Mededeling

Collapse
No announcement yet.

- Logje - Buffer OverRun/internet slaagt vast/ pop ups

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • - Logje - Buffer OverRun/internet slaagt vast/ pop ups

    Mijn Pc Doet sinds een paar dagen raar ...
    -Vaak Pop Ups
    - Krijg soms melding Visual c++ Buffer Overun explorer.exe
    - soms als ik gwn aan het surfen ben doet de pagina niets meer ...

    Hier isj mijn Logje

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:16:17, on 27/04/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Windows\mrofinu1000106.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Svconr\Svconr.exe
    C:\Users\Faes BVBA\AppData\Roaming\SpeedRunner\SpeedRunner.exe
    C:\Users\Faes BVBA\AppData\Roaming\Microsoft\Windows\lflxw.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Xfire\xfire.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\Explorer.exe
    C:\Users\Faes BVBA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SUEP2HDP\HiJackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: 89.163.145.86 nprotect.roseonlinegame.com
    O1 - Hosts: 92.48.81.32 iHabbixReloaded
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7A217872-1DFD-4BE6-99A0-37D1B47B0989} - C:\Windows\system32\pmnnOHAq.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [obgarg] "C:\Windows\System32\obgarg.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\xxyvvWnN.dll,#1
    O4 - HKLM\..\Run: [runner1] C:\Windows\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15A0 4FB79DC4617E6FD967002BA754E2C2832213329D26033AAC
    O4 - HKLM\..\Run: [BM03316152] Rundll32.exe "C:\Windows\system32\pralpjyr.dll",s
    O4 - HKLM\..\Run: [000252ce] rundll32.exe "C:\Windows\system32\gerxaadv.dll",b
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Host Process] C:\Users\Faes BVBA\svchost.exe
    O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
    O4 - HKCU\..\Run: [SpeedRunner] C:\Users\Faes BVBA\AppData\Roaming\SpeedRunner\SpeedRunner.exe
    O4 - HKCU\..\Run: [SfKg6wIP] C:\Users\Faes BVBA\AppData\Roaming\Microsoft\Windows\lflxw.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Faes BVBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O13 - Gopher Prefix:
    O15 - Trusted Zone: *.kbc.be
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5F3E7209-53A0-4C2E-8648-E3E4551FEB9A} (MLauncherUSA Class) - http://www.netgame.com/download/mglauncherusa.cab
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
    O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://legendofares.netgame.com/download/mgusamanagerv1001.cab
    O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
    O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab
    O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
    O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - http://config.hyosungcdn.com/download/hsloadset.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
    O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
    O23 - Service: Kaspersky Anti Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

    --
    End of file - 10289 bytes

  • #2
    Onderstaande instructies kan je misschien beter even uitprinten of in kladblok opslaan omdat je in veilige modus moet en dan heb je geen beschikking over internet.

    Download ATF cleaner (mirror)(gemaakt door Atribune)

    Start de computer in veilige modus.

    Zorg dat je browser, in ieder geval Internet Explorer, afgesloten is.

    Rechtsklik Hijackthis.exe en kies voor "Run as administrator"
    Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
    O2 - BHO: (no name) - {7A217872-1DFD-4BE6-99A0-37D1B47B0989} - C:\Windows\system32\pmnnOHAq.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\xxyvvWnN.dll,#1
    O4 - HKLM\..\Run: [runner1] C:\Windows\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15A0 4FB79DC4617E6FD967002BA754E2C2832213329D26033AAC
    O4 - HKLM\..\Run: [BM03316152] Rundll32.exe "C:\Windows\system32\pralpjyr.dll",s
    O4 - HKLM\..\Run: [000252ce] rundll32.exe "C:\Windows\system32\gerxaadv.dll",b
    O4 - HKCU\..\Run: [Host Process] C:\Users\Faes BVBA\svchost.exe
    O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
    O4 - HKCU\..\Run: [SpeedRunner] C:\Users\Faes BVBA\AppData\Roaming\SpeedRunner\SpeedRunner.exe
    O4 - HKCU\..\Run: [SfKg6wIP] C:\Users\Faes BVBA\AppData\Roaming\Microsoft\Windows\lflxw.exe
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)

    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop Empty Selected.
    Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

    Herstart de computer in normale modus.

