 HDJCtrl;Hercules DJ Control MP3 Service;C:\WINDOWS\system32\Drivers\HDJCtrl.sys [2005-07-29 14:06]
      S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2005-08-15 10:43]
      S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2003-09-15 03:42]

      .
      Inhoud van de 'Gedeelde Taken' map
      "2007-10-16 01:00:02 C:\WINDOWS\Tasks\XoftSpySE.job"
      - C:\Program Files\XoftSpySE\XoftSpy.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-29 19:01:31
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\CTsvcCDA.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\PROGRA~1\AVG\AVG8\avgam.exe
      C:\PROGRA~1\AVG\AVG8\avgrsx.exe
      C:\PROGRA~1\AVG\AVG8\avgnsx.exe
      C:\WINDOWS\slrundll.exe
      C:\WINDOWS\system32\wscntfy.exe
      .
      **************************************************************************
      .
      Voltooingstijd: 2008-02-29 19:02:15 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-02-29 18:02:06
      Last edited by Martijn1984; 29-02-08, 19:04.
      • Citaat

      Comment

      • #4
        Ik heb nu beide uitgevoerd,

        Zie bovenstaande logfiles,

        Na de uitvoer zie ik geen pictogrammen meer op mijn Bureaublad.

        Moet ik mijn laptop opnieuw opstarten, of is andere actie noodzakelijk?

        Alvast bedankt voor de geboden hulp.
        Last edited by Martijn1984; 29-02-08, 19:10.
        • Citaat

        Comment

        • #5
          Herstart je computer, draai combofix nog een keer.
          Post nadien het nieuwe logje dat je krijgt.

          Post ook een logje van Hijackthis en vertel welke problemen er nog zijn
          • Citaat

          Comment

          • #6
            Combofix Logfile:

            ComboFix 08-02-25.3 - Martijn 2008-02-29 19:21:30.2 - NTFSx86
            Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.214 [GMT 1:00]
            Gestart vanuit: C:\Documents and Settings\Martijn\Bureaublad\ComboFix.exe

            WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
            .

            (((((((((((((((((((( Bestanden Gemaakt van 2008-01-28 to 2008-02-29 ))))))))))))))))))))))))))))))
            .

            2008-02-29 18:55 . 2008-02-29 18:55 268 --ah----- C:\sqmdata00.sqm
            2008-02-29 18:55 . 2008-02-29 18:55 244 --ah----- C:\sqmnoopt00.sqm
            2008-02-29 18:45 . 2008-02-29 18:45 <DIR> d-------- C:\RVAXO
            2008-02-29 18:43 . 2008-02-29 19:15 714,616 --a------ C:\WINDOWS\system32\RVAXO.bat
            2008-02-29 18:43 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
            2008-02-29 15:42 . 2008-02-29 15:42 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
            2008-02-29 15:42 . 2008-02-29 15:42 74,376 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
            2008-02-29 15:42 . 2008-02-29 15:42 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
            2008-02-29 15:42 . 2008-02-29 15:42 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
            2008-02-29 15:41 . 2008-02-29 15:41 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
            2008-02-29 15:41 . 2008-02-29 15:41 <DIR> d-------- C:\Program Files\AVG
            2008-02-29 15:41 . 2008-02-29 15:41 <DIR> d-------- C:\Documents and Settings\Martijn\Application Data\AVGTOOLBAR
            2008-02-29 15:40 . 2008-02-29 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
            2008-02-27 17:56 . 2004-08-04 13:00 450,794 -ra------ C:\txtsetup.sif
            2008-02-26 21:35 . 2008-02-26 21:39 1,887 --a------ C:\WINDOWS\diagwrn.xml
            2008-02-26 21:35 . 2008-02-26 21:39 1,887 --a------ C:\WINDOWS\diagerr.xml
            2008-02-26 21:33 . 2008-02-26 21:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
            2008-02-26 21:32 . 2008-02-26 21:32 0 --a------ C:\WINDOWS\gc_408.tmp
            2008-02-26 21:31 . 2000-01-01 22:14 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
            2008-02-26 21:31 . 2000-01-01 22:27 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
            2008-02-26 21:31 . 2000-01-01 22:14 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
            2008-02-26 21:31 . 2000-01-01 22:27 <DIR> dr------- C:\Documents and Settings\Administrator\Mijn documenten
            2008-02-26 21:31 . 2000-01-01 22:14 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
            2008-02-26 21:31 . 2000-01-01 22:27 <DIR> dr------- C:\Documents and Settings\Administrator\Favorieten
            2008-02-26 21:31 . 2008-02-29 18:42 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2008-02-29 14:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
            .

