Mededeling

Collapse
No announcement yet.

Ongevraagde webpagina`s

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Ongevraagde webpagina`s

    Hallo allemaal,
    Krijg constant ongevraagde webpagina`s voor ogen.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:25:24, on 25-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\windows\system32\jownw64o.exe
    C:\WINDOWS\mrofinu1000106.exe
    C:\Documents and Settings\Compaq_Eigenaar\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\JavaCore\JavaCore.exe
    C:\Documents and Settings\Compaq_Eigenaar\Application Data\WinTouch\WinTouch.exe
    C:\Documents and Settings\Compaq_Eigenaar\Application Data\Microsoft\Windows\rayiou.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\system32\mcntpkdn.exe
    C:\Program Files\Casema SnelHelp\bin\mpbtn.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q105&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [{9E-E1-1A-A7-DW}] C:\windows\system32\jownw64o.exe DWram
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntpkdn.exe DWram
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A1580 6F97BDE4417E6FD967002BA754E2C2832213329D26033AAC
    O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Compaq_Eigenaar\svchost.exe
    O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{5dabfb11-436a-42ea-af51-6f9b55472cd4}.dll" DllInit
    O4 - HKLM\..\Run: [BMaf8ad294] Rundll32.exe "C:\WINDOWS\system32\nsamqnma.dll",s
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\RunOnce: [AskSBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
    O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Compaq_Eigenaar\Application Data\WinTouch\WinTouch.exe
    O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Compaq_Eigenaar\Application Data\Microsoft\Windows\rayiou.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntpkdn.exe
    O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jownw64o.exe
    O4 - Global Startup: Casema SnelHelp.lnk = C:\Program Files\Casema SnelHelp\bin\matcli.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180184558953
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    --
    End of file - 8333 bytes

    Alvast bedankt
    Labels: Geen
    • Citaat
  • #2
    Start Hijackthis en vink alleen de volgende regels aan:
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [{9E-E1-1A-A7-DW}] C:\windows\system32\jownw64o.exe DWram
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntpkdn.exe DWram
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A1580 6F97BDE4417E6FD967002BA754E2C2832213329D26033AAC
    O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Compaq_Eigenaar\svchost.exe
    O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{5dabfb11-436a-42ea-af51-6f9b55472cd4}.dll" DllInit
    O4 - HKLM\..\Run: [BMaf8ad294] Rundll32.exe "C:\WINDOWS\system32\nsamqnma.dll",s
    O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
    O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Compaq_Eigenaar\Application Data\WinTouch\WinTouch.exe
    O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Compaq_Eigenaar\Application Data\Microsoft\Windows\rayiou.exe
    O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntpkdn.exe
    O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jownw64o.exe
    Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".


    Download VirtumundoBegone (mirror)
    Sla dit op op je bureaublad.

    Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)
    • Citaat

    Comment

    • #3
      [04/26/2008, 10:54:05] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\VirtumundoBeGone.exe" )
      [04/26/2008, 10:54:08] - Detected System Information:
      [04/26/2008, 10:54:08] - Windows Version: 5.1.2600, Service Pack 2
      [04/26/2008, 10:54:08] - Current Username: Compaq_Eigenaar (Admin)
      [04/26/2008, 10:54:08] - Windows is in NORMAL mode.
      [04/26/2008, 10:54:08] - Searching for Browser Helper Objects:
      [04/26/2008, 10:54:08] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
      [04/26/2008, 10:54:08] - BHO 2: {6156A32A-C512-4e23-AA9A-2315F4265681} (Search Assistant MySidesearch)
      [04/26/2008, 10:54:08] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [04/26/2008, 10:54:08] - BHO 4: {a29b0a43-0249-c33c-9679-710fa3438309} (gooochi browser optimizer)
      [04/26/2008, 10:54:08] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [04/26/2008, 10:54:08] - BHO 6: {abaa60d9-7d5a-4fb7-af56-e238f59ab870} ()
      [04/26/2008, 10:54:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/26/2008, 10:54:08] - Checking for HKLM\...\Winlogon\Notify\cljnoaow
      [04/26/2008, 10:54:08] - Key not found: HKLM\...\Winlogon\Notify\cljnoaow, continuing.
      [04/26/2008, 10:54:08] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [04/26/2008, 10:54:08] - BHO 8: {BDE82C27-A8C2-4C5D-A5D1-C16DA0E380C2} ()
      [04/26/2008, 10:54:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/26/2008, 10:54:08] - Checking for HKLM\...\Winlogon\Notify\byXpnMGw
      [04/26/2008, 10:54:08] - Key not found: HKLM\...\Winlogon\Notify\byXpnMGw, continuing.
      [04/26/2008, 10:54:08] - BHO 9: {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} ()
      [04/26/2008, 10:54:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/26/2008, 10:54:08] - Checking for HKLM\...\Winlogon\Notify\xxywWNFV
      [04/26/2008, 10:54:08] - Found: HKLM\...\Winlogon\Notify\xxywWNFV - This is probably Virtumundo.
      [04/26/2008, 10:54:08] - Assigning {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} MSEvents Object
      [04/26/2008, 10:54:08] - BHO list has been changed! Starting over...
      [04/26/2008, 10:54:08] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
      [04/26/2008, 10:54:08] - BHO 2: {6156A32A-C512-4e23-AA9A-2315F4265681} (Search Assistant MySidesearch)
      [04/26/2008, 10:54:08] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [04/26/2008, 10:54:08] - BHO 4: {a29b0a43-0249-c33c-9679-710fa3438309} (gooochi browser optimizer)
      [04/26/2008, 10:54:08] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [04/26/2008, 10:54:08] - BHO 6: {abaa60d9-7d5a-4fb7-af56-e238f59ab870} ()
      [04/26/2008, 10:54:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/26/2008, 10:54:08] - Checking for HKLM\...\Winlogon\Notify\cljnoaow
      [04/26/2008, 10:54:08] - Key not found: HKLM\...\Winlogon\Notify\cljnoaow, continuing.
      [04/26/2008, 10:54:08] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [04/26/2008, 10:54:08] - BHO 8: {BDE82C27-A8C2-4C5D-A5D1-C16DA0E380C2} ()
      [04/26/2008, 10:54:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/26/2008, 10:54:08] - Checking for HKLM\...\Winlogon\Notify\byXpnMGw
      [04/26/2008, 10:54:08] - Key not found: HKLM\...\Winlogon\Notify\byXpnMGw, continuing.
      [04/26/2008, 10:54:08] - BHO 9: {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} (MSEvents Object)
      [04/26/2008, 10:54:08] - ALERT: Found MSEvents Object!
      [04/26/2008, 10:54:08] - Finished Searching Browser Helper Objects
      [04/26/2008, 10:54:08] - *** Detected MSEvents Object
      [04/26/2008, 10:54:08] - Trying to remove MSEvents Object...
      [04/26/2008, 10:54:09] - Terminating Process: IEXPLORE.EXE
      [04/26/2008, 10:54:10] - Terminating Process: RUNDLL32.EXE
      [04/26/2008, 10:54:10] - Disabling Automatic Shell Restart
      [04/26/2008, 10:54:10] - Terminating Process: EXPLORER.EXE
      [04/26/2008, 10:54:10] - Suspending the NT Session Manager System Service
      [04/26/2008, 10:54:10] - Terminating Windows NT Logon/Logoff Manager
      [04/26/2008, 10:54:10] - Re-enabling Automatic Shell Restart
      [04/26/2008, 10:54:10] - File to disable: C:\WINDOWS\system32\xxywWNFV.dll
      [04/26/2008, 10:54:10] - Renaming C:\WINDOWS\system32\xxywWNFV.dll -> C:\WINDOWS\system32\xxywWNFV.dll.vir
      [04/26/2008, 10:54:11] - File successfully renamed!
      [04/26/2008, 10:54:11] - Removing HKLM\...\Browser Helper Objects\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}
      [04/26/2008, 10:54:11] - Removing HKCR\CLSID\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}
      [04/26/2008, 10:54:11] - Adding Kill Bit for ActiveX for GUID: {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}
      [04/26/2008, 10:54:11] - Deleting ATLEvents/MSEvents Registry entries
      [04/26/2008, 10:54:11] - Removing HKLM\...\Winlogon\Notify\xxywWNFV
      [04/26/2008, 10:54:11] - Searching for Browser Helper Objects:
      [04/26/2008, 10:54:11] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
      [04/26/2008, 10:54:11] - BHO 2: {6156A32A-C512-4e23-AA9A-2315F4265681} (Search Assistant MySidesearch)
      [04/26/2008, 10:54:11] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [04/26/2008, 10:54:11] - BHO 4: {a29b0a43-0249-c33c-9679-710fa3438309} (gooochi browser optimizer)
      [04/26/2008, 10:54:11] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [04/26/2008, 10:54:11] - BHO 6: {abaa60d9-7d5a-4fb7-af56-e238f59ab870} ()
      [04/26/2008, 10:54:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/26/2008, 10:54:11] - Checking for HKLM\...\Winlogon\Notify\cljnoaow
      [04/26/2008, 10:54:11] - Key not found: HKLM\...\Winlogon\Notify\cljnoaow, continuing.
      [04/26/2008, 10:54:11] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [04/26/2008, 10:54:11] - BHO 8: {BDE82C27-A8C2-4C5D-A5D1-C16DA0E380C2} ()
      [04/26/2008, 10:54:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/26/2008, 10:54:11] - Checking for HKLM\...\Winlogon\Notify\byXpnMGw
      [04/26/2008, 10:54:11] - Key not found: HKLM\...\Winlogon\Notify\byXpnMGw, continuing.
      [04/26/2008, 10:54:11] - Finished Searching Browser Helper Objects
      [04/26/2008, 10:54:11] - Finishing up...
      [04/26/2008, 10:54:11] - A restart is needed.
      [04/26/2008, 10:54:23] - Attempting to Restart via STOP error (Blue Screen!)

