Mededeling

Collapse
No announcement yet.

Poker en viruspop ups

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Poker en viruspop ups

    hallo goedendg ook,

    Nou leukzeg vista,$%$%

    bijna nooit geen last gehad van pop ups en nu om de haverklap

    hitman gebruikt en spysweeper. de laatste vind wel wat maar verwijderd het niet goed denk ik aangezien ze weer terug komen.

    Wil iemand even na ijn loggie kijken om te zien wat er fout kan zijn?

    alvast bedankt!!

    loggie:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:28:22, on 22-4-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16386)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    F:\Program Files\Spyware Doctor\pctsTray.exe
    F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\TOOLS\DAEMON Tools Lite\daemon.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    H:\DOWNLOADS\Nero v.7.9.6.0 NL MultiLanguage\General-CleanTool_2_1_5_17.exe
    C:\Users\Admin\AppData\Local\Temp\RarSFX0\cleantool.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\explorer.exe
    H:\DOWNLOADS\Nero v.7.9.6.0 NL MultiLanguage\Nero-7.9.6.0_all_update.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Admin\AppData\Local\Temp\NER3F8E.tmp\NeroBar.exe
    C:\Users\Admin\AppData\Local\Temp\NER3F8E.tmp\Setupx.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\system32\MsiExec.exe
    C:\Windows\system32\MsiExec.exe
    F:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {10CB5CA0-DFD0-40E3-AD96-85E3ECCB51C3} - C:\Users\Admin\AppData\Local\Temp\efCrpooM.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - f:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ISTray] "f:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [SpySweeper] "F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\TOOLS\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [BM0ba4ae61] Rundll32.exe "C:\Users\Admin\AppData\Local\Temp\owcyjyxj.dll",s
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O13 - Gopher Prefix:
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IEUser Restarter Service (MyIEUserRestarter) - Unknown owner - C:\Windows\system32\Macromed\Download\RestartIEUser.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - F:\SiSoftware Sandra Professional Business XII.SP2\RpcAgentSrv.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - f:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - f:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - f:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 7372 bytes

  • #2
    Onderstaande instructies kan je misschien beter even uitprinten of in kladblok opslaan omdat je in veilige modus moet en dan heb je geen beschikking over internet.

    Download ATF cleaner (mirror)(gemaakt door Atribune)

    Start de computer in veilige modus.

    Zorg dat je browser, in ieder geval Internet Explorer, afgesloten is.

    Rechtsklik Hijackthis.exe en kies voor "Run as administrator"
    Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
    O2 - BHO: (no name) - {10CB5CA0-DFD0-40E3-AD96-85E3ECCB51C3} - C:\Users\Admin\AppData\Local\Temp\efCrpooM.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKCU\..\Run: [BM0ba4ae61] Rundll32.exe "C:\Users\Admin\AppData\Local\Temp\owcyjyxj.dll",s
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop Empty Selected.
    Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

    Herstart de computer in normale modus.

    Start HijackThis opnieuw, maak een nieuwe log en post deze ter controle.

    Groeten smeenk

    Comment


    • #3
      Hoi Smeenk,

      Bedankt alweer voor je tijd en moeite!

      ik heb gedaa wat je zei en hier volgt mijn loggie.

      ik merk nu wel alweer dat er een "veiligheidsagent"zich wil installeren

      loggie:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 13:29:40, on 22-4-2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16386)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Grisoft\AVG7\avgcc.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Windows\RtHDVCpl.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\TOOLS\DAEMON Tools Lite\daemon.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\uTorrent\uTorrent.exe
      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Windows\system32\wbem\unsecapp.exe
      F:\Program Files\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: (no name) - {5E612539-DF1A-4BCE-9028-DA3B68F899CD} - C:\Users\Admin\AppData\Local\Temp\efCrpooM.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
      O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\TOOLS\DAEMON Tools Lite\daemon.exe" -autorun
      O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
      O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
      O13 - Gopher Prefix:
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: IEUser Restarter Service (MyIEUserRestarter) - Unknown owner - C:\Windows\system32\Macromed\Download\RestartIEUser.exe (file missing)
      O23 - Service: NBService - Nero AG - F:\Program Files\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
      O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - F:\SiSoftware Sandra Professional Business XII.SP2\RpcAgentSrv.exe

