Mededeling

Collapse
No announcement yet.

spam pop ups

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • spam pop ups

    Nadat de problemen op mijn pc door goede hulp hier opgelost zijn hoop ik dat iemand kan helpen bij het probleem met mijn laptop:

    mijn dss log:

    Deckard's System Scanner v20071014.68
    Run by Nanda Stam on 2008-04-30 19:30:27
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    System Restore is disabled; attempting to re-enable...success.


    -- Last 1 Restore Point(s) --
    1: 2008-04-30 17:30:35 UTC - RP1 - Controlepunt van systeem


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 222 MiB (512 MiB recommended).


    -- HijackThis Clone ------------------------------------------------------------


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-04-30 19:36:19
    Platform: Windows XP Service Pack 1 (5.01.2600)
    MSIE: Internet Explorer (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\TmFuZGE\command.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\s?stem\ntvdm.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    c:\windows\system32\rwwnw64d.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
    C:\Documents and Settings\Nanda Stam\Bureaublad\dss.exe
    C:\WINDOWS\system32\lcntkkdn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV8.dll (file missing)
    O2 - BHO: {04d391bc-5e78-327a-b414-b0132e4e5627} - {7265e4e2-310b-414b-a723-87e5cb193d40} - C:\WINDOWS\system32\xbqutqyw.dll
    O2 - BHO: (no name) - {8A118E62-0078-4D8B-B45C-64DFB377B044} - C:\WINDOWS\system32\qoMccyvU.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [{5C-CC-CD-DF-DW}] c:\windows\system32\rwwnw64d.exe DWram
    O4 - HKLM\..\Run: [dcb5cc70] rundll32.exe "C:\WINDOWS\System32\nyfrkvvt.dll",b
    O4 - HKLM\..\Run: [BMdf86ffec] Rundll32.exe "C:\WINDOWS\System32\axsphkyr.dll",s
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\lcntkkdn.exe DWram
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Urrh] "C:\WINDOWS\SSTEM~1\ntvdm.exe" -vt yazb
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\lcntkkdn.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/8/B/E/8BE028EC-F134-4AA0-84AB-64F76D6B9842/wmsp9dmo.cab
    O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} () - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TmFuZGE\command.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe


    --
    End of file - 6395 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 cmdService (Command Service) - c:\windows\tmfuzge\command.exe
    R2 UserAccess7 (SecuROM User Access Service (V7)) - c:\windows\system32\uaservice7.exe


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Videocontroller (VGA-compatibel)
    Device ID: PCI\VEN_1039&DEV_6325&SUBSYS_24301509&REV_00\4&3525EC23&0&0008
    Manufacturer:
    Name: Videocontroller (VGA-compatibel)
    PNP Device ID: PCI\VEN_1039&DEV_6325&SUBSYS_24301509&REV_00\4&3525EC23&0&0008
    Service:

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: PCI-modem
    Device ID: PCI\VEN_1039&DEV_7013&SUBSYS_24701509&REV_A0\3&61AAA01&0&16
    Manufacturer:
    Name: PCI-modem
    PNP Device ID: PCI\VEN_1039&DEV_7013&SUBSYS_24701509&REV_A0\3&61AAA01&0&16
    Service:


    -- Scheduled Tasks -------------------------------------------------------------

    2005-07-10 21:13:56 352 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1113129163.job


    -- Files created between 2008-03-30 and 2008-04-30 -----------------------------

    2008-04-30 19:35:15 860 --a------ C:\WINDOWS\System32\winpfz33.sys
    2008-04-30 19:35:05 200773 --a------ C:\WINDOWS\System32\lcntkkdn.exe
    2008-04-30 19:27:09 198180 --ahs---- C:\WINDOWS\System32\UvyccMoq.ini2
    2008-04-30 19:26:08 0 d-------- C:\RVAXO
    2008-04-30 19:25:41 16384 --a------ C:\WINDOWS\System32\Restart.exe <Not Verified; WareSoft Software; restart>
    2008-04-30 19:11:15 811298 --a------ C:\WINDOWS\System32\RVAXO.bat
    2008-04-30 19:11:15 69632 --a------ C:\WINDOWS\System32\remove.exe
    2008-04-30 19:08:51 0 d-------- C:\Documents and Settings\Nanda Stam\Application Data\AdobeUM
    2008-04-30 13:02:43 41724 ---hs---- C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
    2008-04-30 13:02:39 0 d-------- C:\WINDOWS\s?stem
    2008-04-30 12:27:40 96320 --a------ C:\WINDOWS\System32\nyfrkvvt.dll
    2008-04-30 12:24:38 105536 --a------ C:\WINDOWS\System32\xbqutqyw.dll
    2008-04-30 12:23:04 104512 --a------ C:\WINDOWS\System32\axsphkyr.dll
    2008-04-28 16:57:12 108608 --a------ C:\WINDOWS\System32\iuownmad.dll
    2008-04-28 16:52:43 104000 --a------ C:\WINDOWS\System32\bmisxuaq.dll
    2008-04-28 16:51:30 49169 --a------ C:\WINDOWS\System32\jjwnw64o.exe <Not Verified; ; Browser Driver>
    2008-04-27 20:03:21 281600 --a------ C:\WINDOWS\System32\qoMccyvU.dll
    2008-04-27 19:58:35 0 d--hs---- C:\WINDOWS\TmFuZGE
    2008-04-27 19:58:34 399604 --a------ C:\WINDOWS\System32\g15.exe
    2008-04-27 19:58:24 0 d-------- C:\Temp
    2008-04-14 20:08:18 46592 --a------ C:\WINDOWS\b157.exe