      Onderstaande lukte me niet in de veilige modus:
      ---RVAXO.exe Updated: 2008-04-25---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\system32\xxywWNFV.dll.vir
      C:\WINDOWS\BMaf8ad294.xml
      C:\WINDOWS\BMaf8ad294.txt
      C:\WINDOWS\system32\wGMnpXyb.ini2
      C:\Documents and Settings\Compaq_Eigenaar\ResErrors.log
      C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
      C:\WINDOWS\pskt.ini
      C:\WINDOWS\System32\{5dabfb11-436a-42ea-af51-6f9b55472cd4}.dll
      C:\WINDOWS\System32\{5dabfb11-436a-42ea-af51-6f9b55472cd4}.dll-uninst.exe
      C:\WINDOWS\b156.exe
      C:\WINDOWS\system32\winpfz33.sys
      C:\WINDOWS\system32\clkcnt.txt
      C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
      C:\WINDOWS\system32\gside.exe
      C:\WINDOWS\system32\myss_sb_uninstall.exe
      C:\WINDOWS\system32\myss_sb.dll
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\zxdnt3d.cfg
      C:\WINDOWS\system32\msnav32.ax
      C:\WINDOWS\system32\pac.txt

      Folders Found:
      C:\Program Files\CPV
      C:\Program Files\Twain
      C:\Program Files\Inet_Get_2
      C:\WINDOWS\system32\wTmp
      C:\WINDOWS\system32\IBn
      C:\WINDOWS\system32\xcsDd05
      C:\Program Files\Temporary
      C:\Program Files\Inetget2
      C:\Program Files\javacore
      C:\Documents and Settings\All Users\Application Data\SalesMon
      C:\Documents and Settings\Compaq_Eigenaar\Application Data\VeiligheidsAgent
      C:\Temp\1cb

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------

      Met DSS kreeg ik een foutmelding en vroeg microsoft of ik een rapport wilde verzenden.

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:23:58, on 26-4-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      c:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\windows\system\hpsysdrv.exe
      C:\HP\KBD\KBD.EXE
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
      C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
      C:\WINDOWS\system32\Rundll32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Casema SnelHelp\bin\mpbtn.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\HJT\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q105&bd=presario&pf=desktop
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
      O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [BMaf8ad294] Rundll32.exe "C:\WINDOWS\system32\nsamqnma.dll",s
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
      O4 - Global Startup: Casema SnelHelp.lnk = C:\Program Files\Casema SnelHelp\bin\matcli.exe
      O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180184558953
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

      --
      End of file - 6803 bytes
      • Citaat

      Comment

      • #4
        Download dit bestand: zoek.exe
        Dubbelklik het, na een tijdje opent er een logje.
        Post de inhoud van dit logje in je volgende bericht
        • Citaat