    Start HijackThis opnieuw, maak een nieuwe log en post deze ter controle.

    Groeten smeenk

    Comment


    • #3
      Hoi Smeenk ,

      Ik heb probleem ,

      Ik herstart mijn pc in veilige modus ,
      ik ga naar HiJacthis
      Rechtermuisknop Uitvoeren als administrator maar dan krijg ik dit ,

      Run-Time Error ' 481 ' Invalid Picture .

      HiJackThis Werkt Wel In Normale Modus

      Dus Kweet eiglk niet wat'k moet doen nu

      Thx

      Comment


      • #4
        Probeer het maar even in normale modus, herstart daarna je computer en post een nieuw logje van Hijackthis.

        Comment


        • #5
          Nieuwe logje :


          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 19:43:16, on 28/04/2008
          Platform: Windows Vista (WinNT 6.00.1904)
          MSIE: Internet Explorer v7.00 (7.00.6000.16643)
          Boot mode: Normal

          Running processes:
          C:\Windows\system32\Dwm.exe
          C:\Windows\system32\taskeng.exe
          C:\Windows\Explorer.EXE
          C:\Program Files\Windows Defender\MSASCui.exe
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          C:\Windows\System32\rundll32.exe
          C:\Windows\System32\rundll32.exe
          C:\Windows\ehome\ehtray.exe
          C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
          C:\Program Files\Logitech\SetPoint\SetPoint.exe
          C:\Windows\System32\rundll32.exe
          C:\Windows\ehome\ehmsas.exe
          C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
          C:\Windows\System32\mobsync.exe
          C:\Program Files\Windows Media Player\wmpnscfg.exe
          C:\Windows\system32\wbem\unsecapp.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
          C:\Program Files\Windows Live\Messenger\msnmsgr.exe
          C:\Windows\system32\SearchFilterHost.exe
          C:\Users\Faes BVBA\Documents\hjt\HiJackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
          O1 - Hosts: 89.163.145.86 nprotect.roseonlinegame.com
          O1 - Hosts: 92.48.81.32 iHabbixReloaded
          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
          O2 - BHO: (no name) - {D8D88CE9-FB01-465B-8892-C2C5EC2E7348} - C:\Windows\system32\pmnnOHAq.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
          O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
          O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\Run: [obgarg] "C:\Windows\System32\obgarg.exe"
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqNHbXR.dll,#1
          O4 - HKLM\..\Run: [BM03316152] Rundll32.exe "C:\Windows\system32\chivgfjx.dll",s
          O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
          O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
          O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
          O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
          O4 - Global Startup: Logitech SetPoint.lnk = ?
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
          O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
          O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
          O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Faes BVBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
          O13 - Gopher Prefix:
          O15 - Trusted Zone: *.kbc.be
          O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
          O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
          O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
          O16 - DPF: {5F3E7209-53A0-4C2E-8648-E3E4551FEB9A} (MLauncherUSA Class) - http://www.netgame.com/download/mglauncherusa.cab
          O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
          O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
          O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
          O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
          O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://legendofares.netgame.com/download/mgusamanagerv1001.cab
          O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
          O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab
          O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
          O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
          O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
          O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
          O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - http://config.hyosungcdn.com/download/hsloadset.cab
          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
          O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
          O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
          O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
          O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Kaspersky Anti Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
          O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

          --
          End of file - 9004 bytes

          Grtz.Wouter
          Last edited by Rexke100; 28-04-08, 19:43.