    -- Find3M Report ---------------------------------------------------------------

    2008-04-30 13:02:43 0 d-------- C:\Program Files\Common Files
    2008-04-12 11:05:46 0 d-------- C:\Documents and Settings\Nanda Stam\Application Data\U3
    2008-03-30 10:36:11 364882 --a------ C:\WINDOWS\System32\perfh013.dat
    2008-03-30 10:36:11 53850 --a------ C:\WINDOWS\System32\perfc013.dat
    2008-03-04 21:32:27 105984 --a------ C:\WINDOWS\b152.exe


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
    C:\Program Files\CPV\CPV8.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7265e4e2-310b-414b-a723-87e5cb193d40}]
    30-04-2008 12:24 105536 --a------ C:\WINDOWS\System32\xbqutqyw.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A118E62-0078-4D8B-B45C-64DFB377B044}]
    27-04-2008 20:03 281600 --a------ C:\WINDOWS\System32\qoMccyvU.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [02-07-2003 14:45 C:\WINDOWS\SOUNDMAN.EXE]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27-04-2007 09:41]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [16-02-2005 18:15]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16-02-2005 18:15]
    "{5C-CC-CD-DF-DW}"="c:\windows\system32\rwwnw64d.exe"
    "dcb5cc70"="C:\WINDOWS\System32\nyfrkvvt.dll" [30-04-2008 12:27]
    "BMdf86ffec"="C:\WINDOWS\System32\axsphkyr.dll" [30-04-2008 12:23]
    "ExploreUpdSched"="C:\WINDOWS\System32\lcntkkdn.exe" [30-04-2008 19:35]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [11-09-2002 14:00]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe"
    "Urrh"="C:\WINDOWS\SSTEM~1\ntvdm.exe" [30-04-2008 13:02]

    C:\Documents and Settings\Nanda Stam\Menu Start\Programma's\Opstarten\
    Deewoo.lnk - C:\WINDOWS\system32\lcntkkdn.exe [30-4-2008 19:35:05]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14-12-2004 4:44:06]
    hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [6-4-2003 1:17:18]
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [6-4-2003 1:06:58]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13-2-2001 10:01:04]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\System32\qoMccyvU




    -- End of Deckard's System Scanner: finished at 2008-04-30 19:39:40 ------------

  • #2
    Rvaxo

    ---RVAXO.exe Updated: 2008-04-30---first run---
    Uninstallers:

    Files found:
    C:\WINDOWS\system32\ljJBuTlk.dll.vir
    C:\WINDOWS\BMdf86ffec.xml
    C:\WINDOWS\BMdf86ffec.txt
    C:\WINDOWS\system32\UvyccMoq.ini2
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\uninstall_nmon.vbs
    C:\WINDOWS\b155.exe
    C:\WINDOWS\b156.exe
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\winpfz33.sys
    C:\WINDOWS\system32\clkcnt.txt
    C:\WINDOWS\system32\atmtd.dll
    C:\WINDOWS\system32\lcntkkdn.exe
    C:\WINDOWS\system32\rwwnw64d.exe
    C:\WINDOWS\system32\zxdnt3d.cfg
    C:\WINDOWS\system32\msnav32.ax
    C:\Documents and Settings\Nanda Stam\lsass.exe
    C:\WINDOWS\mrofinu1000106.exe
    C:\WINDOWS\mrofinu1188.exe
    C:\WINDOWS\Prefetch\MROFINU.EXE-27CE430A.pf
    C:\WINDOWS\Prefetch\MROFINU1188.EXE-2D6F2449.pf
    C:\WINDOWS\system32\pac.txt
    C:\Documents and Settings\Nanda Stam\Menu Start\PROGRA~1\Opstarten\Deewoo.lnk
    C:\Documents and Settings\Nanda Stam\Menu Start\PROGRA~1\Opstarten\DW_Start.lnk

    Folders Found:
    C:\Program Files\CPV
    C:\Program Files\Svconr
    C:\WINDOWS\system32\ve2
    C:\WINDOWS\system32\p7
    C:\WINDOWS\system32\n4
    C:\WINDOWS\system32\pnVes18
    C:\Program Files\Network Monitor
    C:\Program Files\Temporary
    C:\Program Files\Inetget2
    C:\Program Files\javacore
    C:\Documents and Settings\Nanda Stam\Application Data\SpeedRunner
    C:\Temp\1cb
    C:\Documents and Settings\LocalService\Application Data\NetMon

    Hosts-file was reset, If you use a custom hosts file please replace it...