        Comment

        • #5
          ======C:\WINDOWS====
          ----a-w 0 2008-04-26 09:11:05 C:\WINDOWS\0.log
          ----a-w 207 2008-04-26 09:14:00 C:\WINDOWS\BMaf8ad294.txt
          ----a-w 0 2008-04-26 09:13:30 C:\WINDOWS\BMaf8ad294.xml
          --s-a-w 2,048 2008-04-26 09:10:22 C:\WINDOWS\bootstat.dat
          ----a-w 116 2008-04-08 17:27:51 C:\WINDOWS\NeroDigital.ini
          ----a-w 0 2008-04-25 18:50:53 C:\WINDOWS\nsreg.dat
          ----a-w 226,702 2008-04-26 09:06:14 C:\WINDOWS\ntbtlog.txt
          ----a-w 151 2008-03-23 20:11:01 C:\WINDOWS\PhotoSnapViewer.INI
          ----a-w 22 2008-04-26 09:13:30 C:\WINDOWS\pskt.ini
          ----a-w 32,562 2008-04-26 09:03:21 C:\WINDOWS\SchedLgU.Txt
          ----a-w 231 2008-04-25 18:43:34 C:\WINDOWS\SYSTEM.INI
          ----a-w 159 2008-04-26 09:10:57 C:\WINDOWS\wiadebug.log
          ----a-w 49 2008-04-26 09:10:55 C:\WINDOWS\wiaservc.log
          ----a-w 1,280,426 2008-04-26 09:12:21 C:\WINDOWS\WindowsUpdate.log

          Entries: 14 (13)
          Directories: 0 Files: 14
          Bytes: 1,542,673 Blocks: 3,019
          ======C:\WINDOWS\system32=====
          ----a-w 281,600 2008-04-25 16:59:17 C:\WINDOWS\System32\byXpnMGw.dll
          ----a-w 216,856 2008-04-09 16:04:52 C:\WINDOWS\System32\FNTCACHE.DAT
          ----a-w 400,611 2008-04-22 17:51:54 C:\WINDOWS\System32\g65.exe
          ----a-w 272,384 2008-04-22 17:55:48 C:\WINDOWS\System32\hgGxuVOG.dll
          ----a-w 200,768 2008-04-22 17:37:11 C:\WINDOWS\System32\mcntpkdn.exe
          ----a-w 19,836,024 2008-04-06 05:56:20 C:\WINDOWS\System32\MRT.exe
          ----a-w 105,536 2008-04-25 17:00:34 C:\WINDOWS\System32\nsamqnma.dll
          ----a-w 72,960 2008-04-11 14:25:08 C:\WINDOWS\System32\perfc009.dat
          ----a-w 93,218 2008-04-11 14:25:08 C:\WINDOWS\System32\perfc013.dat
          ----a-w 446,006 2008-04-11 14:25:08 C:\WINDOWS\System32\perfh009.dat
          ----a-w 514,242 2008-04-11 14:25:08 C:\WINDOWS\System32\perfh013.dat
          ----a-w 1,095,104 2008-04-11 14:25:08 C:\WINDOWS\System32\PerfStringBackup.INI
          ----a-w 803,317 2008-04-25 11:36:48 C:\WINDOWS\System32\RVAXO.bat
          ----a-w 0 2008-04-22 17:38:09 C:\WINDOWS\System32\taskkill.exe
          --sha-w 210,242 2008-04-26 09:30:06 C:\WINDOWS\System32\wGMnpXyb.ini
          --sha-w 210,014 2008-04-26 09:28:40 C:\WINDOWS\System32\wGMnpXyb.ini2
          ----a-w 1,845,376 2008-03-20 08:10:47 C:\WINDOWS\System32\win32k.sys
          ----a-w 1,158 2008-04-26 09:11:35 C:\WINDOWS\System32\wpa.dbl

          Entries: 18 (16)
          Directories: 0 Files: 18
          Bytes: 26,605,416 Blocks: 51,973
          ======C:\WINDOWS\system32\drivers=====
          ----a-w 821,856 2008-04-25 19:23:37 C:\WINDOWS\System32\drivers\avg7core.sys
          ----a-w 4,224 2008-04-25 19:23:40 C:\WINDOWS\System32\drivers\avg7rsw.sys
          ----a-w 27,776 2008-04-25 19:23:40 C:\WINDOWS\System32\drivers\avg7rsxp.sys
          ----a-w 10,760 2008-04-25 19:23:41 C:\WINDOWS\System32\drivers\avgclean.sys
          ----a-w 26,952 2008-04-25 19:23:41 C:\WINDOWS\System32\drivers\avgmfx86.sys
          ----a-w 4,960 2008-04-25 19:23:41 C:\WINDOWS\System32\drivers\avgtdi.sys