          Comment


          • #6
            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            RD /S /Q "C:\Program Files\Svconr"
            RD /S /Q "C:\Users\Faes BVBA\AppData\Roaming\SpeedRunner"
            ECHO Deleting files>>log.txt
            FOR %%g in (
            C:\Windows\mrofinu1000106.exe
            C:\Windows\system32\pmnnOHAq.dll
            C:\Windows\System32\obgarg.exe
            C:\Windows\system32\ssqNHbXR.dll
            C:\Windows\system32\chivgfjx.dll
            C:\Windows\system32\pralpjyr.dll
            C:\Windows\system32\gerxaadv.dll
            "C:\Users\Faes BVBA\svchost.exe"
            "C:\Program Files\Svconr"
            "C:\Users\Faes BVBA\AppData\Roaming\SpeedRunner"
            "C:\Users\Faes BVBA\AppData\Roaming\Microsoft\Windows\lflxw.exe") DO (
            DEL /Q %%gNUCIA
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            REN %%g *NUCIA
            IF EXIST %%gNUCIA (
            ECHO renamed to %%gNUCIA>>log.txt)
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.

            Probeer del.bat eens in veilige modus.
            Dubbelklik op del.bat en post de inhoud van de logfile die opent.

            Comment


            • #7
              als ik in veilige modus opstart ,
              krijg ik op mijn bureaublad alleen hoofdprogramma's

              del.bat bv staat dan niet op mijn bureaublad
              en ik kan het ook niet vinden bij zoeken ofzo

              Comment


              • #8
                Dan del.bat gewoon in normale modus proberen(maar ik denk dat je dat al wel dacht )

                Doe ook dit:
                Download dit bestand: zoek.exe
                Dubbelklik het, na een tijdje opent er een logje.
                Post de inhoud van dit logje in je volgende bericht

                Comment


                • #9
                  Jah khad et ergens wel ged8

                  Hier Logje van Del.bat :

                  Deleting files
                  C:\Windows\mrofinu1000106.exe deleted
                  C:\Windows\system32\pmnnOHAq.dll not deleted
                  C:\Windows\System32\obgarg.exe deleted
                  C:\Windows\system32\ssqNHbXR.dll not found
                  renamed to C:\Windows\system32\chivgfjx.dllNUCIA
                  C:\Windows\system32\chivgfjx.dll deleted
                  C:\Windows\system32\pralpjyr.dll deleted
                  C:\Windows\system32\gerxaadv.dll not found
                  "C:\Users\Faes BVBA\svchost.exe" not found
                  "C:\Program Files\Svconr" not found
                  "C:\Users\Faes BVBA\AppData\Roaming\SpeedRunner" not found
                  "C:\Users\Faes BVBA\AppData\Roaming\Microsoft\Windows\lflxw.exe" not found



                  en van zoek.exe:

                  ======C:\Windows====
                  ----a-w 11,264 2008-04-11 11:48:26 C:\Windows\b138.exe
                  ----a-w 73,728 2008-04-24 18:44:20 C:\Windows\b156.exe
                  --s-a-w 67,584 2008-04-29 14:29:49 C:\Windows\bootstat.dat
                  ----a-w 462,684 2008-04-13 15:16:41 C:\Windows\DirectX.log
                  ----a-w 324 2008-04-13 15:15:16 C:\Windows\game.ini
                  ----a-w 89 2008-04-13 13:33:07 C:\Windows\GunzLauncher.INI
                  ----a-w 148,720,295 2008-04-06 11:03:28 C:\Windows\MEMORY.DMP
                  ----a-w 37,376 2008-04-24 18:46:49 C:\Windows\mrofinu1188.exe
                  ----a-w 530,124 2008-04-28 18:13:34 C:\Windows\ntbtlog.txt
                  ----a-w 21,640 2008-04-28 17:30:50 C:\Windows\PFRO.log
                  ----a-w 1,672,361 2008-04-29 07:53:26 C:\Windows\WindowsUpdate.log