    --------------RVAXO.exe last run---------------
    Not deleted items:
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\BMdf86ffec.txt

    --------------RVAXO.exe finished----------------

    Comment


    • #3
      Vbg

      [04/30/2008, 18:51:43] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Nanda Stam\Bureaublad\VirtumundoBeGone.exe" )
      [04/30/2008, 18:51:45] - Detected System Information:
      [04/30/2008, 18:51:45] - Windows Version: 5.1.2600, Service Pack 1
      [04/30/2008, 18:51:46] - Current Username: Nanda Stam (Admin)
      [04/30/2008, 18:51:46] - Windows is in NORMAL mode.
      [04/30/2008, 18:51:46] - Searching for Browser Helper Objects:
      [04/30/2008, 18:51:46] - BHO 1: {15421B84-3488-49A7-AD18-CBF84A3EFAF6} (BHO Class)
      [04/30/2008, 18:51:46] - BHO 2: {7265e4e2-310b-414b-a723-87e5cb193d40} ()
      [04/30/2008, 18:51:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/30/2008, 18:51:47] - Checking for HKLM\...\Winlogon\Notify\xbqutqyw
      [04/30/2008, 18:51:47] - Key not found: HKLM\...\Winlogon\Notify\xbqutqyw, continuing.
      [04/30/2008, 18:51:47] - BHO 3: {D2376FB3-3D0D-414D-83AA-3AD6AD6B111F} ()
      [04/30/2008, 18:51:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/30/2008, 18:51:47] - Checking for HKLM\...\Winlogon\Notify\ljJBuTlk
      [04/30/2008, 18:51:47] - Found: HKLM\...\Winlogon\Notify\ljJBuTlk - This is probably Virtumundo.
      [04/30/2008, 18:51:48] - Assigning {D2376FB3-3D0D-414D-83AA-3AD6AD6B111F} MSEvents Object
      [04/30/2008, 18:51:48] - BHO list has been changed! Starting over...
      [04/30/2008, 18:51:48] - BHO 1: {15421B84-3488-49A7-AD18-CBF84A3EFAF6} (BHO Class)
      [04/30/2008, 18:51:48] - BHO 2: {7265e4e2-310b-414b-a723-87e5cb193d40} ()
      [04/30/2008, 18:51:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/30/2008, 18:51:48] - Checking for HKLM\...\Winlogon\Notify\xbqutqyw
      [04/30/2008, 18:51:48] - Key not found: HKLM\...\Winlogon\Notify\xbqutqyw, continuing.
      [04/30/2008, 18:51:49] - BHO 3: {D2376FB3-3D0D-414D-83AA-3AD6AD6B111F} (MSEvents Object)
      [04/30/2008, 18:51:49] - ALERT: Found MSEvents Object!
      [04/30/2008, 18:51:49] - BHO 4: {EEBDC44B-70E0-4374-921D-4EC823CFAEE3} ()
      [04/30/2008, 18:51:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/30/2008, 18:51:49] - Checking for HKLM\...\Winlogon\Notify\qoMccyvU
      [04/30/2008, 18:51:49] - Key not found: HKLM\...\Winlogon\Notify\qoMccyvU, continuing.
      [04/30/2008, 18:51:49] - Finished Searching Browser Helper Objects
      [04/30/2008, 18:51:49] - *** Detected MSEvents Object
      [04/30/2008, 18:51:50] - Trying to remove MSEvents Object...
      [04/30/2008, 18:51:51] - Terminating Process: IEXPLORE.EXE
      [04/30/2008, 18:51:54] - Terminating Process: RUNDLL32.EXE
      [04/30/2008, 18:51:55] - Disabling Automatic Shell Restart
      [04/30/2008, 18:51:55] - Terminating Process: EXPLORER.EXE
      [04/30/2008, 18:51:58] - Suspending the NT Session Manager System Service
      [04/30/2008, 18:51:58] - Terminating Windows NT Logon/Logoff Manager
      [04/30/2008, 18:51:59] - Re-enabling Automatic Shell Restart
      [04/30/2008, 18:51:59] - File to disable: C:\WINDOWS\System32\ljJBuTlk.dll
      [04/30/2008, 18:51:59] - Renaming C:\WINDOWS\System32\ljJBuTlk.dll -> C:\WINDOWS\System32\ljJBuTlk.dll.vir
      [04/30/2008, 18:52:00] - File successfully renamed!
      [04/30/2008, 18:52:00] - Removing HKLM\...\Browser Helper Objects\{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F}
      [04/30/2008, 18:52:00] - Removing HKCR\CLSID\{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F}
      [04/30/2008, 18:52:00] - Adding Kill Bit for ActiveX for GUID: {D2376FB3-3D0D-414D-83AA-3AD6AD6B111F}
      [04/30/2008, 18:52:01] - Deleting ATLEvents/MSEvents Registry entries
      [04/30/2008, 18:52:01] - Removing HKLM\...\Winlogon\Notify\ljJBuTlk
      [04/30/2008, 18:52:01] - Searching for Browser Helper Objects:
      [04/30/2008, 18:52:01] - BHO 1: {15421B84-3488-49A7-AD18-CBF84A3EFAF6} (BHO Class)
      [04/30/2008, 18:52:01] - BHO 2: {7265e4e2-310b-414b-a723-87e5cb193d40} ()
      [04/30/2008, 18:52:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/30/2008, 18:52:02] - Checking for HKLM\...\Winlogon\Notify\xbqutqyw
      [04/30/2008, 18:52:02] - Key not found: HKLM\...\Winlogon\Notify\xbqutqyw, continuing.
      [04/30/2008, 18:52:02] - BHO 3: {EEBDC44B-70E0-4374-921D-4EC823CFAEE3} ()
      [04/30/2008, 18:52:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/30/2008, 18:52:02] - Checking for HKLM\...\Winlogon\Notify\qoMccyvU
      [04/30/2008, 18:52:02] - Key not found: HKLM\...\Winlogon\Notify\qoMccyvU, continuing.
      [04/30/2008, 18:52:02] - Finished Searching Browser Helper Objects
      [04/30/2008, 18:52:02] - Finishing up...
      [04/30/2008, 18:52:03] - A restart is needed.
      [04/30/2008, 18:52:05] - Attempting to Restart via STOP error (Blue Screen!)