            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{459BA04E-1CAF-1F57-F04F-1AE34DEBAABE}]

            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
            2008-02-29 15:41 2041600 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC1B201D-9DF4-C25F-F6DA-C3DECEB30EB1}]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
            {A057A204-BACC-4D26-9990-79A187E2698E}

            [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
            [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
            "RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-06-27 11:35 139264]
            "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
            "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 17:06 68856]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "ATIModeChange"="Ati2mdxx.exe" [2001-09-05 02:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
            "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-22 21:10 335872]
            "CHotkey"="mHotkey.exe" [2001-12-26 14:12 472576 C:\WINDOWS\mHotkey.exe]
            "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-10-10 19:14 98304]
            "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-10-10 19:14 503808]
            "SbUsb AudCtrl"="sbusbdll.dll" [2003-08-06 06:33 68608 C:\WINDOWS\system32\sbusbdll.dll]
            "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
            "CTDVDDet"="C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE" [2003-06-18 01:00 45056]
            "CTSysVol"="C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe" [2003-07-09 14:36 57344]
            "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
            "Anti-Blaxx Manager"="C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe" [2005-04-13 23:32 217088]
            "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]
            "ChelloDesktop"="C:\Program Files\chello\ChelloDesktop.exe" [2002-05-29 12:24 151552]
            "BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-12-13 14:01 6670008]
            "Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 14:31 1122304]
            "Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 14:14 497152]
            "UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 21:27 304640]
            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
            "SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
            "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-02-29 15:41 1171712]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

            C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
            Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
            Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-04 19:10:27 124912]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwpy32]
            winwpy32.dll

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
            "AppInit_DLLs"=avgrsstx.dll

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]
            backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Pinnacle Scheduler.lnk]
            backup=C:\WINDOWS\pss\Pinnacle Scheduler.lnkCommon Startup

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
            -ra------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
            "%windir%\\system32\\sessmgr.exe"=
            "C:\\Program Files\\Messenger\\msmsgs.exe"=
            "C:\\Program Files\\BearShare\\BearShare.exe"=
            "C:\\WINDOWS\\explorer.exe"=
            "C:\\Program Files\\Azureus\\Azureus.exe"=
            "C:\\Program Files\\LimeWire\\LimeWire.exe"=
            "D:\\Unreal Anthology\\UT2004\\System\\UT2004.exe"=
            "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
            "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
            "D:\\delta\\dfx.exe"=
            "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
            "C:\\Program Files\\MSN Messenger\\livecall.exe"=
            "%windir%\\system32\\winav.exe"=
            "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
            "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
            "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

            R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-02-29 15:42]
            R0 d347rt;d347rt;C:\WINDOWS\system32\Drivers\d347rt.sys [2004-08-22 15:31]
            R0 d347us;d347us;C:\WINDOWS\system32\DRIVERS\d347us.sys [2004-08-22 15:31]
            R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
            R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-02-29 15:42]
            R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 17:06]
            R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-02-29 15:41]
            R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-02-29 15:41]
            R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-02-29 15:42]
            R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 21:22]
            R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 11:10]
            R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 21:23]
            S3 Am772;AMD Alchemy(tm) Solutions Wireless 802.11 Adapter;C:\WINDOWS\system32\DRIVERS\Am772.sys [2003-10-27 04:49]
            S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys [2001-08-17 22:04]
            S3 efipsk;efipsk;C:\DOCUME~1\Martijn\LOCALS~1\Temp\efipsk.sys
            S3 HDJCtrl;Hercules DJ Control MP3 Service;C:\WINDOWS\system32\Drivers\HDJCtrl.sys [2005-07-29 14:06]
            S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2005-08-15 10:43]
            S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2003-09-15 03:42]

            .
            Inhoud van de 'Gedeelde Taken' map
            "2007-10-16 01:00:02 C:\WINDOWS\Tasks\XoftSpySE.job"
            - C:\Program Files\XoftSpySE\XoftSpy.exe
            .
            **************************************************************************

            catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2008-02-29 19:23:54
            Windows 5.1.2600 Service Pack 2 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            Voltooingstijd: 2008-02-29 19:24:31
            ComboFix-quarantined-files.txt 2008-02-29 18:24:27
            ComboFix2.txt 2008-02-29 18:02:17