                  Entries: 11 (10)
                  Directories: 0 Files: 11
                  Bytes: 151,597,469 Blocks: 296,093
                  ======C:\Windows\system32=====
                  ---ha-w 3,680 2008-04-29 14:30:05 C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
                  ---ha-w 3,680 2008-04-29 14:30:05 C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
                  --sh--w 1,483,831 2008-04-27 08:37:11 C:\Windows\System32\aytugcvy.ini
                  ----a-w 281,600 2008-04-27 08:42:12 C:\Windows\System32\cbXNDWpP.dll
                  ----a-w 104,000 2008-04-28 15:18:40 C:\Windows\System32\chivgfjx.dllNUCIA
                  ----a-w 0 2008-04-28 18:21:00 C:\Windows\System32\clkcnt.txt
                  --sh--w 1,483,711 2008-04-26 08:31:19 C:\Windows\System32\cxoggtaw.ini
                  ----a-w 105,024 2008-04-27 08:43:08 C:\Windows\System32\dfpybgge.dll
                  ----a-w 271,536 2008-04-11 14:49:25 C:\Windows\System32\FNTCACHE.DAT
                  --sh--w 1,484,919 2008-04-28 15:19:04 C:\Windows\System32\gytshdht.ini
                  ----a-w 281,600 2008-04-28 18:20:45 C:\Windows\System32\hgGATmmj.dll
                  --sh--w 1,484,859 2008-04-28 15:13:02 C:\Windows\System32\hhbkwnnx.ini
                  ----a-w 105,536 2008-04-25 19:21:07 C:\Windows\System32\idfnphjb.dll
                  ----a-w 281,088 2008-04-25 19:45:09 C:\Windows\System32\iifEWNFv.dll
                  ----a-w 15,037 2008-04-18 15:40:28 C:\Windows\System32\ijjiSetup.log
                  --sha-w 185,886 2008-04-28 18:21:09 C:\Windows\System32\jmmTAGgh.ini
                  --sha-w 345 2008-04-28 18:20:46 C:\Windows\System32\jmmTAGgh.ini2
                  ----a-w 105,536 2008-04-25 19:46:00 C:\Windows\System32\kbdswwyw.dll
                  ----a-w 19,836,024 2008-04-06 05:56:20 C:\Windows\System32\mrt.exe
                  ----a-w 104,400 2008-04-11 14:38:04 C:\Windows\System32\perfc009.dat
                  ----a-w 123,306 2008-04-11 14:38:04 C:\Windows\System32\perfc013.dat
                  ----a-w 610,618 2008-04-11 14:38:04 C:\Windows\System32\perfh009.dat
                  ----a-w 691,056 2008-04-11 14:38:04 C:\Windows\System32\perfh013.dat
                  ----a-w 1,515,942 2008-04-11 14:38:03 C:\Windows\System32\PerfStringBackup.INI
                  ----a-w 272,384 2008-04-24 18:51:25 C:\Windows\System32\pmnnOHAq.dll
                  ----a-w 107,832 2008-04-28 19:00:18 C:\Windows\System32\PnkBstrB.exe
                  --sha-w 186,325 2008-04-27 08:43:20 C:\Windows\System32\PpWDNXbc.ini
                  --sha-w 345 2008-04-27 08:42:14 C:\Windows\System32\PpWDNXbc.ini2
                  --sha-w 186,845 2008-04-28 17:32:59 C:\Windows\System32\qAHOnnmp.ini
                  --sha-w 186,837 2008-04-28 17:31:57 C:\Windows\System32\qAHOnnmp.ini2
                  ----a-w 104,000 2008-04-28 14:51:47 C:\Windows\System32\sjidrnjg.dll
                  ----a-w 95,296 2008-04-28 15:18:46 C:\Windows\System32\thdhstyg.dll
                  --sh--w 1,484,739 2008-04-28 15:05:20 C:\Windows\System32\vdaaxreg.ini
                  --sha-w 186,226 2008-04-25 19:46:16 C:\Windows\System32\vFNWEfii.ini
                  --sha-w 345 2008-04-25 19:45:20 C:\Windows\System32\vFNWEfii.ini2
                  ----a-w 38,400 2008-04-24 18:46:15 C:\Windows\System32\vTLDusqQ.dll
                  ----a-w 41,296 2008-04-04 21:31:56 C:\Windows\System32\xfcodec.dll
                  --sh--w 1,484,150 2008-04-27 12:55:29 C:\Windows\System32\yocsfrap.ini