      [04/30/2008, 19:10:34] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Nanda Stam\Bureaublad\VirtumundoBeGone.exe" )
      [04/30/2008, 19:10:37] - Detected System Information:
      [04/30/2008, 19:10:38] - Windows Version: 5.1.2600, Service Pack 1
      [04/30/2008, 19:10:38] - Current Username: Nanda Stam (Admin)
      [04/30/2008, 19:10:38] - Windows is in NORMAL mode.
      [04/30/2008, 19:10:38] - Searching for Browser Helper Objects:
      [04/30/2008, 19:10:38] - BHO 1: {15421B84-3488-49A7-AD18-CBF84A3EFAF6} (BHO Class)
      [04/30/2008, 19:10:38] - BHO 2: {1F79A5E2-A27D-49CD-AC19-B5DD545FA9E7} ()
      [04/30/2008, 19:10:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/30/2008, 19:10:39] - Checking for HKLM\...\Winlogon\Notify\qoMccyvU
      [04/30/2008, 19:10:39] - Key not found: HKLM\...\Winlogon\Notify\qoMccyvU, continuing.
      [04/30/2008, 19:10:39] - BHO 3: {7265e4e2-310b-414b-a723-87e5cb193d40} ()
      [04/30/2008, 19:10:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/30/2008, 19:10:40] - Checking for HKLM\...\Winlogon\Notify\xbqutqyw
      [04/30/2008, 19:10:40] - Key not found: HKLM\...\Winlogon\Notify\xbqutqyw, continuing.
      [04/30/2008, 19:10:40] - Finished Searching Browser Helper Objects
      [04/30/2008, 19:10:40] - Finishing up...
      [04/30/2008, 19:10:40] - Nothing found! Exiting...

      Comment


      • #4
        Open een kladblokbestand.
        Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