            Hijack this log file



            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 19:26:09, on 29-2-2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
            C:\WINDOWS\system32\CTsvcCDA.exe
            C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            C:\WINDOWS\system32\HPZipm12.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\MsPMSPSv.exe
            C:\PROGRA~1\AVG\AVG8\avgam.exe
            C:\PROGRA~1\AVG\AVG8\avgrsx.exe
            C:\PROGRA~1\AVG\AVG8\avgnsx.exe
            C:\PROGRA~1\AVG\AVG8\avgemc.exe
            C:\WINDOWS\system32\wscntfy.exe
            C:\WINDOWS\slrundll.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
            C:\WINDOWS\mHotkey.exe
            C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
            C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
            C:\WINDOWS\system32\RunDll32.exe
            C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
            C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe
            C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
            C:\Program Files\D-Tools\daemon.exe
            C:\Program Files\Logitech\G-series Software\LGDCore.exe
            C:\Program Files\Logitech\G-series Software\LCDMon.exe
            C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
            C:\WINDOWS\SOUNDMAN.EXE
            C:\PROGRA~1\AVG\AVG8\avgtray.exe
            C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
            C:\WINDOWS\system32\msiexec.exe
            C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
            C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
            C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
            C:\Program Files\MSN Messenger\MsnMsgr.Exe
            C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
            C:\Program Files\Google\Google Updater\GoogleUpdater.exe
            C:\WINDOWS\explorer.exe
            C:\Program Files\WinRAR\WinRAR.exe
            C:\DOCUME~1\Martijn\LOCALS~1\Temp\Rar$EX00.573\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.nld.chello.nl/ssi/welcome/welcome.php?url=home&src=ie
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.brabant.chello.nl:8080
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
            O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
            O2 - BHO: (no name) - {459BA04E-1CAF-1F57-F04F-1AE34DEBAABE} - (no file)
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
            O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
            O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
            O2 - BHO: (no name) - {EC1B201D-9DF4-C25F-F6DA-C3DECEB30EB1} - (no file)
            O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
            O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
            O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
            O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
            O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
            O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
            O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
            O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
            O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
            O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
            O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
            O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
            O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
            O4 - HKLM\..\Run: [ChelloDesktop] C:\Program Files\chello\ChelloDesktop.exe
            O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
            O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
            O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
            O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
            O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
            O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
            O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
            O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
            O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
            O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
            O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
            O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
            O14 - IERESET.INF: START_PAGE_URL=http://home.nld.chello.nl/ssi/welcome/welcome.php?url=home&src=ie
            O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
            O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
            O20 - AppInit_DLLs: avgrsstx.dll
            O20 - Winlogon Notify: winwpy32 - winwpy32.dll (file missing)
            O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
            O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
            O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
            O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - (no file)
            O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
            O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
            O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

            --
            End of file - 8583 bytes
            • Citaat

            Comment

            • #7
              Mijn problemen met het niet toegankelijk zijn lijken opgelost!

              Is er verder nog iets wat ik moet doen?

              In ieder geval wil ik U heel erg bedanken voor de geboden hulp.

              Ik had bijna mijn laptop naar de stort gebracht!

              Nogmaals heeeel erg bedankt.
              • Citaat

              Comment

              • #8
                Open een kladblokbestand.
                Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                @ECHO OFF
                sc delete efipsk
                IF EXIST log.txt DEL log.txt
                ECHO Deleting files>>log.txt
                FOR %%g in (
                C:\txtsetup.sif
                C:\WINDOWS\diagwrn.xml
                C:\WINDOWS\diagerr.xml
                C:\WINDOWS\gc_408.tmp) DO (
                IF EXIST %%g (
                ATTRIB -r -s -h %%g
                DEL %%g
                IF EXIST %%g (
                ECHO %%g not deleted>>log.txt
                ) ELSE (
                ECHO %%g deleted>>log.txt)
                ) ELSE (
                ECHO %%g not found>>log.txt))
                START NOTEPAD.EXE log.txt

                Ga naar Bestand - Opslaan als.
                Bij "Opslaan in" kies je: Bureaublad
                Bij "Bestandsnaam" zet je: del.bat
                Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                Klik op de knop Opslaan.

                Dubbelklik op del.bat en post de inhoud van de logfile die opent.


                Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
                Dit zal alles van RVAXO doen verwijderen.

                Je Java software is verouderd.
                Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                • Download Java Runtime Environment (JRE) 6u4 en bewaar het naar je Bureaublad.
                • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                • Herhaal dit tot alle oudere versies verdwenen zijn.
                • Na het verwijderen van alle oudere versies, herstart je pc.
                • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Ga naar Start - Uitvoeren en geef hier het volgende in:
                Combofix /U
                Druk daarna op OK.
                Let op: Er moet een spatie tussen Combofix en /U zitten.

                Dit zal Combofix deïnstalleren.

                Post als laatste nog een nieuw logje van Hijackthis ter controle
                • Citaat

                Comment

                Vorige template Volgende
                Sorry, you are not authorized to view this page
                Working...
                X