                  Entries: 38 (22)
                  Directories: 0 Files: 38
                  Bytes: 34,938,234 Blocks: 68,255
                  ======C:\Windows\system32\drivers=====
                  --sha-w 93,313,056 2008-04-29 14:31:03 C:\Windows\System32\drivers\fidbox.dat
                  --sha-w 1,250,732 2008-04-29 07:53:38 C:\Windows\System32\drivers\fidbox.idx
                  ----a-w 91,700 2008-03-15 10:49:07 C:\Windows\System32\drivers\klin.dat
                  ----a-w 22,328 2008-04-28 19:00:24 C:\Windows\System32\drivers\PnkBstrK.sys

                  Entries: 4 (2)
                  Directories: 0 Files: 4
                  Bytes: 94,677,816 Blocks: 184,920
                  =======C:\Program Files=====
                  Entries: 0 (0)
                  Directories: 0 Files: 0
                  Bytes: 0 Blocks: 0
                  =======C:=====
                  ----a-w 395 2008-04-28 14:44:56 C:\aaw7boot.log
                  --sha-w 1,073,274,880 2008-04-29 14:29:40 C:\hiberfil.sys
                  --sha-w 2,097,152,000 2008-04-29 14:29:39 C:\pagefile.sys
                  ----a-w 0 2008-03-12 16:24:15 C:\windowsC.txt

                  Entries: 4 (2)
                  Directories: 0 Files: 4
                  Bytes: 3,170,427,275 Blocks: 6,192,241
                  ======C:\Users\Faes BVBA\AppData\Roaming======
                  ----a-w 180,736 2008-03-16 10:13:49 C:\Users\Faes BVBA\AppData\Roaming\obgarg.exe
                  ----a-w 69,120 2008-03-16 10:13:45 C:\Users\Faes BVBA\AppData\Roaming\obgargu.exe

                  Entries: 2 (2)
                  Directories: 0 Files: 2
                  Bytes: 249,856 Blocks: 488
                  ======C:\Temp======
                  Entries: 0 (0)
                  Directories: 0 Files: 0
                  Bytes: 0 Blocks: 0
                  ======C:\Users\Faes BVBA======
                  ----a-w 466 2008-04-24 18:48:22 C:\Users\Faes BVBA\426.bat
                  --sha-w 4,194,304 2008-04-29 14:31:47 C:\Users\Faes BVBA\NTUSER.DAT
                  ---ha-w 262,144 2008-04-29 14:31:47 C:\Users\Faes BVBA\ntuser.dat.LOG1
                  --sha-w 524,288 2008-04-25 19:48:09 C:\Users\Faes BVBA\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
                  ----a-w 1,773,568 2008-04-24 18:48:18 C:\Users\Faes BVBA\winlogon.exe

                  Entries: 5 (2)
                  Directories: 0 Files: 5
                  Bytes: 6,754,770 Blocks: 13,193
                  ======C:\Windows\Downloaded Program Files====
                  ----a-w 925,696 2008-04-15 19:03:16 C:\Windows\Downloaded Program Files\ijjistarter2.exe
                  ----a-w 206,128 2008-03-18 08:57:04 C:\Windows\Downloaded Program Files\sysreqlab2.dll

                  Entries: 2 (2)
                  Directories: 0 Files: 2
                  Bytes: 1,131,824 Blocks: 2,211
                  =============

                  Comment


                  • #10
                    Herstart even je computer.