          Entries: 6 (6)
          Directories: 0 Files: 6
          Bytes: 896,528 Blocks: 1,755
          =======C:\Program Files=====
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          =======C:=====
          ----a-w 6,843 2008-04-25 18:45:45 C:\caisslog.txt
          ----a-w 1,405 2008-04-26 09:09:23 C:\firstrun5.log
          --sha-w 536,399,872 2008-04-26 09:10:20 C:\hiberfil.sys
          --sha-w 805,306,368 2008-04-26 09:10:20 C:\pagefile.sys
          ----a-w 1,540 2008-04-26 09:11:18 C:\RVAXO-results.log
          ----a-w 0 2008-04-26 09:11:18 C:\RVAXO-Vfind.log

          Entries: 6 (4)
          Directories: 0 Files: 6
          Bytes: 1,341,716,028 Blocks: 2,620,541
          ======C:\Documents and Settings\Compaq_Eigenaar\Application Data======
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          ======C:\Temp======
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          ======C:\Documents and Settings\Compaq_Eigenaar======
          ----a-w 96 2008-04-08 17:27:59 C:\Documents and Settings\Compaq_Eigenaar\default.pls
          ----a-w 174 2008-04-25 17:46:07 C:\Documents and Settings\Compaq_Eigenaar\main.log
          ----a-w 3,452,928 2008-04-26 09:09:28 C:\Documents and Settings\Compaq_Eigenaar\ntuser.dat
          ----a-w 143,360 2008-04-26 09:30:10 C:\Documents and Settings\Compaq_Eigenaar\ntuser.dat.LOG
          --sh--w 288 2008-04-26 09:03:19 C:\Documents and Settings\Compaq_Eigenaar\ntuser.ini

          Entries: 5 (4)
          Directories: 0 Files: 5
          Bytes: 3,596,846 Blocks: 7,027
          ======C:\WINDOWS\Downloaded Program Files====
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          =============
          • Citaat

          Comment

          • #6
            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            ECHO Deleting files>>log.txt
            FOR %%g in (
            "C:\Documents and Settings\Compaq_Eigenaar\Application Data\Microsoft\Windows\rayiou.exe"
            C:\WINDOWS\BMaf8ad294.txt
            C:\WINDOWS\BMaf8ad294.xml
            C:\WINDOWS\pskt.ini
            C:\WINDOWS\System32\byXpnMGw.dll
            C:\WINDOWS\System32\g65.exe
            C:\WINDOWS\System32\hgGxuVOG.dll
            C:\WINDOWS\System32\mcntpkdn.exe
            C:\WINDOWS\System32\nsamqnma.dll
            C:\WINDOWS\System32\wGMnpXyb.ini
            C:\WINDOWS\System32\wGMnpXyb.ini2) DO (
            del /q %%gNUCIA
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            REN %%g *NUCIA
            IF EXIST %%gNUCIA (
            ECHO renamed to %%gNUCIA>>log.txt)
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.

            Dubbelklik op del.bat en post het logje van del.bat
            Last edited by smeenk; 26-04-08, 10:45.
            • Citaat

            Comment

            • #7
              Deleting files
              "C:\Documents and Settings\Compaq_Eigenaar\Application Data\Microsoft\Windows\rayiou.exe" not found
              C:\WINDOWS\BMaf8ad294.txt deleted
              C:\WINDOWS\BMaf8ad294.xml deleted
              C:\WINDOWS\pskt.ini deleted
              C:\WINDOWS\System32\byXpnMGw.dll not deleted
              C:\WINDOWS\System32\g65.exe deleted
              C:\WINDOWS\System32\hgGxuVOG.dll deleted
              C:\WINDOWS\System32\mcntpkdn.exe deleted
              renamed to C:\WINDOWS\System32\nsamqnma.dllNUCIA
              C:\WINDOWS\System32\nsamqnma.dll deleted
              C:\WINDOWS\System32\wGMnpXyb.ini deleted
              C:\WINDOWS\System32\wGMnpXyb.ini2 deleted
              • Citaat