      --
      End of file - 6265 bytes

      Comment


      • #4
        Probeer in veilige modus dit bestand eens te verwijderen:
        C:\Users\Admin\AppData\Local\Temp\efCrpooM.dll

        Lukt dit niet, rechtsklik het bestand dan eens en kies voor "Naam wijzigen...".
        Verander de naam bijvoorbeeld in: efCrpooM.bak

        Herstart je computer.

        Post na de herstart een nieuw logje van Hijackthis en vertel of er nog problemen zijn

        Comment


        • #5
          Hoi Smeenk,

          Ik heb gezocht maar ik kwam niet verder dan C:\Users\Admin

          de appData map kon ik niet vinden

          ik deed dit via mijn computer/c/ gebruikers/admin

          laterzzz weer

          Comment


          • #6
            Ga naar Start - Uitvoeren en geef daar het volgende in:
            %temp%
            Druk op OK.

            Er opent een map, is dat deze map?: C:\Users\Admin\AppData\Local\Temp
            Dan zou je voorgaande instructies moeten kunnen uitvoeren

            Comment


            • #7
              okiedokie de map gevonden, maar het bestandje wilde niet weg of zijn naam veranderen.

              hij gaf aan dat hij in gebruik was

              wat nu?

              Comment


              • #8
                Download The Avenger en pak het programma uit op je bureaublad.
                Open de map avenger en start het programma door op avenger.exe te dubbelklikken.
                In het venster Input Script here, kopieer en plak je onderstaande dikgedrukte tekst:


                Files to delete:
                C:\Users\Admin\AppData\Local\Temp\efCrpooM.dll


                Klik daarna op de knop Execute.
                The Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
                Na reboot opent een logfile (avenger.txt). Post de inhoud van deze logfile met een nieuw logje van Hijackthis

                Comment


                • #9
                  avenger:

                  Logfile of The Avenger Version 2.0, (c) by Swandog46
                  http://swandog46.geekstogo.com

                  Platform: Windows Vista

                  *******************

                  Script file opened successfully.
                  Script file read successfully.

                  Backups directory opened successfully at C:\Avenger

                  *******************

                  Beginning to process script file:

                  Rootkit scan active.
                  No rootkits found!

                  File "C:\Users\Admin\AppData\Local\Temp\efCrpooM.dll" deleted successfully.

                  Completed script processing.

                  *******************

                  Finished! Terminate.

                  en de hijacklog:

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 15:46:07, on 22-4-2008
                  Platform: Windows Vista (WinNT 6.00.1904)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16386)
                  Boot mode: Normal

                  Running processes:
                  C:\Windows\system32\taskeng.exe
                  C:\Windows\system32\Dwm.exe
                  C:\Windows\Explorer.EXE
                  C:\Windows\system32\conime.exe
                  C:\Windows\system32\NOTEPAD.EXE
                  C:\Program Files\Windows Defender\MSASCui.exe
                  C:\Program Files\Grisoft\AVG7\avgcc.exe
                  C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                  C:\Program Files\iTunes\iTunesHelper.exe
                  C:\Windows\RtHDVCpl.exe
                  C:\Windows\System32\rundll32.exe
                  C:\Windows\ehome\ehtray.exe
                  C:\Program Files\Windows Media Player\wmpnscfg.exe
                  C:\Program Files\TOOLS\DAEMON Tools Lite\daemon.exe
                  C:\Program Files\uTorrent\uTorrent.exe
                  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
                  C:\Windows\System32\rundll32.exe
                  C:\Windows\ehome\ehmsas.exe
                  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
                  C:\Windows\system32\wbem\unsecapp.exe
                  C:\Program Files\Internet Explorer\ieuser.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Windows\system32\SearchFilterHost.exe
                  F:\Program Files\HijackThis\HijackThis.exe