                    Doe daarna dit:

                    Open een kladblokbestand.
                    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                    @ECHO OFF
                    IF EXIST log.txt DEL log.txt
                    ECHO Deleting files>>log.txt
                    FOR %%g in (
                    C:\Windows\b138.exe
                    C:\Windows\b156.exe
                    C:\Windows\mrofinu1188.exe
                    C:\Windows\System32\aytugcvy.ini
                    C:\Windows\System32\cbXNDWpP.dll
                    C:\Windows\System32\chivgfjx.dllNUCIA
                    C:\Windows\System32\clkcnt.txt
                    C:\Windows\System32\cxoggtaw.ini
                    C:\Windows\System32\dfpybgge.dll
                    C:\Windows\System32\gytshdht.ini
                    C:\Windows\System32\hgGATmmj.dll
                    C:\Windows\System32\hhbkwnnx.ini
                    C:\Windows\System32\idfnphjb.dll
                    C:\Windows\System32\iifEWNFv.dll
                    C:\Windows\System32\jmmTAGgh.ini
                    C:\Windows\System32\jmmTAGgh.ini2
                    C:\Windows\System32\kbdswwyw.dll
                    C:\Windows\System32\pmnnOHAq.dll
                    C:\Windows\System32\PpWDNXbc.ini
                    C:\Windows\System32\PpWDNXbc.ini2
                    C:\Windows\System32\qAHOnnmp.ini
                    C:\Windows\System32\qAHOnnmp.ini2
                    C:\Windows\System32\sjidrnjg.dll
                    C:\Windows\System32\thdhstyg.dll
                    C:\Windows\System32\vdaaxreg.ini
                    C:\Windows\System32\vFNWEfii.ini
                    C:\Windows\System32\vFNWEfii.ini2
                    C:\Windows\System32\vTLDusqQ.dll
                    "C:\Windows\System32\yocsfrap.ini
                    "C:\Users\Faes BVBA\AppData\Roaming\obgarg.exe"
                    "C:\Users\Faes BVBA\AppData\Roaming\obgargu.exe"
                    "C:\Users\Faes BVBA\426.bat"
                    "C:\Users\Faes BVBA\winlogon.exe") DO (
                    DEL /Q %%gNUCIA
                    IF EXIST %%g (
                    ATTRIB -r -s -h %%g
                    DEL %%g
                    REN %%g *NUCIA
                    IF EXIST %%gNUCIA (
                    ECHO renamed to %%gNUCIA>>log.txt)
                    IF EXIST %%g (
                    ECHO %%g not deleted>>log.txt
                    ) ELSE (
                    ECHO %%g deleted>>log.txt)
                    ) ELSE (
                    ECHO %%g not found>>log.txt))
                    START NOTEPAD.EXE log.txt

                    Ga naar Bestand - Opslaan als.
                    Bij "Opslaan in" kies je: Bureaublad
                    Bij "Bestandsnaam" zet je: del.bat
                    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                    Klik op de knop Opslaan.

                    Probeer del.bat eens in veilige modus.
                    Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                    Herstart je computer en post ook een nieuw logje van Hijackthis

                    Comment


                    • #11
                      ( Kon het niet doen in veilige modus dus in normale modus gedaan )

                      Hier Logje van del.bat ( ik post zo van hijackthis na restart )