              Comment

              • #8
                Download The Avenger en pak het programma uit op je bureaublad.
                Open de map avenger en start het programma door op avenger.exe te dubbelklikken.
                In het venster Input Script here, kopieer en plak je onderstaande dikgedrukte tekst:


                Files to delete:
                C:\WINDOWS\System32\byXpnMGw.dll

                Klik daarna op de knop Execute.
                The Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
                Na reboot opent een logfile (avenger.txt). Post de inhoud van deze logfile met een nieuw logje van Hijackthis
                • Citaat

                Comment

                • #9
                  Logfile of The Avenger Version 2.0, (c) by Swandog46
                  http://swandog46.geekstogo.com

                  Platform: Windows XP

                  *******************

                  Script file opened successfully.
                  Script file read successfully.

                  Backups directory opened successfully at C:\Avenger

                  *******************

                  Beginning to process script file:

                  Rootkit scan active.
                  No rootkits found!

                  File "C:\WINDOWS\System32\byXpnMGw.dll" deleted successfully.

                  Completed script processing.

                  *******************

                  Finished! Terminate.



                  Logfile of The Avenger Version 2.0, (c) by Swandog46
                  http://swandog46.geekstogo.com

                  Platform: Windows XP

                  *******************

                  Error: Script file not found!
                  Could not open script file! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
                  --> the object does not exist

                  Abort!

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 11:57:59, on 26-4-2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  c:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                  C:\windows\system\hpsysdrv.exe
                  C:\HP\KBD\KBD.EXE
                  C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                  C:\Program Files\iTunes\iTunesHelper.exe
                  C:\WINDOWS\AGRSMMSG.exe
                  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                  C:\Program Files\iPod\bin\iPodService.exe
                  C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
                  C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
                  C:\Program Files\QuickTime\qttask.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\Google\Google Updater\GoogleUpdater.exe
                  C:\Program Files\Casema SnelHelp\bin\mpbtn.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\Program Files\Mozilla Firefox\firefox.exe
                  C:\HJT\Compaq_Eigenaar.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q105&bd=presario&pf=desktop
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O2 - BHO: gooochi browser optimizer - {a29b0a43-0249-c33c-9679-710fa3438309} - C:\WINDOWS\system32\{5dabfb11-436a-42ea-af51-6f9b55472cd4}.dll (file missing)
                  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                  O2 - BHO: {078ba95f-832e-65fa-7bf4-a5d79d06aaba} - {abaa60d9-7d5a-4fb7-af56-e238f59ab870} - C:\WINDOWS\system32\cljnoaow.dll (file missing)
                  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
                  O2 - BHO: (no name) - {D96BF496-9235-44BD-8BCC-C1A69C2D96CF} - C:\WINDOWS\system32\byXpnMGw.dll (file missing)
                  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                  O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
                  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
                  O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
                  O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
                  O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                  O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
                  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
                  O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
                  O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
                  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
                  O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
                  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                  O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
                  O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
                  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                  O4 - HKLM\..\Run: [BMaf8ad294] Rundll32.exe "C:\WINDOWS\system32\nsamqnma.dll",s
                  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                  O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
                  O4 - Global Startup: Casema SnelHelp.lnk = C:\Program Files\Casema SnelHelp\bin\matcli.exe
                  O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180184558953
                  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                  O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
                  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

                  --
                  End of file - 7743 bytes
                  • Citaat

                  Comment

                  • #10
                    Dubbelklik nu nog maar een keer op del.bat

                    Daarna mag je met Hijackthis de volgende regels nog verwijderen:
                    O2 - BHO: gooochi browser optimizer - {a29b0a43-0249-c33c-9679-710fa3438309} - C:\WINDOWS\system32\{5dabfb11-436a-42ea-af51-6f9b55472cd4}.dll (file missing)
                    O2 - BHO: {078ba95f-832e-65fa-7bf4-a5d79d06aaba} - {abaa60d9-7d5a-4fb7-af56-e238f59ab870} - C:\WINDOWS\system32\cljnoaow.dll (file missing)
                    O2 - BHO: (no name) - {D96BF496-9235-44BD-8BCC-C1A69C2D96CF} - C:\WINDOWS\system32\byXpnMGw.dll (file missing)
                    O4 - HKLM\..\Run: [BMaf8ad294] Rundll32.exe "C:\WINDOWS\system32\nsamqnma.dll",s