        @ECHO OFF
        IF EXIST log.txt DEL log.txt
        sc stop cmdService
        sc delete cmdService
        RD /S /Q C:\WINDOWS\TmFuZGE
        RD /S /Q C:\WINDOWS\sstem~1
        ECHO Deleting files>>log.txt
        FOR %%g in (
        C:\WINDOWS\TmFuZGE\command.exe
        C:\WINDOWS\System32\winpfz33.sys
        C:\WINDOWS\System32\lcntkkdn.exe
        C:\WINDOWS\System32\UvyccMoq.ini2
        "C:\Documents and Settings\Nanda Stam\Menu Start\PROGRA~1\Opstarten\Deewoo.lnk"
        "C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe"
        C:\WINDOWS\System32\nyfrkvvt.dll
        C:\WINDOWS\System32\xbqutqyw.dll
        C:\WINDOWS\System32\axsphkyr.dll
        C:\WINDOWS\System32\iuownmad.dll
        C:\WINDOWS\System32\bmisxuaq.dll
        C:\WINDOWS\System32\jjwnw64o.exe
        C:\WINDOWS\System32\qoMccyvU.dll
        C:\WINDOWS\System32\g15.exe
        C:\WINDOWS\b157.exe
        C:\WINDOWS\b152.exe
        C:\WINDOWS\TmFuZGE
        C:\WINDOWS\sstem~1) DO (
        DEL /Q %%gNUCIA
        IF EXIST %%g (
        ATTRIB -r -s -h %%g
        DEL %%g
        REN %%g *NUCIA
        IF EXIST %%gNUCIA (
        ECHO renamed to %%gNUCIA>>log.txt)
        IF EXIST %%g (
        ECHO %%g not deleted>>log.txt
        ) ELSE (
        ECHO %%g deleted>>log.txt)
        ) ELSE (
        ECHO %%g not found>>log.txt))
        START NOTEPAD.EXE log.txt

        Ga naar Bestand - Opslaan als.
        Bij "Opslaan in" kies je: Bureaublad
        Bij "Bestandsnaam" zet je: del.bat
        Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
        Klik op de knop Opslaan.

        Dubbelklik op del.bat en post de inhoud van de logfile die opent.
        Last edited by smeenk; 30-04-08, 21:09.

        Comment


        • #5
          del.bat log

          Deleting files
          renamed to C:\WINDOWS\TmFuZGE\command.exeNUCIA
          C:\WINDOWS\TmFuZGE\command.exe deleted
          C:\WINDOWS\System32\winpfz33.sys deleted
          renamed to C:\WINDOWS\System32\lcntkkdn.exeNUCIA
          C:\WINDOWS\System32\lcntkkdn.exe deleted
          C:\WINDOWS\System32\UvyccMoq.ini2 deleted
          "C:\Documents and Settings\Nanda Stam\Menu Start\PROGRA~1\Opstarten\Deewoo.lnk" deleted
          "C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe" deleted
          renamed to C:\WINDOWS\System32\nyfrkvvt.dllNUCIA
          C:\WINDOWS\System32\nyfrkvvt.dll deleted
          renamed to C:\WINDOWS\System32\xbqutqyw.dllNUCIA
          C:\WINDOWS\System32\xbqutqyw.dll deleted
          C:\WINDOWS\System32\axsphkyr.dll deleted
          C:\WINDOWS\System32\iuownmad.dll deleted
          C:\WINDOWS\System32\bmisxuaq.dll deleted
          C:\WINDOWS\System32\jjwnw64o.exe deleted
          C:\WINDOWS\System32\qoMccyvU.dll not deleted
          C:\WINDOWS\System32\g15.exe deleted
          C:\WINDOWS\b157.exe deleted
          C:\WINDOWS\b152.exe deleted
          C:\WINDOWS\TmFuZGE not deleted
          C:\WINDOWS\sstem~1 not deleted

          Comment


          • #6
            Herstart even je computer.

            Dubbelklik na de herstart opnieuw op del.bat en post het nieuwe logje.

            Download dit bestand: zoek.exe
            Dubbelklik het, na een tijdje opent er een logje.
            Post de inhoud van dit logje in je volgende bericht

            Comment


            • #7
              del.bat

              Deleting files
              C:\WINDOWS\TmFuZGE\command.exe not found
              C:\WINDOWS\System32\winpfz33.sys not found
              C:\WINDOWS\System32\lcntkkdn.exe not found
              C:\WINDOWS\System32\UvyccMoq.ini2 not found
              "C:\Documents and Settings\Nanda Stam\Menu Start\PROGRA~1\Opstarten\Deewoo.lnk" not found
              "C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe" not found
              C:\WINDOWS\System32\nyfrkvvt.dll not found
              C:\WINDOWS\System32\xbqutqyw.dll not found
              C:\WINDOWS\System32\axsphkyr.dll not found
              C:\WINDOWS\System32\iuownmad.dll not found
              C:\WINDOWS\System32\bmisxuaq.dll not found
              C:\WINDOWS\System32\jjwnw64o.exe not found
              C:\WINDOWS\System32\qoMccyvU.dll not deleted
              C:\WINDOWS\System32\g15.exe not found
              C:\WINDOWS\b157.exe not found
              C:\WINDOWS\b152.exe not found
              C:\WINDOWS\TmFuZGE not found
              C:\WINDOWS\sstem~1 not found