                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                  O1 - Hosts: ::1 localhost
                  O2 - BHO: (no name) - {17AB724A-915A-4D03-993E-29E12D0A318D} - C:\Users\Admin\AppData\Local\Temp\efCrpooM.dll (file missing)
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                  O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                  O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
                  O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
                  O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
                  O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
                  O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
                  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
                  O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                  O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
                  O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\TOOLS\DAEMON Tools Lite\daemon.exe" -autorun
                  O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
                  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                  O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                  O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
                  O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                  O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
                  O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
                  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
                  O13 - Gopher Prefix:
                  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
                  O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
                  O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                  O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                  O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                  O23 - Service: IEUser Restarter Service (MyIEUserRestarter) - Unknown owner - C:\Windows\system32\Macromed\Download\RestartIEUser.exe (file missing)
                  O23 - Service: NBService - Nero AG - F:\Program Files\Nero 7\Nero BackItUp\NBService.exe
                  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
                  O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
                  O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - F:\SiSoftware Sandra Professional Business XII.SP2\RpcAgentSrv.exe

                  --
                  End of file - 6483 bytes

                  Comment


                  • #10
                    Mooi zo

                    Verwijder deze regel met Hijackhis:
                    O2 - BHO: (no name) - {17AB724A-915A-4D03-993E-29E12D0A318D} - C:\Users\Admin\AppData\Local\Temp\efCrpooM.dll (file missing)

                    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                    Kijk hier hoe je je systeemherstel moet uitschakelen.
                    Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                    Zijn alle problemen nu voorbij?

                    Comment


                    • #11
                      Nou Smeenk,

                      Tot nu toe nog geen ^$4 mevrouw gezien van partypoker

                      dus ik neem ff aan dat het goed zit. nou je bent weer van harte bedankt. kan ik eindelijk eens van mijn neuwe comp genieten.

                      echt TOF in hoofletters dat je me geholpen hebt!!!!!

                      hiet de laatste log:

                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 16:01:08, on 22-4-2008
                      Platform: Windows Vista (WinNT 6.00.1904)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16386)
                      Boot mode: Normal

                      Running processes:
                      C:\Windows\system32\Dwm.exe
                      C:\Windows\Explorer.EXE
                      C:\Windows\system32\taskeng.exe
                      C:\Program Files\Windows Defender\MSASCui.exe
                      C:\Program Files\Grisoft\AVG7\avgcc.exe
                      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                      C:\Program Files\iTunes\iTunesHelper.exe
                      C:\Windows\RtHDVCpl.exe
                      C:\Windows\System32\rundll32.exe
                      C:\Windows\ehome\ehtray.exe
                      C:\Program Files\Windows Media Player\wmpnscfg.exe
                      C:\Program Files\TOOLS\DAEMON Tools Lite\daemon.exe
                      C:\Windows\ehome\ehmsas.exe
                      C:\Program Files\uTorrent\uTorrent.exe
                      C:\Windows\System32\rundll32.exe
                      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
                      C:\Windows\system32\rundll32.exe
                      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
                      C:\Windows\System32\rundll32.exe
                      C:\Windows\system32\wbem\unsecapp.exe
                      C:\Program Files\Internet Explorer\ieuser.exe
                      C:\Program Files\Internet Explorer\iexplore.exe
                      C:\Windows\system32\SearchFilterHost.exe
                      F:\Program Files\HijackThis\HijackThis.exe

                      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                      O1 - Hosts: ::1 localhost
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                      O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
                      O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
                      O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
                      O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
                      O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
                      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
                      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                      O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
                      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\TOOLS\DAEMON Tools Lite\daemon.exe" -autorun
                      O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
                      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
                      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                      O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
                      O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
                      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
                      O13 - Gopher Prefix:
                      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
                      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
                      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                      O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                      O23 - Service: IEUser Restarter Service (MyIEUserRestarter) - Unknown owner - C:\Windows\system32\Macromed\Download\RestartIEUser.exe (file missing)
                      O23 - Service: NBService - Nero AG - F:\Program Files\Nero 7\Nero BackItUp\NBService.exe
                      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
                      O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
                      O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - F:\SiSoftware Sandra Professional Business XII.SP2\RpcAgentSrv.exe