                      Deleting files
                      C:\Windows\b138.exe deleted
                      C:\Windows\b156.exe deleted
                      C:\Windows\mrofinu1188.exe deleted
                      C:\Windows\System32\aytugcvy.ini deleted
                      C:\Windows\System32\cbXNDWpP.dll deleted
                      C:\Windows\System32\chivgfjx.dllNUCIA deleted
                      C:\Windows\System32\clkcnt.txt deleted
                      C:\Windows\System32\cxoggtaw.ini deleted
                      C:\Windows\System32\dfpybgge.dll deleted
                      C:\Windows\System32\gytshdht.ini deleted
                      C:\Windows\System32\hgGATmmj.dll deleted
                      C:\Windows\System32\hhbkwnnx.ini deleted
                      C:\Windows\System32\idfnphjb.dll deleted
                      C:\Windows\System32\iifEWNFv.dll deleted
                      C:\Windows\System32\jmmTAGgh.ini deleted
                      C:\Windows\System32\jmmTAGgh.ini2 deleted
                      C:\Windows\System32\kbdswwyw.dll deleted
                      C:\Windows\System32\pmnnOHAq.dll not deleted
                      C:\Windows\System32\PpWDNXbc.ini deleted
                      C:\Windows\System32\PpWDNXbc.ini2 deleted
                      C:\Windows\System32\qAHOnnmp.ini deleted
                      C:\Windows\System32\qAHOnnmp.ini2 deleted
                      C:\Windows\System32\sjidrnjg.dll deleted
                      C:\Windows\System32\thdhstyg.dll deleted
                      C:\Windows\System32\vdaaxreg.ini deleted
                      C:\Windows\System32\vFNWEfii.ini deleted
                      C:\Windows\System32\vFNWEfii.ini2 deleted
                      C:\Windows\System32\vTLDusqQ.dll not found
                      "C:\Windows\System32\yocsfrap.ini "C:\Users\Faes not found
                      BVBA\AppData\Roaming\obgarg.exe" "C:\Users\Faes not found
                      BVBA\AppData\Roaming\obgargu.exe" "C:\Users\Faes not found
                      BVBA\426.bat" "C:\Users\Faes not found
                      BVBA\winlogon.exe" not found

                      Comment


                      • #12
                        Logje Van HiJackThis:


                        Logfile of Trend Micro HijackThis v2.0.2
                        Scan saved at 17:04:51, on 29/04/2008
                        Platform: Windows Vista (WinNT 6.00.1904)
                        MSIE: Internet Explorer v7.00 (7.00.6000.16643)
                        Boot mode: Normal

                        Running processes:
                        C:\Windows\system32\taskeng.exe
                        C:\Windows\system32\Dwm.exe
                        C:\Windows\Explorer.EXE
                        C:\Program Files\Windows Defender\MSASCui.exe
                        C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                        C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
                        C:\Windows\System32\rundll32.exe
                        C:\Windows\System32\rundll32.exe
                        C:\Windows\ehome\ehtray.exe
                        C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
                        C:\Program Files\Logitech\SetPoint\SetPoint.exe
                        C:\Windows\System32\rundll32.exe
                        C:\Program Files\Internet Explorer\iexplore.exe
                        C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
                        C:\Program Files\Windows Media Player\wmpnscfg.exe
                        C:\Windows\ehome\ehmsas.exe
                        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                        C:\Users\Faes BVBA\Documents\hjt\HiJackThis\HijackThis.exe
                        C:\Windows\system32\wbem\unsecapp.exe
                        C:\Program Files\Internet Explorer\iexplore.exe