              Comment


              • #8
                zoek log

                ======C:\WINDOWS====
                ----a-w 0 2008-04-30 19:45:17 C:\WINDOWS\0.log
                ----a-w 3,850 2008-04-30 18:53:46 C:\WINDOWS\BMdf86ffec.txt
                --s-a-w 2,048 2008-04-30 19:44:18 C:\WINDOWS\bootstat.dat
                ----a-w 228 2008-04-30 18:46:47 C:\WINDOWS\cookies.ini
                ----a-w 32,634 2008-04-30 17:12:42 C:\WINDOWS\SchedLgU.Txt
                ----a-w 808,470 2008-04-30 17:10:39 C:\WINDOWS\setupapi.log
                ----a-w 157 2008-04-30 19:44:55 C:\WINDOWS\wiadebug.log
                ----a-w 49 2008-04-30 19:44:48 C:\WINDOWS\wiaservc.log
                ----a-w 1,072,517 2008-04-30 19:44:52 C:\WINDOWS\WindowsUpdate.log

                Entries: 9 (8)
                Directories: 0 Files: 9
                Bytes: 1,919,953 Blocks: 3,754
                ======C:\WINDOWS\system32=====
                ----a-w 687,592 2008-04-30 17:21:12 C:\WINDOWS\System32\atmtd.dll._
                ----a-w 15 2008-04-30 18:48:35 C:\WINDOWS\System32\clkcnt.txt
                --sh--w 1,482,698 2008-04-30 10:22:20 C:\WINDOWS\System32\elylmcsv.ini
                ----a-w 128 2008-04-30 17:35:05 C:\WINDOWS\System32\msnav32.ax
                ----a-w 40,326 2008-03-30 08:36:11 C:\WINDOWS\System32\perfc009.dat
                ----a-w 53,850 2008-03-30 08:36:11 C:\WINDOWS\System32\perfc013.dat
                ----a-w 311,938 2008-03-30 08:36:11 C:\WINDOWS\System32\perfh009.dat
                ----a-w 364,882 2008-03-30 08:36:11 C:\WINDOWS\System32\perfh013.dat
                ----a-w 776,622 2008-03-30 08:36:10 C:\WINDOWS\System32\PerfStringBackup.INI
                ----a-w 281,600 2008-04-27 18:03:22 C:\WINDOWS\System32\qoMccyvU.dll
                ----a-w 811,298 2008-04-30 08:10:56 C:\WINDOWS\System32\RVAXO.bat
                ----a-w 49,175 2008-04-30 17:24:46 C:\WINDOWS\System32\rwwnw64d.exeRVAXO
                --sh--w 1,483,197 2008-04-30 18:54:03 C:\WINDOWS\System32\tvvkrfyn.ini
                --sha-w 203,748 2008-04-30 19:46:13 C:\WINDOWS\System32\UvyccMoq.ini
                ----a-w 13,646 2008-04-30 10:15:38 C:\WINDOWS\System32\wpa.dbl
                ----a-w 21 2008-04-30 17:35:08 C:\WINDOWS\System32\zxdnt3d.cfg

                Entries: 16 (13)
                Directories: 0 Files: 16
                Bytes: 6,560,736 Blocks: 12,821
                ======C:\WINDOWS\system32\drivers=====
                Entries: 0 (0)
                Directories: 0 Files: 0
                Bytes: 0 Blocks: 0
                =======C:\Program Files=====
                Entries: 0 (0)
                Directories: 0 Files: 0
                Bytes: 0 Blocks: 0
                =======C:=====
                ----a-w 1,514 2008-04-30 17:17:48 C:\firstrun5.log
                --sha-w 352,321,536 2008-04-30 19:44:13 C:\pagefile.sys
                ----a-w 1,698 2008-04-30 17:28:31 C:\RVAXO-results.log
                ----a-w 1,167 2008-04-30 17:29:38 C:\RVAXO-Vfind.log

                Entries: 4 (3)
                Directories: 0 Files: 4
                Bytes: 352,325,915 Blocks: 688,138
                ======C:\Documents and Settings\Nanda Stam\Application Data======
                Entries: 0 (0)
                Directories: 0 Files: 0
                Bytes: 0 Blocks: 0
                ======C:\Temp======
                Entries: 0 (0)
                Directories: 0 Files: 0
                Bytes: 0 Blocks: 0
                ======C:\Documents and Settings\Nanda Stam======
                ----a-w 4,718,592 2008-04-30 19:43:14 C:\Documents and Settings\Nanda Stam\ntuser.dat
                ---ha-w 57,344 2008-04-30 19:46:18 C:\Documents and Settings\Nanda Stam\ntuser.dat.LOG
                --sh--w 190 2008-04-30 19:43:14 C:\Documents and Settings\Nanda Stam\ntuser.ini