                      --
                      End of file - 6360 bytes


                      ouwdoe he

                      Comment


                      • #12
                        Graag gedaan hoor

                        Logje ziet er weer prima uit

                        Comment


                        • #13
                          hoi ben ik weer %$^56

                          weer hetzelfde x factor 10

                          14 antivir meldingen open staan terwijl ik dit typ

                          ook weer advies om een of antivirus dokter te grbuiken enzo

                          hier mijn log:

                          Logfile of Trend Micro HijackThis v2.0.2
                          Scan saved at 15:46:44, on 24-4-2008
                          Platform: Windows Vista (WinNT 6.00.1904)
                          MSIE: Internet Explorer v7.00 (7.00.6000.16386)
                          Boot mode: Normal

                          Running processes:
                          C:\Windows\system32\Dwm.exe
                          C:\Windows\system32\taskeng.exe
                          C:\Windows\Explorer.EXE
                          C:\Program Files\Windows Defender\MSASCui.exe
                          C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                          C:\Windows\RtHDVCpl.exe
                          C:\Windows\System32\rundll32.exe
                          C:\Windows\System32\rundll32.exe
                          F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
                          C:\Windows\ehome\ehtray.exe
                          C:\Program Files\Windows Media Player\wmpnscfg.exe
                          C:\Program Files\TOOLS\DAEMON Tools Lite\daemon.exe
                          C:\Program Files\uTorrent\uTorrent.exe
                          C:\Windows\System32\rundll32.exe
                          C:\Windows\System32\rundll32.exe
                          C:\Windows\ehome\ehmsas.exe
                          C:\Windows\system32\wbem\unsecapp.exe
                          C:\Windows\system32\rundll32.exe
                          C:\Windows\System32\rundll32.exe
                          F:\Program Files\hijack\HijackThis.exe
                          C:\Windows\system32\wuauclt.exe
                          F:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
                          F:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
                          F:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
                          F:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
                          F:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
                          F:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE

                          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                          O1 - Hosts: ::1 localhost
                          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                          O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                          O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
                          O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
                          O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
                          O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
                          O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
                          O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\wvUoPFyw.dll,#1
                          O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
                          O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                          O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
                          O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\TOOLS\DAEMON Tools Lite\daemon.exe" -autorun
                          O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
                          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                          O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Admin\AppData\Local\Temp\awtQHaAP.dll,c
                          O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Admin\AppData\Local\Temp\opnnopom.dll,#1
                          O4 - HKCU\..\Run: [BM0ba4ae61] Rundll32.exe "C:\Users\Admin\AppData\Local\Temp\ixqucgld.dll",s
                          O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                          O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                          O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                          O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
                          O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
                          O13 - Gopher Prefix:
                          O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
                          O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
                          O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
                          O23 - Service: IEUser Restarter Service (MyIEUserRestarter) - Unknown owner - C:\Windows\system32\Macromed\Download\RestartIEUser.exe (file missing)
                          O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
                          O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

                          --
                          End of file - 5624 bytes

                          Comment


                          • #14
                            Hoe is dat nu mogelijk

                            Open de map avenger en start het programma door op avenger.exe te dubbelklikken.
                            In het venster Input Script here, kopieer en plak je onderstaande dikgedrukte tekst:


                            Files to delete:
                            C:\Users\Admin\AppData\Local\Temp\awtQHaAP.dll
                            C:\Users\Admin\AppData\Local\Temp\opnnopom.dll
                            C:\Users\Admin\AppData\Local\Temp\ixqucgld.dll


                            Klik daarna op de knop Execute.
                            The Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
                            Na reboot opent een logfile (avenger.txt). Post de inhoud van deze logfile met een nieuw logje van Hijackthis

                            Comment


                            • #15
                              He Smeenk,

                              Benik weer.

                              tsjah ik snapper er ook nks van. ik heb een firewall, een viruscanner ik kom niet op cracks sites of what so ever....