                    Kijk eens of je nu met Deckard's System Scanner een logje kan maken en post deze ook
                    • Citaat

                    Comment

                    • #11
                      Deleting files
                      "C:\Documents and Settings\Compaq_Eigenaar\Application Data\Microsoft\Windows\rayiou.exe" not found
                      C:\WINDOWS\BMaf8ad294.txt deleted
                      C:\WINDOWS\BMaf8ad294.xml not found
                      C:\WINDOWS\pskt.ini not found
                      C:\WINDOWS\System32\byXpnMGw.dll not found
                      C:\WINDOWS\System32\g65.exe not found
                      C:\WINDOWS\System32\hgGxuVOG.dll not found
                      C:\WINDOWS\System32\mcntpkdn.exe not found
                      C:\WINDOWS\System32\nsamqnma.dll not found
                      C:\WINDOWS\System32\wGMnpXyb.ini deleted
                      C:\WINDOWS\System32\wGMnpXyb.ini2 deleted

                      Bij DSS krijg ik nog steeds een foutrapport

                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 12:17:54, on 26-4-2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\Ati2evxx.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\Ati2evxx.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                      c:\Program Files\Common Files\LightScribe\LSSrvc.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                      C:\windows\system\hpsysdrv.exe
                      C:\HP\KBD\KBD.EXE
                      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                      C:\Program Files\iTunes\iTunesHelper.exe
                      C:\WINDOWS\AGRSMMSG.exe
                      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                      C:\Program Files\iPod\bin\iPodService.exe
                      C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
                      C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
                      C:\Program Files\QuickTime\qttask.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
                      C:\Program Files\Casema SnelHelp\bin\mpbtn.exe
                      C:\Program Files\Mozilla Firefox\firefox.exe
                      C:\HJT\HijackThis.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q105&bd=presario&pf=desktop
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
                      O2 - BHO: (no name) - {D96BF496-9235-44BD-8BCC-C1A69C2D96CF} - C:\WINDOWS\system32\byXpnMGw.dll (file missing)
                      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
                      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
                      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
                      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
                      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                      O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
                      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
                      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
                      O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
                      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
                      O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
                      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                      O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
                      O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
                      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
                      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
                      O4 - Global Startup: Casema SnelHelp.lnk = C:\Program Files\Casema SnelHelp\bin\matcli.exe
                      O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
                      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180184558953
                      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                      O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
                      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
                      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

                      --
                      End of file - 7324 bytes
                      • Citaat

                      Comment

                      • #12
                        Deze regel mag nog weg met Hijackthis:
                        O2 - BHO: (no name) - {D96BF496-9235-44BD-8BCC-C1A69C2D96CF} - C:\WINDOWS\system32\byXpnMGw.dll (file missing)

                        Je Java software is verouderd.
                        Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                        Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                        • Download Java Runtime Environment (JRE) 6u6 en bewaar het naar je Bureaublad.
                        • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                        • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                        • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                        • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                        • Herhaal dit tot alle oudere versies verdwenen zijn.
                        • Na het verwijderen van alle oudere versies, herstart je pc.
                        • Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                        Download ATF cleaner (mirror)(gemaakt door Atribune)

                        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                        Dubbelklik op ATF cleaner om het programma te starten.
                        Op het tabblad "Main", plaats je een vinkje bij Select All.
                        Klik op de knop Empty Selected.

                        Het volgende doen als je ook FireFox als browser hebt:
                        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                        Klik op de knop Empty Selected.

                        Het volgende doen als je ook Opera als browser hebt:
                        Klik op tabblad "Opera", plaats een vinkje bij Select All.
                        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        Klik op de knop Empty Selected.
                        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                        Kijk hier hoe je je systeemherstel moet uitschakelen.
                        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                        Vertel of er nog problemen zijn
                        • Citaat

                        Comment

                        • #13
                          Hartstikke bedankt, hij draait weer als een trein
                          • Citaat

                          Comment

                          • #14
                            Graag gedaan hoor
                            • Citaat

                            Comment

                            Vorige template Volgende
                            Sorry, you are not authorized to view this page
                            Working...
                            X