                Entries: 3 (1)
                Directories: 0 Files: 3
                Bytes: 4,776,126 Blocks: 9,329
                ======C:\WINDOWS\Downloaded Program Files====
                Entries: 0 (0)
                Directories: 0 Files: 0
                Bytes: 0 Blocks: 0
                =============

                Comment


                • #9
                  Download The Avenger en pak het programma uit op je bureaublad.
                  Open de map avenger en start het programma door op avenger.exe te dubbelklikken.
                  In het venster Input Script here, kopieer en plak je onderstaande dikgedrukte tekst:


                  Files to delete:
                  C:\WINDOWS\System32\qoMccyvU.dll


                  Klik daarna op de knop Execute.
                  The Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
                  Na reboot opent een logfile (avenger.txt). Post de inhoud van deze logfile.


                  Open een kladblokbestand.
                  Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                  @ECHO OFF
                  IF EXIST log.txt DEL log.txt
                  ECHO Deleting files>>log.txt
                  FOR %%g in (
                  C:\WINDOWS\BMdf86ffec.txt
                  C:\WINDOWS\cookies.ini
                  C:\WINDOWS\System32\atmtd.dll._
                  C:\WINDOWS\System32\clkcnt.txt
                  C:\WINDOWS\System32\elylmcsv.ini
                  C:\WINDOWS\System32\msnav32.ax
                  C:\WINDOWS\System32\qoMccyvU.dll
                  C:\WINDOWS\System32\rwwnw64d.exeRVAXO
                  C:\WINDOWS\System32\tvvkrfyn.ini
                  C:\WINDOWS\System32\UvyccMoq.ini
                  C:\WINDOWS\System32\zxdnt3d.cfg) DO (
                  DEL /Q %%gNUCIA
                  IF EXIST %%g (
                  ATTRIB -r -s -h %%g
                  DEL %%g
                  REN %%g *NUCIA
                  IF EXIST %%gNUCIA (
                  ECHO renamed to %%gNUCIA>>log.txt)
                  IF EXIST %%g (
                  ECHO %%g not deleted>>log.txt
                  ) ELSE (
                  ECHO %%g deleted>>log.txt)
                  ) ELSE (
                  ECHO %%g not found>>log.txt))
                  START NOTEPAD.EXE log.txt

                  Ga naar Bestand - Opslaan als.
                  Bij "Opslaan in" kies je: Bureaublad
                  Bij "Bestandsnaam" zet je: del.bat
                  Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                  Klik op de knop Opslaan.

                  Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                  Post nu ook een nieuw logje van Hijackthis

                  Comment


                  • #10
                    del.bat geeft geen log, hier wel de hijack

                    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
                    Scan saved at 23:07:51, on 30-4-2008
                    Platform: Windows XP SP1 (WinNT 5.01.2600)
                    Boot mode: Normal

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\System32\UAService7.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\WINDOWS\System32\wuauclt.exe
                    C:\WINDOWS\SOUNDMAN.EXE
                    C:\Program Files\QuickTime\qttask.exe
                    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                    C:\WINDOWS\System32\ctfmon.exe
                    C:\WINDOWS\System32\TSKS~1\userinit.exe
                    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
                    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
                    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
                    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
                    C:\Program Files\Internet Explorer\IEXPLORE.EXE
                    C:\Documents and Settings\Nanda Stam\Bureaublad\HiJackThis_v2.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                    O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV8.dll (file missing)
                    O2 - BHO: (no name) - {49672C9A-1414-4404-A90C-B88CB7C91A60} - C:\WINDOWS\System32\qoMccyvU.dll (file missing)
                    O2 - BHO: {04d391bc-5e78-327a-b414-b0132e4e5627} - {7265e4e2-310b-414b-a723-87e5cb193d40} - C:\WINDOWS\System32\xbqutqyw.dll (file missing)
                    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
                    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
                    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                    O4 - HKLM\..\Run: [{5C-CC-CD-DF-DW}] c:\windows\system32\rwwnw64d.exe DWram
                    O4 - HKLM\..\Run: [dcb5cc70] rundll32.exe "C:\WINDOWS\System32\nyfrkvvt.dll",b
                    O4 - HKLM\..\Run: [BMdf86ffec] Rundll32.exe "C:\WINDOWS\System32\axsphkyr.dll",s
                    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\lcntkkdn.exe DWram
                    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                    O4 - HKCU\..\Run: [Urrh] "C:\WINDOWS\System32\TSKS~1\userinit.exe" -vt yazb
                    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                    O4 - Global Startup: hp psc 1000 series.lnk = ?
                    O4 - Global Startup: hpoddt01.exe.lnk = ?
                    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
                    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
                    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
                    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
                    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
                    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
                    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
                    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