                              nou hier de log van avenger

                              Logfile of The Avenger Version 2.0, (c) by Swandog46
                              http://swandog46.geekstogo.com

                              Platform: Windows Vista

                              *******************

                              Script file opened successfully.
                              Script file read successfully.

                              Backups directory opened successfully at C:\Avenger

                              *******************

                              Beginning to process script file:

                              Rootkit scan active.
                              No rootkits found!


                              Error: file "C:\Users\Admin\AppData\Local\Temp\awtQHaAP.dll" not found!
                              Deletion of file "C:\Users\Admin\AppData\Local\Temp\awtQHaAP.dll" failed!
                              Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
                              --> the object does not exist

                              File "C:\Users\Admin\AppData\Local\Temp\opnnopom.dll" deleted successfully.

                              Error: file "C:\Users\Admin\AppData\Local\Temp\ixqucgld.dll" not found!
                              Deletion of file "C:\Users\Admin\AppData\Local\Temp\ixqucgld.dll" failed!
                              Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
                              --> the object does not exist


                              Completed script processing.

                              *******************

                              Finished! Terminate.


                              en hier de hijack

                              Logfile of Trend Micro HijackThis v2.0.2
                              Scan saved at 23:33:52, on 24-4-2008
                              Platform: Windows Vista (WinNT 6.00.1904)
                              MSIE: Internet Explorer v7.00 (7.00.6000.16386)
                              Boot mode: Normal

                              Running processes:
                              C:\Windows\system32\Dwm.exe
                              C:\Windows\Explorer.EXE
                              C:\Windows\system32\taskeng.exe
                              C:\Windows\system32\conime.exe
                              C:\Windows\system32\NOTEPAD.EXE
                              C:\Program Files\Windows Defender\MSASCui.exe
                              C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                              C:\Windows\RtHDVCpl.exe
                              C:\Windows\System32\rundll32.exe
                              C:\Windows\System32\rundll32.exe
                              F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
                              C:\Windows\ehome\ehtray.exe
                              C:\Program Files\Windows Media Player\wmpnscfg.exe
                              C:\Windows\ehome\ehmsas.exe
                              C:\Program Files\TOOLS\DAEMON Tools Lite\daemon.exe
                              C:\Program Files\uTorrent\uTorrent.exe
                              C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
                              C:\Windows\system32\wbem\unsecapp.exe
                              C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
                              C:\Program Files\Internet Explorer\ieuser.exe
                              C:\Program Files\Internet Explorer\iexplore.exe
                              C:\Windows\system32\wuauclt.exe
                              F:\Program Files\hijack\HijackThis.exe

                              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                              R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                              R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                              O1 - Hosts: ::1 localhost
                              O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - f:\PROGRA~1\SPYBOT~1\SDHelper.dll
                              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                              O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                              O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
                              O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
                              O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
                              O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
                              O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
                              O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\wvUoPFyw.dll,#1
                              O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
                              O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
                              O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                              O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
                              O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\TOOLS\DAEMON Tools Lite\daemon.exe" -autorun
                              O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
                              O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                              O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Admin\AppData\Local\Temp\hgGayxyv.dll,#1
                              O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                              O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                              O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                              O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                              O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
                              O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
                              O13 - Gopher Prefix:
                              O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
                              O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
                              O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
                              O23 - Service: IEUser Restarter Service (MyIEUserRestarter) - Unknown owner - C:\Windows\system32\Macromed\Download\RestartIEUser.exe (file missing)
                              O23 - Service: NBService - Nero AG - F:\Nero 7\Nero BackItUp\NBService.exe
                              O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
                              O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
                              O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - f:\Program Files\Spyware Doctor\pctsAuxs.exe
                              O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - f:\Program Files\Spyware Doctor\pctsSvc.exe

                              --
                              End of file - 5727 bytes


                              tot strakkies weer

                              oh ja, ook weer heel hitman ervover laten gaan, wel wat weggehaald, maar ik post dit net of ik had weer 3 antivir meldingen

                              waarom doen mensen dit? van die $%563 dingen maken?? bah bah en nog eens bah!!!

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X