                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                        O1 - Hosts: 89.163.145.86 nprotect.roseonlinegame.com
                        O1 - Hosts: 92.48.81.32 iHabbixReloaded
                        O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                        O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
                        O2 - BHO: (no name) - {69BC5BC1-CB6F-4EE4-8CB8-8C4F0C09249C} - C:\Windows\system32\pmnnOHAq.dll
                        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                        O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                        O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
                        O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
                        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                        O4 - HKLM\..\Run: [obgarg] "C:\Windows\System32\obgarg.exe"
                        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                        O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
                        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
                        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
                        O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnlKBQI.dll,#1
                        O4 - HKLM\..\Run: [BM03316152] Rundll32.exe "C:\Windows\system32\qxrhavwu.dll",s
                        O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
                        O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
                        O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                        O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                        O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                        O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
                        O4 - Global Startup: Logitech SetPoint.lnk = ?
                        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                        O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
                        O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                        O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                        O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Faes BVBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
                        O13 - Gopher Prefix:
                        O15 - Trusted Zone: *.kbc.be
                        O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                        O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
                        O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
                        O16 - DPF: {5F3E7209-53A0-4C2E-8648-E3E4551FEB9A} (MLauncherUSA Class) - http://www.netgame.com/download/mglauncherusa.cab
                        O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
                        O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
                        O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
                        O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
                        O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://legendofares.netgame.com/download/mgusamanagerv1001.cab
                        O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
                        O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab
                        O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
                        O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
                        O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
                        O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
                        O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
                        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                        O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - http://config.hyosungcdn.com/download/hsloadset.cab
                        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                        O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
                        O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
                        O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                        O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
                        O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                        O23 - Service: Kaspersky Anti Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
                        O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
                        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                        O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
                        O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

                        --
                        End of file - 9057 bytes

                        Comment


                        • #13
                          Er zat nog een klein foutje in

                          Open een kladblokbestand.
                          Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                          @ECHO OFF
                          IF EXIST log.txt DEL log.txt
                          ECHO Deleting files>>log.txt
                          FOR %%g in (
                          C:\Windows\System32\pmnnOHAq.dll
                          C:\Windows\System32\qAHOnnmp.ini
                          C:\Windows\System32\qAHOnnmp.ini2
                          C:\Windows\System32\yocsfrap.ini
                          "C:\Users\Faes BVBA\AppData\Roaming\obgarg.exe"
                          "C:\Users\Faes BVBA\AppData\Roaming\obgargu.exe"
                          "C:\Users\Faes BVBA\426.bat"
                          "C:\Users\Faes BVBA\winlogon.exe") DO (
                          DEL /Q %%gNUCIA
                          IF EXIST %%g (
                          ATTRIB -r -s -h %%g
                          DEL %%g
                          REN %%g *NUCIA
                          IF EXIST %%gNUCIA (
                          ECHO renamed to %%gNUCIA>>log.txt)
                          IF EXIST %%g (
                          ECHO %%g not deleted>>log.txt
                          ) ELSE (
                          ECHO %%g deleted>>log.txt)
                          ) ELSE (
                          ECHO %%g not found>>log.txt))
                          START NOTEPAD.EXE log.txt

                          Ga naar Bestand - Opslaan als.
                          Bij "Opslaan in" kies je: Bureaublad
                          Bij "Bestandsnaam" zet je: del.bat
                          Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                          Klik op de knop Opslaan.

                          Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                          Comment


                          • #14
                            Foutjes Gebeuren

                            hier logje :

                            Deleting files
                            C:\Windows\System32\pmnnOHAq.dll not deleted
                            C:\Windows\System32\qAHOnnmp.ini deleted
                            C:\Windows\System32\qAHOnnmp.ini2 deleted
                            C:\Windows\System32\yocsfrap.ini deleted
                            "C:\Users\Faes BVBA\AppData\Roaming\obgarg.exe" deleted
                            "C:\Users\Faes BVBA\AppData\Roaming\obgargu.exe" deleted
                            "C:\Users\Faes BVBA\426.bat" deleted
                            "C:\Users\Faes BVBA\winlogon.exe" deleted

                            Comment


                            • #15
                              Download The Avenger en pak het programma uit op je bureaublad.
                              Open de map avenger en start het programma door op avenger.exe te dubbelklikken.
                              In het venster Input Script here, kopieer en plak je onderstaande dikgedrukte tekst:


                              Files to delete:
                              C:\Windows\System32\pmnnOHAq.dll
                              C:\Windows\System32\qAHOnnmp.ini
                              C:\Windows\System32\qAHOnnmp.ini2


                              Klik daarna op de knop Execute.
                              The Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
                              Na reboot opent een logfile (avenger.txt). Post de inhoud van deze logfile met een nieuw logje van Hijackthis

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X