                    --
                    End of file - 4565 bytes

                    Comment


                    • #11
                      Start Hijackthis en vink alleen de volgende regels aan:
                      O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV8.dll (file missing)
                      O2 - BHO: (no name) - {49672C9A-1414-4404-A90C-B88CB7C91A60} - C:\WINDOWS\System32\qoMccyvU.dll (file missing)
                      O2 - BHO: {04d391bc-5e78-327a-b414-b0132e4e5627} - {7265e4e2-310b-414b-a723-87e5cb193d40} - C:\WINDOWS\System32\xbqutqyw.dll (file missing)
                      O4 - HKLM\..\Run: [{5C-CC-CD-DF-DW}] c:\windows\system32\rwwnw64d.exe DWram
                      O4 - HKLM\..\Run: [dcb5cc70] rundll32.exe "C:\WINDOWS\System32\nyfrkvvt.dll",b
                      O4 - HKLM\..\Run: [BMdf86ffec] Rundll32.exe "C:\WINDOWS\System32\axsphkyr.dll",s
                      O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\lcntkkdn.exe DWram
                      O4 - HKCU\..\Run: [Urrh] "C:\WINDOWS\System32\TSKS~1\userinit.exe" -vt yazb

                      Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

                      Herstart de computer.

                      Post na de herstart een nieuw logje van Hijackthis en vertel of er nog problemen zijn

                      Comment


                      • #12
                        log... geen popup meer gekregen sinds een half uur

                        Logfile of Trend Micro HijackThis v2.0.0 (BETA)
                        Scan saved at 23:25:11, on 30-4-2008
                        Platform: Windows XP SP1 (WinNT 5.01.2600)
                        Boot mode: Normal

                        Running processes:
                        C:\WINDOWS\System32\smss.exe
                        C:\WINDOWS\system32\winlogon.exe
                        C:\WINDOWS\system32\services.exe
                        C:\WINDOWS\system32\lsass.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\WINDOWS\Explorer.EXE
                        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\WINDOWS\System32\UAService7.exe
                        C:\WINDOWS\SOUNDMAN.EXE
                        C:\Program Files\QuickTime\qttask.exe
                        C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                        C:\WINDOWS\System32\ctfmon.exe
                        C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
                        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
                        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
                        C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
                        C:\Documents and Settings\Nanda Stam\Bureaublad\HiJackThis_v2.exe
                        C:\Program Files\Internet Explorer\iexplore.exe
                        C:\WINDOWS\System32\wuauclt.exe

                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
                        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                        O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
                        O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                        O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                        O4 - Global Startup: hp psc 1000 series.lnk = ?
                        O4 - Global Startup: hpoddt01.exe.lnk = ?
                        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
                        O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
                        O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
                        O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
                        O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
                        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
                        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
                        O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

                        --
                        End of file - 3771 bytes

                        Comment


                        • #13
                          Deze map mag je nog verwijderen:
                          C:\avenger

                          1) Open een kladblokbestand.
                          2) Kopieer onderstaande code in dit kladblokbestand.
                          3) Ga naar Bestand - Opslaan als.
                          -Bij "Opslaan in" kies je: Bureaublad
                          -Bij "Bestandsnaam" zet je: fix.reg
                          -Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                          -Klik op de knop Opslaan.
                          Code:
                          REGEDIT4
                          
                          [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
                          "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
                          4) Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.


                          Download ATF cleaner (mirror)(gemaakt door Atribune)

                          Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                          Dubbelklik op ATF cleaner om het programma te starten.
                          Op het tabblad "Main", plaats je een vinkje bij Select All.
                          Klik op de knop Empty Selected.

                          Het volgende doen als je ook FireFox als browser hebt:
                          Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                          Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                          (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                          Klik op de knop Empty Selected.

                          Het volgende doen als je ook Opera als browser hebt:
                          Klik op tabblad "Opera", plaats een vinkje bij Select All.
                          Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                          Klik op de knop Empty Selected.
                          Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                          Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                          Kijk hier hoe je je systeemherstel moet uitschakelen.
                          Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                          Dan denk ik dat alles weer OK is

                          Comment


                          • #14
                            Super blij

                            hoi hoi,

                            Het lijkt opgelost, nogmaals super bedankt voor je tijd en hulp!!!

                            Comment


                            • #15
                              Graag gedaan hoor

                              Nog 2 dingetjes:

                              1. Je Windows is niet up to date, installeer SP2 en daarna alle beschikbare beveiligingsupdates.
                              Een Windows die niet up to date is zal namelijk veel sneller opnieuw geïnfecteerd raken.
                              Lees hier meer: http://www.microsoft.com/netherlands...2/default.aspx

                              2. Je hebt geen antivirus geïnstalleerd, deze acht ik noodzakelijk als je met je computer het internet op wilt.
                              Kijk eens naar deze link:

                              Daar staan ook enkele gratis virusscanners

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X